Epic Fail: This Common Redaction Error Exposes Confidential Info
Aside from risking potential civil liability, lawyers also could face disciplinary action when they fail to properly redact court documents. Here's what to know to avoid making a big mistake.
December 19, 2018 at 12:46 PM
5 minute read
The black redaction box is meant to protect sensitive information from public view. It's supposed to be an impenetrable curtain. But sometimes that curtain is surprisingly easy to raise.
And when that happens, it can mean trouble for attorneys and their clients.
Lawyers who fail to properly redact information in confidential documents could run afoul of the American Bar Association's rule on safeguarding client property, which has been adopted by most states.
“A client's information is their property. When they transfer it to us, we have a duty to maintain that information. Once it's out, it's out. And the exposure for an attorney in that situation is monumental. The damages could be in the hundreds of millions of dollars,” said Eric Bland, a legal malpractice attorney at Bland Richter in Columbia, South Carolina. Aside from risking potential civil liability, lawyers also could face disciplinary action when they fail to properly redact court documents, as evidenced by a 2013 case involving a Chicago lawyer and a 2014 case out of Kentucky.
Redaction errors exposing confidential information are coming to light with increasing frequency: Earlier this year, The South Florida Sun-Sentinel unveiled what was supposed to have been confidential information in a school district report about Parkland, Florida, high school shooter Nikolas Cruz, which raised the ire of a local judge. “By court order, the district was supposed to black out nearly two-thirds of the report because it disclosed information that Cruz was entitled to keep private under federal and state law,” the newspaper reported. “But the method used to post the report on the district's website made it possible for anyone to read the blacked-out portions by copying and pasting them into another file.”
In 2014, The New York Times reportedly failed to properly redact a PDF file of leaked National Security Administration documents and inadvertently released the name of an NSA agent.
More recently, reporting about an SEC settlement with alleged fraudsters, a reporter for this publication downloaded from the federal PACER database an affidavit from one of the defendants in the matter. The PDF file contained about 100 pages of financial transactions that were blacked out in the PDF file. When the affidavit was copied and pasted into another application's text file for uploading, however, the black redaction boxes vanished, revealing all the private financial information that was supposed to be hidden. A clerk at the federal courthouse where the document in question was filed said that the party filing the document was responsible for ensuring that it was properly redacted. The attorney who filed the affidavit did not respond to interview requests.
Bruce Schneier, a security technologist and a special adviser to IBM Security, said in an interview that redaction mistakes happen simply because “people don't know how to use the technology.”
“This requires specialized expertise,” he added. “If you don't have it, you don't realize you've screwed up.”
After a military incident that exposed classified information in connection with the death of an Italian secret agent, the National Security Agency in 2005 released guidelines for properly redacting documents and noted that the “most common mistake is covering text with black.”
The NSA report states: “The key concept for understanding the issues that lead to the inadvertent exposure is that information hidden or covered in a computer document can almost always be recovered. The way to avoid exposure is to ensure that sensitive information is not just visually hidden or made illegible, but is actually removed from the original document.”
Tech experts recommend using a redaction tool that allows users to burn a permanent black box into an image or text.
Of course, there's always the old-school option of using a dark marker to manually cover over confidential information. But even that method might not be good enough, according to Mark Crandley, a partner in the litigation department of Barnes & Thornburg in Indianapolis.
He wrote in a 2015 article, “The Perils of Redaction: Simple Steps to Protect Confidential Information,” that “many scanners are sensitive enough to perceive covered words even when the naked eye cannot.”
So what then? Find scissors and start cutting.
“The surest means to redact hard copy documents is to physically cut the confidential language from the document,” Crandley wrote.
Some Basic Tips for Properly Redacting Word to PDF Files:
• Delete the sensitive information before converting the text or Word document to a PDF file.
• Create PDFs as image files with no text.
• If you use a redaction tool such as Adobe Acrobat, be certain that the software is the correct and updated version. Know that most office tools such as Microsoft Word also contain hidden metadata that can be accessed. Converting a Word document to PDF does not automatically remove all metadata.
Sources: NSA Information Assurance Directorate 2005; interviews.
Read more:
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllAggressive FTC May Force Merging Companies to Bolster Legal Defenses
4 minute readBest Legal Departments: How Blackstone's Legal and Compliance Team Got the All-Clear to Grow Business
CEOs Want Data-Based Risk Management; GCs Lack the Tech to Do So.
InCloudCounsel Hires First GC to Continue Expansion in Asia
Trending Stories
- 1First California Zantac Jury Ends in Mistrial
- 2Democrats Give Up Circuit Court Picks for Trial Judges in Reported Deal with GOP
- 3Trump Taps Former Fla. Attorney General for AG
- 4Newsom Names Two Judges to Appellate Courts in San Francisco, Orange County
- 5Biden Has Few Ways to Protect His Environmental Legacy, Say Lawyers, Advocates
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250