Manual Redaction: Preserving PII Privacy in Digital Processes

Personally identifiable information (PII) is everywhere. Health data, financial information, legal records, even names and birthdates all fall under the auspices of PII. This information now forms the basis for many digital processes — from identity verification to contract creation and application approval.

The challenge? PII has value — and not just to data owners and authorized companies. Malicious actors are now targeting this information across enterprise content management databases, personal devices, and even supposedly secure government systems. 

As a result, governments across the globe are stepping up their PII protection to help improve user privacy across disparate digital processes. For enterprises, this creates a paradox. How do they effectively collect critical PII without risking legislative repercussions?

---

The Legislative Landscape

Laws are changing to account for PII protection. The EU’s General Data Protection Regulation (GDPR) is one of the most well-known, and lays out specific rules for collecting and using citizens’ personal data. For example, companies must report PII breaches within 72 hours; failure to comply could mean fines up to four percent of yearly corporate revenue.

In the United States, meanwhile, new legislation such as the California Consumer Privacy Act (CCPA) gives state residents the right to request, review, and have companies erase any stored personal information. Consumers can also ask enterprises not to sell their PII. According to the act, “any person, business, or service provider that intentionally violates this title may be liable for a civil penalty of up to seven thousand five hundred dollars ($7,500) for each violation.”

---

The Storage Situation

As a result, there’s an emerging shift in storage security. Organizations are understandably worried that stolen or compromised PII could have negative impacts on both their revenue and reputation.

Effectively securing personal data is a multi-step process. Companies must first identify what constitutes PII in their system, which regulation(s) apply, and where this data is stored. Then, they need to ensure this data is strongly encrypted, can only be accessed for a specific purpose, and is effectively tracked across all enterprise content management systems. 

Protecting high-value data — such as information protected by HIPAA — gets even more complicated. Any company that collects health PII is responsible for its secure storage and use, even if they rely on third-party providers for storage or analysis. To meet the standard of due diligence under HIPAA regulations, organizations must ensure end-to-end transmission security, robust access controls, audit controls, and even physical safeguards that limit data center access.

---

The Redaction Remedy

With regulations constantly evolving and the volume of PII continuously increasing, even large enterprises are hard-pressed to develop comprehensive storage and protection processes. The simplest solution? Don’t collect or store PII you don’t need, in turn reducing total risk.

This naturally presents a challenge. To deliver on consumer expectations, many companies now offer digital forms and application processing. From bank loans to legal contracts or mortgage applications, the sophistication of digital form creation, completion, and e-signature tools makes uploading personal data the quickest route to approval. Sidestepping legislative challenge means minimizing the upload and storage of PII, but how do companies separate data needed for processing from extraneous information? Manual redaction. Here’s one way that two companies have solved the issue of document security. 

---

A Secure Partnership

Accusoft has worked with TEAM Informatics to make secure document collaboration possible within their application. TEAM Informatics is developing a new product called M-Connect, which leverages Accusoft’s PrizmDoc Viewer. M-Connect extends and enhances the capabilities of the M-Files Intelligent Information Management platform. 

Using Accusoft’s PrizmDoc Viewer, users can view and convert documents into the correct upload format. Once they select the information for redaction, TEAM Informatics’ redaction engine burns in this data obfuscation behind the scenes, allowing users to upload only the redacted critical information and companies to avoid storing PII they don’t need, such as social security or account numbers.

PII drives digital application processes — but evolving storage requirements introduce enterprise risk. Manual redaction helps bridge the gap between process and privacy by allowing users to upload function-specific data on demand. Learn more about PrizmDoc Viewer, M-Connect, and M-Files that provide this capability.