Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
Saxony: SächsDSB releases information on data protection-compliant redaction of documents
On August 30, 2024, the Saxon data protection authority (SächsDSB) published information on how to carry out data protection-compliant redaction of documents as part of the technical and organizational measures that a company would need to put in place, for example, when publishing documents containing sensitive data.
Blacking-out in PDF and Office files
SächsDSB outlined that marking text passages in black or covering them with opaque shapes which ensures the text is not visible is often not enough as the passage may be made readable again using a text editor. Therefore, SächsDSB recommended:
checking the software manufacturer's operating instructions on how to remove the text passages from the document technically and not only visually; and
- in the absence of a software blacking-out solution, the document can be printed and scanned with the sections blacked out.
Furthermore, SächsDSB reminded that:
- the document should be checked for any gaps in the redaction; and
- relying on online services, in particular, allowing the file to be uploaded and blacked out, may entail additional data protection risks.
Metadata
SächsDSB highlighted that personal data might be hidden in metadata, such as who made the changes, time, author information, GPS, previous versions, and comments.
Moreover, SächsDSB recommended checking the program for functions to delete the metadata and not sharing the redacted Office document in its original file format - instead, saving or exporting the file as a PDF document or copying the already anonymized text into a new document and then sharing the new document.
Black pen
SächsDSB stated that sometimes blacking out with a black pen is not sufficient as the content may be made visible by holding the document up to a light or by using contrast filters on graphics software.
Blurring of photos
Lastly, SächsDSB outlined that blurring of faces, license plates, or other personal data on photos or screenshots may not always be effective as the content can be reconstructed using artificial intelligence (AI).
In this case, SächsDSB recommended placing another motif or splash of color with a pixel effect over the personal data, as well as saving the image in a file format in which the original layer cannot be restored, such as JPG.
You can read the press release, only available in German, here.