According to Nemertes Research, "Redaction should be considered for PII in archived personnel records to mitigate risk in an intentional or inadvertent breach. Though historically a legal/litigation function, the need for redaction ties directly to archive, retention and enterprise content management (ECM) policies to protect personally identifiable information (PII). This requirement is highlighted in Nemertes' benchmark, Security and Information Protection, in which 52.6% of participants say that the most costly regulations to comply with are the privacy-related regulations: HIPAA, FERPA, GLBA, PCI and CA SB1386. PII that isn't needed should be redacted."
Many states with data breach laws specifically mention data redaction as offering an exemption to disclosure requirements (as is the case in Arizona's Senate Bill 1338). States that have information-breach-notification laws hold businesses liable for the security of nonpublic personal information (NPI) and several states have made it a criminal offense to steal personally identifiable information. Arizona House Bill 2484, for example, makes identity theft a felony. An example of compliance would be to redact customer privacy data so that it would no longer be accessible to unauthorized parties. With the proper redaction solution, organizations can meet the needs of businesses while reducing data security risks.
Unauthorized access to privileged information impacts state and local governments, major corporations, small businesses and universities, exposing organizations to potential legal challenges or even criminal charges. Because of these concerns, IGC has issued recommendations to help organizations protect sensitive content. These guidelines include:
* Inspire an across-the-board culture of familiarity and participation in security procedure. Security of information involves principals throughout the business. Therefore, a general agreement of content security processes must be established to create an effective security strategy. * Implement new security technologies incrementally. While the long-term mission should be defined, focus on near-term landmark goals where possible to build an early and attainable record of success. * Automate security processes to minimize human error. Enterprise Content Management (ECM) systems provide access to an organization's file-based data, and as a result, can expose sensitive information to unauthorized users. An automated way to prevent this is intelligent removal of privacy information and sensitive content from files using integrated electronic redaction. * Select a redaction expert to trust with sensitive information. This person will be responsible for setting up the company's redaction policy, including recommending or selecting the redaction tool (or working with the IT department to do so), learning to use the selected tool properly, and then either performing all redactions or training other users. * Write a formal redaction policy with respect to who performs redaction, what kind of documents require it, and training required for current and new employees. * Identify the organization's redaction needs. A redaction tool that fits business needs can save significant financial and human resources.
IGC provides automated electronic redaction enabled technologies that integrate with today's leading ECM platforms to address security of privacy data. Solutions include Redact-It Enterprise(r), a highly scalable, fault-tolerant redaction server for bulk processing of document and image files on-demand as part of a workflow process. The software is used by state and local governments, law firms and corporate legal departments to cleanse privacy information. Documents include government forms, digital documents and files retrieved for litigation purposes and public records. Redact-It is tightly integrated into leading enterprise content management (ECM) systems and scan/capture systems such as EMC Documentum, Interwoven WorkSite, Kofax Ascent Capture, Microsoft SharePoint, and Open Text Livelink ECM.
"The number of data breaches over the past twelve months has been staggering," said Gary Heath, President and CEO of IGC. "Moving forward, organizations are challenged with managing and securing critical corporate and consumer content and therefore need to be aware of today's risks. With advanced electronic redaction resources at their disposal, IT professionals will be in better shape to protect information under their watch."
Electronic Redaction: How to Properly Redact Documents is available for free download now at http://www.infograph.com/.
About Informative Graphics Informative Graphics Corporation (IGC), founded in 1990, is a leading developer of commercial software products for content visualization, secure publishing, and collaboration. Renowned for their cost-saving value, ease of use, features and scalability, ICG products are deployed by thousands of corporations, law firms and government entities in the United States and internationally. In addition to Redact-It Desktop and Enterprise, IGC also markets Brava!, a two-dimensional viewer with redaction and annotation capabilities. IGC maintains offices in the United States and has key distribution and OEM partners worldwide. For more information, visit www.infograph.com.