Facit’s recent experience in the data redaction arena is that enterprises are reversing their thinking about some aspects of Cloud migration. In the Healthcare sector Hospital Trusts insist that no data leaves hospital-controlled IT environments. In Retail, the best-practice approach of most Compliance Officers today is that data processing and privacy redaction should be handled entirely in-house.
Survey results of execs surveyed about cloud data, TechRepublic, 2019.
59% concerned about data security
54% concerned about data compliance
Company policy dictates data remains in-house
For organisations with strict in-house data processing policies, the notion of uploading data and documents to Cloud solutions in order to redact sensitive data is simply out of the question.
The challenge of selective data privacy
Reports of data leaks in the press highlight how difficult it is to identify and protect sensitive content. Data redaction is challenging because it is intended to protect documents by removing sensitive portions selectively, rather than by quarantining or encrypting the whole document.
Complexity of document and data formats
For companies that receive only a handful of simple data subject access requests (DSARs), Cloud redaction tools may present themselves as quick fixes. In reality, the data professional still has to do the redaction work themselves and Cloud redaction can be more time-consuming than legacy methods. While a few simple documents can be handled in the Cloud, the increasing complexity of document formats frequently makes it impossible for users to redact data quickly in the Cloud. Multiple emails, MS Office documents and spreadsheets, plus the growing amount of data associated with DSARs, add to the challenges associated with redaction.
Potential Cloud redaction degradation
GDPR requirements do not allow for skipped confidential text fields or reversible data. Cloud data redaction contains potential risks, such as:
Feature loss: Data search and remove functions degraded.
Bandwidth: Cloud data processing is slow.
Redaction assurance: Unable to redact all document types and metadata.
Scalability: Unable to handle DSARs containing 1000s of documents.
Security issues: Cloud-based systems are less secure than in-house systems
Leaked information: the ultimate data privacy worry!
It may seem simple enough to redact confidential information in a document during a DSAR or eDiscovery process. However, a black box drawn across sensitive text is not as reliable as it looks. In 2008, the US government proved quite capable of leaking its own secrets. Government workers preparing the release of a Transportation Security Administration manual that details airport screening procedures chose an unreliable redaction method for a .pdf file. As a result, the full text of a document considered “sensitive security information” was leaked inadvertently.
Native files, text files, linked data – “back door” risks
The eye can be deceived; that black box again! Even when a document has a redaction box ‘burnt in’ there are risks of data disclosure via text files extracted from the native file or generated via Optical Character Recognition (OCR), if they are not updated to remove the redacted text. In other words, if files associated with the redacted versions of documents are not updated confidential information can slip through the “back door”.
Using Facit technology
Facit Data Systems helps organisations worldwide to automate complex document data redaction in all document formats. Facit Data Redaction goes far beyond masking sensitive data with a black box: Facit completely removes private or problematic data in seconds so that there is 0% risk of a privacy breach.