Automatically Find and Remove Sensitive Information from Documents

According to the Theft Resource Centre, 1,862 data breaches were recorded in 2021 alone. This is an increase of 68% compared to last year. This is quite a shocking fact, as more data is being stored and available in cloud-based systems. 

As an organization, you naturally don’t want sensitive data to end up with the wrong person. One of the best strategies to limit your risks when sharing or storing data online is to remove as much sensitive information as possible. Every bit of information you remove is directly reducing the overall risk. 

Does that mean you have to check all documents for sensitive information and remove it manually? Luckily not! You can implement intelligent solutions that automatically find and remove sensitive information from documents.

But what is actually defined as sensitive information, and how does the redaction of sensitive information work exactly? Can the software really make the process easier?

In this blog, we will answer the above-mentioned questions, present relevant examples and show you which benefits an automated system brings to your organization.

What is Sensitive Information?

Let’s start with defining sensitive information. Sensitive information is information that should be protected from view. It is confidential, private or otherwise secret information that should only be accessible to certain people. Whether information is sensitive depends on the audience to whom it is revealed and the legal context of an organization and country.

In Europe, sensitive information is largely defined by the GDPR regulations, whereas in America most organizations need to comply with the California Consumer Privacy Act (CCPA).  

Sensitive information can be found on documents that are stored and organized in paper form or digitally, such as a photo and name on a CV. In this blog, we will be focussing on information that is stored digitally.

Which Types of Data Have to Be Removed?

In order to start the process of finding and deliting sensitive data, an organization needs to define which types of information clients and employees usually share, which of those are actually needed, and which need to be removed.

Generally, there are four types of data that require to be protected from unauthorized people:

• Personally identifiable information: This covers any data that could be used to identify a particular person. Information like the full name, social security number, driver’s license number, or passport number.

• Protected health information: This information includes medical history, demographic information, test and laboratory results, mental health conditions, insurance information, and other personal health data.

• Payment card information: Every organization needs to follow the information security standard that applies when handling credit cards. Here, sensitive information is described as the credit card number, cardholder name or expiration data. This can specifically be relevant for PCI/DSS compliance obligations.  

• Intellectual property: Information of intellectual property refers to creations such as inventions, designs, literary and artistic works, or names and images used in business. In this case, information is usually not redacted, but work is watermarked to indicate the owner of the property.

In these data types, the following fields are normally labeled as sensitive information. These can be identified and removed:

• Name 
• Address 
• Date of birth
• Age 
• Bank account number
• Credit card number
• Social Security Number 
• Work and educational history 
• Picture 
• Signature

Of course, not all the above-mentioned information applies to your organization, as this differs for each industry. But now that you have an overview of the information you should be looking for, you have a great basis for the following steps.

Why Should Sensitive Information Be Removed From a Database?

There are several reasons why an organization should remove sensitive information from its database. You shouldn’t only protect sensitive data because it is a legal requirement in your industry, but also because of respect for your clients and other private people.

Here are the top 4 reasons why an organization should remove sensitive information:

1. Ensuring Compliance
2. Minimizing security risks
3. Legal obligations
4. Insurance requirements

The risks of data breaches are real and shouldn’t be underestimated. To prevent serious harm for your organization and everyone involved, you want to make sure to have good protection in place. This involves the removal of sensitive information from documents.

Furthermore, the redaction of information can ensure that you comply with the GDPR requirements of your country or company. 

In the EU, these regulations are rather strict and involve e.g. lawful, fair and transparent processing of information and limitation of data storage and transfer. It is important to comply with the given requirements if you want to host your data on a European server.

Before we jump to the next part, we want to throw in a few technical terms and answer the question:

What is It Called When You Remove Sensitive Information From a Document?

In short: It is called data masking, also known as data redaction, data anonymization, and data obfuscation.

Data masking can be used in various ways such as Substitution, Shuffling, Averaging, Nulling out, Data redaction, Data scrambling, and Data encryption. 

Here we don’t want to go into detail about every technique, but if you are interested in learning more, you should read our ultimate guide to data masking.

If you are not familiar with the underlying technology of data masking yet, you might first continue to read this blog, as in the next section we will explain the technology that makes it possible to automatically delete sensitive data from documents.

How To Automatically Remove Sensitive Data From Documents?

If you just have a few files that need the deletion of sensitive data, it is definitely fine to do this manually. At larger organizations, however, the sheer volume of documents and data is usually very high. 

This results in a time-consuming task to do by hand. The cost and time spent would get very high, the turnaround times long and errors made often. 

Luckily, there is an alternative to manually anonymizing information. In the process of finding and removing sensitive information from documents, almost every step can be automated and performed by Intelligent Document Processing (IDP) software.

An IDP solution like Klippa DocHorizon, for example, is able to check and redact documents within seconds. At Klippa, we offer several options to automatically find and mask sensitive data, such as: 

• Fully automated data masking with AI
• Human-assisted automation
• Data masking on mobile

Fully Automated Data Masking with AI 

With a fully automated data masking solution, human interventions are not necessary anymore. Klippa has developed the DocHorizon API that enables you to automatically recognize, locate and redact sensitive information from documents within a couple of seconds. 

This is possible because of AI-powered OCR technology which has been trained with hundreds of documents to recognize certain fields and e.g. blackline sensitive information. 

Fully automated data masking frees up your employees’ time and enables them to use their skills for complicated tasks. That way, the efficiency of your organization will be increased.

Human-assisted Automation

If your organization requires 100% accuracy, it might be advisable to implement human-assisted automation. Before data is stored on the database, a human checks the masked document instead of data being automatically saved. 

That way, mistakes caused by bad image or document quality can be avoided and accuracy increased. 

This solution combines the best of artificial intelligence with the best of human intelligence, allowing your organization to be efficient and effective. 

Data Masking on Mobile (Semi-automated Solution)

If you have an application yourself or want to build one, the easiest way to enrich it with data masking capabilities is to integrate our mobile scanner SDK into the application. 

Our mobile scanner SDK includes data masking techniques that offer you the solution to take a picture of a document (e.g. ID card, invoice, or passport) and then manually draw a black box masking sensitive information. This ensures that only the necessary information is shared and stored.

We want you to be able to make an informed decision, which is why we present some advantages of automated and manual removal of sensitive information below. 

What are the benefits of automated removal of sensitive data?

How many documents are you processing every week? Every month? Perhaps not all of them have sensitive data that need to be redacted. But just imagine how much time you could save if not every single document needed to be checked manually. Other advantages include: 

• Scanned and extracted data within seconds
• Errors are limited 
• Reduction of labor cost, turnover time, and mistakes
• Scalability

We created a table below to visualize and compare manual and automated document processing. This way, it might be easier for you to see the advantages and disadvantages of each process.

What Are Common Use Cases For the Redaction of Sensitive Data?

In the next paragraphs, we will discuss three different kinds of use cases:

• Identity documents
• Patient medical records
• Financial documents

Blacklining Identity Documents

One of the most common use cases is the anonymization of copies of identity documents. Information such as the social security number (SSN) on a passport or ID is very sensitive and often not allowed to be stored on a database.

An SSN belongs to “special categories of personal data” and falls under strict rules according to the GDPR requirements. Usually, only government institutions have permission to store SSNs in their database, which means that other organizations need to find ways to remove this data.

One way of redacting SSNs is to automatically blackline the necessary information on the copy of the document with intelligent software. 

Blacklining Patient Medical Records

Personal health information is sensitive and needs to be protected. If healthcare providers and other organizations that use, handle or transmit patient information don’t comply with the earlier mentioned GDPR requirements, penalties and fines will be the result. 

A healthcare provider has to process thousands of documents, and it would be impossible to go through all of them manually. Here, it is crucial to have software in place that can automatically find and remove sensitive information from e.g. patient medical records, in order to work effectively and efficiently. 

Patient medical records entail information like the street address, social security number, and insurance number of the patient. Not everyone is authorized to see this information, which makes it important to mask the data. Blacklining information with software is a possible way to redact data automatically and protect patients from fraud and data breaches. 

Blacklining Financial Documents

Invoices, copies of credit cards, and contracts are all financial documents processed daily. They contain sensitive information which should be protected from unauthorized people.

The financial service industry should have the intention to prevent fraud and ensure compliance. As soon as a financial institute doesn’t ensure compliance, severe reputation damage, lawsuits or government fines could be the result.

If we take an invoice as an example, information such as the name and address of a client are data that should be blacklined. By using this technique, fraud through duplicated or falsely created invoices could be prevented.  

Going through all documents manually would be an impossible task. That’s why smart document solutions, like Klippa, have been developed that help you to automate the process.

We just described three different use cases, but the same applies to basically any document type or image. If we didn’t cover your specific case here, and you are wondering if we can help you as well, you can gladly contact us to ask questions and receive more information.

Using Klippa to Mask Data

Klippa specializes in many forms of document automation. All the examples given are cases that we solve for clients around the globe on a daily basis.

With Klippa you are not only able to find and remove sensitive information from documents. You are able to improve the quality of your administrative work, reduce operational costs and prevent costly mistakes.

Masking your data with our IDP solution, Klippa DocHorizon makes being GDPR-compliant as easy as it can be. Furthermore, Klippa will offer your organization the following benefits:

• Experience in many industries
• International clients from more than 30 countries
• GDPR-compliant
• Hosting options in various countries
• Anonymizing documents within seconds

Does this sound like a solution your organization would need? Let us help you bring your company to the next level. Book a free demo down below to get to know our solution, or contact one of our experts to get started. We would love to work together with you!