A Colorado court caused a firestorm of controversy last summer when an official document bearing the name of the woman accusing NBA star Kobe Bryant of rape was inadvertently posted on the Web. Within an hour, the original was pulled and a heavily redacted version of the document was posted, but given the intense media attention surrounding the case, the error became far more than a clerical mix-up.
Privacy experts point out that similarly sensitive, private and protected information is now in the hands of thousands of private corporations, which often use e-mail, the Web and other means to exchange data with third parties. Even files that appear to be safe on the surface, such as those from which certain information has been redacted, can still put a company at risk of violating privacy laws.
While corporations have long practiced redaction on paper documents with correction tape or black markers, eliminating information from electronic documents is "one of the most misunderstood and all too often misimplemented aspects of document management," said Josh Daymont, director of research at Atlanta, Ga.-based SecureWorks, which advises companies on document handling and other security issues.
Workers often delete specific words from a document or block them out by changing font or background colors. In many cases, however, the word processor program will save a copy of the original document, which can later be recovered by a third party.
Louis Jurgens, executive vice president at security consultancy Sage Inc. in Amarillo, Texas, said there are several tamper-proof methods of redaction that will work with electronic documents and e-mail, and eliminate the possibility of information being recovered after redaction. But, he added, the technical aspects are less important than having a solid policy that complies with regulations.
Such a policy spells out exactly what items need to be redacted from a document and who is responsible for scrubbing private data.
Cheryl Camin, an attorney in the HIPAA practice team at the Dallas law firm of Gardere Wynne Sewell, said at a minimum, a policy should require that employees "de-identify" all patient records and other sensitive information by removing anything that could identify the person if there is a possibility of it being made public.
Several vendors offer products for preventing privacy leaks, such as rule-based filtering for outgoing e-mail, a feature that SurfControl in Scotts Valley, Calif. and others offer to help close loopholes. Other solutions include an automatic redaction product from Landsdowne, Penn.-based Appligent called Redax, which is used by the Department of Homeland Security, Kaiser Permanente and others to automatically identify and permanently remove sensitive information.
Still, Jurgens said the bottom line is knowing what privacy laws require and having a policy that makes sure everyone is in compliance.