Despite many well-publicized gaffes in legal, political and business arenas, many folks do not properly electronically redact sensitive information before letting a document loose into the wild. Supposedly blacked-out or whited-out text can remain in a document. A mere overlay can be readily removed, uncovering the text one intended to hide. And secret content can still be text-searchable and thus also copy-able/paste-able.
This overview is meant to help you become – in the terminology of the old children’s show Romper Room — a “do-bee” and not a “don’t-bee”. If your interest gets piqued in redaction or in related “metadata” issues in our era of National Security Administration (NSA)/PRISM and Petraeus/Broadwell, sign up for an upcoming Lorman webinar (October 24, 2013) by the “Guru of Metadata” (yours truly). That presentation — chock full of live streaming demos — will be my 41st external metadata presentation over the past seven years.
Reasons to Redact
The portion(s) of a document’s contents containing highly confidential and/or sensitive information of any sort is not meant to be exposed. Such concerns can arise in the political and diplomatic spheres. They can also be present in the corporate world where no loyal executive or staff member wants to disclose his or her company’s proprietary secrets.
In a lawsuit, depending on the context, there can be one to many substantive and/or procedural legal rules that forbid disclosure (yes; this is a “law” sentence; so I felt complled to sprinkle in an “and/or) . Examples of categories that can be subject to a protective order include:
- an individual’s personally identifiable information, e.g., details of a financial, health, medical or insurance nature;
- a child’s or victim’s identity
- trade secret information that could lose its value or protected nature if not properly handled;
- attorney work-product; and
information covered by various privileges, such as:
- “state secrets;”
- clergy-penitent; and
- that one often invoked in the Nixonian and Clintonian eras — “executive privilege.”
Since its enactment on December 1, 2007, Federal Rule of Civil Procedure 5.2 has, with certain enumerated exceptions, required the redaction of any “filing that contains an individual’s social-security number, taxpayer-identification number, or birth date, the name of an individual known to be a minor, or a financial-account number.”
In the lawsuit context, on many an occasion a litigant’s counsel’s mishandled electronic redaction has exposed information on an adversary, co-defendant or other type of party. Examples include: the Federal Trade Commission that exposed information on Whole Foods; a federal court that exposed some of Facebook’s confidential numbers; the federal prosecutors in the BALCO/Bonds case; ATT’s counsel’s exposure of the NSA’s “secret room” information in a brief filed in a telecom case that ultimately included the NSA as a defendant; Plaintiffs’ counsel in an employemnt case against GE; and Zynga’s counsel in a lawsuit with Electronic Arts (EA). After a redaction snafu, it can be difficult to settle a case or have a cohesive relationship with the other side — or regain credibility with a judge.
Outside of the lawsuit realm, perhaps the most fanous redaction gaffe of all occurred in December 2009, when the Transportation Security Administration (TSA) apparently used outdated software tools that did nothing to actually keep from exposure various Department of Homeland Security (DHS) parameters as to airport secuirty screenings.
Panning out to the other threat of non-scrubbed metadata (such as improerly handled Tracked Changes), many powerful entities and individuals have been laid low. Among others, the metadata cobra has struck the UN Secretary General, the British Prime Minister’s Office (in the “Downing Street Memo”), the Republican Social Security Administration, the Democratic National Committee, the California Attorney General’s Office, the Motion Picture Association of America (MPAA) and SCO Group.
If you are as [sadistic] [curious] [educational] as I, then you will find links to all these tales in this Metadata slide deck (5/2/13) by me and well known eDiscovery attorney and blogger Perry Segal.” Drum roll, please . . . .
Redaction Do’s and Don’ts
In eDiscovery, make sure: you or your trusted tech person knows how to use the appropriate software and that, before you send data to the other side, some Quality Control (QC) has occurred, including as to the stipulated specs as to format(s) of exchange. As to day-to-day ad hoc redactions, consider these guidelines:
- Microsoft Word’s borders/shading
- Microsoft Word’s highlighter
- Adobe Acrobat’s Rectangle tool
- Adobe Acrobat’s Text Box tool
* UNLESS YOU’RE GOING TO GO “LOW-TECH” BY PRINTING TO PAPER, SCANNING AND OCR’ING]: