To facilitate enterprise operations it’s often necessary to share data with business partners, third-party vendors or even competitors. Just as critical, however, is ensuring that shared information doesn’t accidentally expose sensitive customer data. Failure to optimally protect these digital assets could result in severe reputational damage, litigation, non-compliance fines and penalties, and fines or sanctions under evolving legislation such as GDPR or the CCPA.
Considering what is at stake, redaction – the process of editing documents to obscure sensitive information – should be a key component of customer data defense.
Keep It Secret, Keep it Safe – The Case for Effective Redaction
Privacy concerns push companies to take measures for better data management and security. This is because many servers and company databases are vulnerable to attacks and data theft which could leak information and end up causing harm to not only the business but the employees as well. The use of data management platforms like the ones available at adverity.com, for instance, enables businesses to restrict access to data to authorized individuals. This also facilitates an improvement in different processes in the company.
Effective redaction is essential to balance the demands of process and privacy. For example, many legal or financial transactions require organizations to share critical data that could expose those third parties to compliance challenges if client information isn’t reliably redacted. The right redaction approach ensures that recipients aren’t able to view protected information – without compromising the access or analysis abilities of first-party data owners.
Reliable redaction also forms a key component of defensive due diligence under industry-driven compliance rules and national data privacy regulations. While specific obligations vary under various rulesets, they share a common theme: reasonable security. If data breaches occur or privacy challenges arise, organizations must provide proof of reasonable security precautions. Along with efforts around reliable data encryption and robust access control, redaction is an essential aspect of this reasonable security approach.
Redaction Techniques: Nothing to See Here
While the goal of data redaction is straightforward – effectively editing documents to ensure that only the right people have access to the right data at the right time – there are multiple of execution, including:
- Simple masking
One of the first redaction techniques developed, simple masking replaces sensitive data with a non-information constant such as a set of symbols (XXX-XXX-XXXX) or a black bar. While this provides some protection for sensitive data, many simple masking solutions can be circumvented using the right tools.
- Manual redaction
Manual options that “burn in” obfuscation offer more control over data redaction and reduce the risk of accidental exposure. However, users must manually search for specific terms or values and then replace them, which is both time- and resource-intensive.
- Pattern matching
Pattern matching solutions streamline the redaction process by allowing staff to enter a specific data format, such as a Social Security Number, which is then identified and redacted across entire documents.
- AI-driven analysis
As redaction has become a top priority for organizations, new techniques have emerged to help automate this process at scale. Artificial intelligence (AI) enabled virtual data rooms (VDRs) make it possible to identify and redact multiple data patterns across critical documents. This AI-powered option also delivers robust versioning support, allowing staff to save multiple versions of the same file with differing levels of redaction depending on their intended use and recipient.
Effective data redaction is now a key component of customer data defense and is critical to satisfy reasonable security requirements. The right tools can help reduce redaction complexity, improve obfuscation efficiency and automate this protective process.
Peter Braverman is Vice President of Sales for Donnelley Financial Solutions™, a financial software solutions company. He has 16 years of experience in the industry and focuses on selling SaaS solutions in the Capital Markets industry.