The redaction self-check before you share a sensitive file
Redaction is high-stakes — one mistake can leak data permanently. Before distributing any sensitive file, work through this checklist. It covers four gates: real redaction, metadata removal, PII detection, and most importantly, verifying it yourself.
① Truly delete, don't draw a box
Confirm your tool actually deletes the covered text (e.g. by rasterizing the page), not just stacking a black rectangle.
After export, open the result yourself, select-all and copy over the covered areas, and search keywords to confirm nothing returns.
② Strip metadata
Clear document info: author, company, creator app, create/modify timestamps. These fields expose your identity directly.
Tools like Adobe make this a separate Sanitize step that's easy to miss. Use a tool that does it by default, or run a metadata strip separately.
③ Scan the full text for PII
Run a PII detector over the whole text to catch any missed emails, ID numbers, card numbers, or phone numbers.
Pay attention to the corners beyond the body: headers/footers, comments, form fields, hidden layers.
④ Verify yourself — don't just trust the tool
Every tool has limits. The final step is always you: copy-paste, select-all, search, and re-check in a different reader if needed.
For legal, medical, or evidence-grade redaction, consult a professional or use a certified tool.
FAQ
- What's special about scanned documents?
- Scans are images with text baked into pixels. To detect PII you must OCR first; to redact, mask directly on the image and burn it into the pixels.
- Can I redact files in batch?
- You can batch, but redaction areas differ per file — confirm each one's boxes rather than blindly reusing the same coordinates.