Monday, January 04, 2010

TSA document release show pitfalls of electronic redaction

The inadvertent exposure of a sensitive Transportation Security Administration security manual last month serves as a sobering reminder about the pitfalls of trying to redact, or hide, electronic text.

The lapse occurred when a contract employee posted the improperly redacted security manual -- which described TSA airport screening methods that are designed to thwart terrorists -- on a public Web site for federal procurements.

Other organizations, such as HSBC Bank and Facebook Inc., have also had embarrassing incidents in which text in electronic documents that they thought was unreadable was revealed.

Such lapses often result from a simple misunderstanding of how electronic redaction works, said Barry Murphy, an analyst at Murphy Insights, a Boston-based consultancy specializing in e-discovery and records management.

"Obscuring portions of text in a word processor by placing black boxes over it, for instance, does nothing to redact it," Murphy said. The text may not be viewable, but it still can be indexed, making it very searchable and easily retrieved by copying and pasting the blacked-out portion to another document, he said.

To Continue Reading: Click Here
---------------------------------------------
Source: Computerworld
By: Jaikumar Vijayan
Posted by at

2 comments:

Anonymous said...

These types of costly and damaging mistakes where sensitive information is accidentally released could easily be avoided by using redaction software designed precisely for eliminating sensitive information. ID Shield Redaction Software works in any environment, is easy to use, dependable and tested—our customers have securely redacted over one billion pages. Desktop and Server editions. www.extractsystems.com

Mark Miller
VP Business Development
Extract Systems
mark_miller@extractsystems.com

1/04/2010 10:49 AM
Christine said...

HSBC was somewhat lucky that the TSA gaffe overshadowed their breach, but it seems they must face some consequences for noncompliance at least. Class action is always a possibility. In checking the Privacy Rights Clearinghouse site , I notice ChoicePoint had another breach in October and got hit with yet another FTC fine. I guess the first fine in 2007 and class action suit weren't enough.

Christine Musil
Informative Graphics
www.infograph.com
www.redact-it.com

1/05/2010 10:35 AM

Post a Comment

Subscribe to: Post Comments (Atom)