Redaction can be tricky. There are a number of ways to do it, but without proper care, underlying information can be left vulnerable. If you want to see an example of this, you don’t need to go farther than to Google, where a search for “redaction failures” will bring up countless results.

Generally, redactions are used for two main purposes, to protect personally identifiable information and to shield information not intended for public consumption. There are certainly other use cases as we’ve seen with the removal of discriminatory restrictive covenants from land records, but an improper redaction in that field wouldn’t be quite as newsworthy as the others.

The latest public instance of a redaction failing comes from the airline industry, where a lawsuit surrounding JetBlue’s planned acquisition of Spirit Airlines used improper techniques. The redacted item in question was a planned pricing schedule that reflected fare increases for Spirit flights. The fare table was accessible by using one of the most common and simple tricks for seeing information intended for redaction, copying and pasting it into a new document.

What makes this case odd is that it was a group of consumer plaintiffs rather than the airline that submitted the improperly redacted information. It’s going to be rare that someone outside of yourself or your company is who you need to worry about with your sensitive data, but it’s clearly something to be aware of whether someone has your corporate plans or social security number.

At the same time that one airline’s trade secrets are being revealed, another has decided that they should be redacting more. American Airlines recently started truncating frequent flyer numbers on their boarding passes. Rather than covering actual data with a black box like a redaction, truncation never shows the sensitive information to begin with, by either displaying a small, unidentifiable portion of data or replacing most of the data with new characters, like asterisks. The remaining characters are usually recognizable to the owner of the data, such as the last four digits of a credit card number.

While a frequent flyer number isn’t as dangerous to lose as a social security number, it’s still a nice extra layer of protection for those of us who might misplace our boarding pass.

When executed properly, either truncating or redacting information should do the trick. For one-off filings or documents where there is nuance to deciding what should or shouldn’t be made public, it’s usually best to identify redactions manually and to test that the underlying information can’t be accessed.

Of course, this isn’t feasible when there are numerous daily filings or large historical projects that may contain personally identifiable information. That’s where software like Extract’s ID Shield comes into play. Our automated redaction software converts documents to text and identifies items for redaction based on the structure of the information, clues found within the document, and past experience finding these data types.

If you’re in need of secure and accurate redaction solutions, send us an email or give us a call and we’d be happy to see what we can do to help.

About the Author: Chris Mack

Chris is a Marketing Manager at Extract with experience in product development, data analysis, and both traditional and digital marketing. Chris received his bachelor’s degree in English from Bucknell University and has an MBA from the University of Notre Dame. A passionate marketer, Chris strives to make complex ideas more accessible to those around him in a compelling way.