Make Email Redaction Part of Your Data Security Plan

Redaction refers to the process of removing or otherwise obscuring information — typically written text — from documents and other files. A common practice with legal documents, redaction helps prevent information that is deemed sensitive or confidential from being shared with unauthorized parties, especially in situations when a document is distributed or otherwise made publicly available.

There are many different forms of redaction, with document, PDF and email redaction being most common. Email redaction, in particular, can be used to safeguard both internal and external communications, preventing confidential company information or PII from entering into the wrong hands. Email redaction is especially useful for legal proceedings, in which files must be reproduced in their original context and format.

As useful as email redaction can be, it’s historically been a tedious, manual process — one that can take hours to complete depending on the number of emails that need to be redacted. Fortunately, email redaction is easier now than ever before thanks to software solutions with built-in tools for automated redaction. For information on how to find the right redaction software for your organization, we recommend reading our blog post on the subject.

Though the concept of redaction is fairly straightforward, there are a few different ways to approach redacting emails:

• Manual Redaction: As you can likely infer, manual redaction refers to the process of redacting emails by hand. This might entail printing out copies of email and either cutting or blacking out sections of text and/or images, or masking sections of text and/or images digitally using a software program.
• Find and Replace: Another form of manual redaction, individuals can copy and paste email text into a word processor and redact individual words or lines of text by replacing them with some version of the phrase “Text Redacted.” Most word processors also include a functionality that enables users to find and automatically replace every instance of a word or phrase, making email redaction faster and more efficient.It’s important to note, though, that this redaction technique should not be used when preparing emails for legal proceedings, as most cases require emails to be presented in their original context and file format.
• Page Region: Using email redaction software, users can define a region within an email — in other words, select a section of the file — and all text and/or images within that region will be automatically redacted.
• Pattern Matching: Certain email redaction software programs are able to recognize patterns within text and automatically redact them upon request; common patterns include Social Security numbers, home address, email addresses, phone numbers, credit card numbers and dates. Certain solutions even enable users to define their own custom patterns for simplified redaction.

Email redaction is an incredibly simple yet effective way to prevent PII and confidential, classified or otherwise sensitive company information from being shared with unauthorized — and potentially malicious — parties.

This additional layer of security helps organizations protect the personal privacy of their consumers, thereby increasing consumer confidence, securing longer-term loyalty, boosting brand reputations, and enabling companies to build stronger, longer lasting relationships with the people they serve. Email redaction is also essential to ensuring regulatory compliance, as most industry-specific regulations include language about shielding and securing PII.

For an example of this, look no further than the Health Information Portability and Accountability Act, more commonly referred to as HIPAA.

HIPAA “protects all ‘individually identifiable health information’ held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral.” In this case, “covered entity” refers to healthcare providers; “business associate” refers to any person or organization that provides services on behalf of a healthcare provider; and “any form or media, whether electronic, paper, or oral” includes email.

There are severe consequences to HIPAA non-compliance: Violators could find themselves subject to a maximum fine of $1.5 million or even criminal penalties. Given the seriousness of the situation, healthcare providers and their business associates must make every effort to safeguard patients’ individually identifiable health information, which includes redacting that data in email communications.

There really is no shortage of real-world examples in which an automated email redaction solution would’ve helped an individual or an organization avoid painful consequences, including the Clinton email controversy, the Giuliani redaction failure and the Facebook class action lawsuit story. At the very least, automated redaction enables companies to protect trade secrets and other confidential information contained in emails from being exposed and makes preparing for pending litigation faster and more efficient.

There are generally five touchpoints where it makes sense to redact emails:

• Upon Receipt: You can redact any sensitive information contained within an email as soon as it reaches your inbox.
• Prior to Sending: It’s always a good idea to take a moment to review your email and redact any confidential details before sending it out.
• After Work Is Complete: If you required access to PII or company information in order to complete a project, and that project is now complete, you may want to consider redacting that information to ensure its safekeeping.
• Prior to Archiving: Archiving is an essential function for any organization, one that supports general record keeping, eDiscovery and compliance initiatives. If your business archives emails (and it should), this is a good time to redact confidential data. Certain archiving platforms, such as Intradyn’s email archiving software, include built-in redaction tools for this exact purpose.
• Prior to Disposal: There may come a time when you need to dispose of old emails, either to free up storage or because your business no longer has a need for them. Redacting email content in its entirety prior to disposal renders those emails — and any PII or company information they may contain — totally inaccessible to those who would try to recover them after deletion.

Intradyn’s archiving platform makes redacting emails easy. It’s simple:

• Locate the email you need to redact from within your archive using our powerful search functionality
• Highlight the specific line of text you wish to redact, or redact the entire document
• Add an annotation explaining the reason for redaction
• Save your changes, which will then be automatically applied to the file

Email redaction is just one of the many ways Intradyn supports eDiscovery, regulatory compliance, data security and more — contact us today to learn more about how your organization can benefit from our archiving solutions.