ThinkTank_Logo_black
The wait is over
Ailance™ ThinkTank is here!

Implement GDPR-compliant redaction of documents and images

The redaction of text and images should be GDPR-compliant.
Categories:

Before passing on or publishing documents, files or images, it is often necessary to remove personal data or make it unrecognizable. This is usually done by redaction. If an error is made, it is almost certain that there has been a breach of data protection. Which sources of error occur particularly frequently in practice and how redaction can be implemented in compliance with the GDPR.

Redaction as TOM according to Art. 25 GDPR

Redaction is a technical and organizational measure (TOM) in accordance with Art. 25 GDPR. This TOM is used, for example, when a company or authority publishes or passes on documents that contain third-party data worthy of protection.

However, if the redaction can be reversed by simple measures and the personal data can be read again, a data breach has occurred. The data breach then leads to a reporting obligation to the competent supervisory authority in accordance with Art. 33 GDPR.

Companies should therefore provide clear guidelines and training for the handling of documents and metadata as well as for the implementation of redactions. In this way, GDPR compliance of data transfers or publications can be ensured. The Saxon Data Protection Commissioner and the Liechtenstein Data Protection Authority have summarized the most important points in this regard.

Digital redaction of documents and texts

Generally recommended: Deleting or removing the text passage in question is preferable to optical masking. This puts you on the safe side.

It is rather unsuitable to simply set the background color to black or to place graphic markers over the text. With both measures, the affected text passage usually remains completely legible without much effort.

In a Word document, the affected text passages can be replaced with "xxx" or another sample text, for example. In a PDF, confidential images and text can be removed or made unrecognizable using the "Redact PDF file" tool. This is possible with Adobe Acrobat, for example.

The Liechtenstein Data Protection Authority recommends installing redaction software locally and avoiding online services where PDF files first have to be uploaded and then redacted.

For smaller volumes of documents, it is also advisable to first redact the document on the computer, then print out the redacted version and scan this printout back in. Although this method is cumbersome, it is considered particularly secure.

Don't forget! Remove metadata

Metadata (file properties) is often forgotten when redacting. However, they can contain far-reaching information: in the case of images, for example, details of the author or GPS position.

Office metadata can also contain a change history, among other things, so the redacted Office document should not be passed on in its original file format (e.g. .docx). Instead, the file could be saved or exported as a PDF, for example. If an editable Word version is to be passed on, it is advisable to copy the entire anonymized text into a new document and only pass on this new document. In addition, Microsoft Office, for example, offers an integrated function for removing unrecognizable metadata or personal information stored in the document (can be found under "File" - "Check document").

Attention: Saving an Office document under a new name alone is not enough to remove metadata! A new document must be created for this purpose.

However, it should be noted that even when converting to PDF or copying to a new Office document, metadata may still be transferred that should be removed. A final check of the document properties is therefore always necessary. In certain cases, especially with very sensitive data, additional measures such as the use of special software for metadata cleansing may even be necessary.

Reading tip: Anonymization of personal data - a practical guide

Blackening of paper documents

When blackening paper documents, a distinction is made between two cases:

  1. The document is printed out and blacked out manually, either with a pen or by pasting over it. In either case, make sure that the writing no longer shows through when the document is held up to the light. In the past, there have been cases in which third parties have gained access to the redacted content by increasing the color contrast or using filters in graphics programs. The Italian supervisory authority has therefore already imposed fines for inadequate manual redaction. Great care must therefore also be taken with analog redaction.

  2. The document is printed out and blacked out manually, either with a pen or by pasting over it, and then scanned in again for electronic use. In this case, the scan must then be checked for redaction gaps.

Remove personal data from images

The use of blurring effects in graphics programs, e.g. to make faces or vehicle license plates unrecognizable, is less secure compared to real blackening, as blurred content can be reconstructed with the help of artificial intelligence, for example.

Instead, another motif, e.g. a black bar or another image section, can be placed over the personal date in question in the graphics software. Faces can also be provided with digital blobs of color and then pixelated. It is important that the edited image is then saved in a file format in which the original layer cannot be restored. The JPG format, for example, is ideal for this.

The metadata (e.g. EXIF) must also be deleted here.

The following applies in all cases: Before passing on or publishing the document or image, a thorough and final check for redaction gaps must always be carried out!

Source 1: Redaction of documents and images - Data Protection Authority Principality of Liechtenstein
Source 2: Data protection-compliant redaction: What you should pay attention to! - Saxon data protection and transparency officer

Find out how Ailance can help you to automatically anonymize and pseudonymize documents. We are happy to advise you! Simply get in touch with us:
Phone: +1 (954) 852-1633
Mail: info@2b-advice.com

 

Tags:
Share this post :
en_USEnglish