Philterd

Talk to an Expert

Tell us about your stack and the privacy problems you're trying to solve. We typically respond within one business day.

Prefer to skip the form? Pick a time on our calendar →
or send a message

← All posts

What is Data Redaction? A Practical Guide

By Redaction

"Data redaction" is one of those terms everyone uses and few people define the same way. The mental image is usually a black bar over a sentence in a court filing — an image that captures one specific technique while obscuring the broader category. Real-world redaction includes that, plus several other strategies that look very different from a black bar but solve the same underlying problem.

This post is a practitioner's reference: what data redaction actually means, the five common strategies, when each one fits, and how to pick the right approach for your workload.

The definition that actually matters

Data redaction is the process of identifying sensitive information in a document or dataset and transforming it so that the sensitive content can no longer be recovered or attributed to a specific individual. The "transforming it" part is doing a lot of work in that definition — there are several legitimate transformations, and choosing the right one is most of the engineering decision.

Three things to notice in the definition:

  1. It's a two-step process. First identify what's sensitive (the discovery problem); then transform it (the redaction problem). Most failed redaction projects fail at step 1 — they pick a great transformation strategy for entities they never detected in the first place.
  2. "Sensitive" is context-dependent. A SSN is always sensitive. A patient's first name in a clinical note is sensitive because of the context, not because the name itself is special. A phone number on a public business card isn't sensitive at all. Redaction policies have to encode that context.
  3. "Can no longer be recovered" has degrees. Some transformations are one-way (you literally can't reconstruct the original). Others are reversible by a system that holds a key. Both can be appropriate; which one fits depends on whether anyone downstream legitimately needs to reverse the transformation.

What gets redacted

The sensitive categories that motivate most redaction work fall into three regulatory buckets, with significant overlap:

  • PII — Personally Identifiable Information. The broad umbrella: names, emails, addresses, SSNs, IPs, license numbers, biometrics. Governed by NIST guidance and state laws.
  • PHI — Protected Health Information. PII tied to a person's health, healthcare, or healthcare payment. HIPAA defines 18 specific identifier categories; we mapped them all.
  • NPPI — Nonpublic Personal Information. PII obtained through providing financial products. Governed by GLBA and (for cardholder data specifically) PCI DSS. Financial-services breakdown here.

If you're confused about which acronym applies to your workload, we wrote a short explainer. The short version: PII is the default; PHI and NPPI are stricter regulatory overlays that apply to specific domains.

The five redaction strategies

"Black bar" is just one option. A complete toolkit has five distinct strategies, each appropriate for different needs:

1. Redact (remove and replace with a placeholder)

The classic black-bar approach. The sensitive value is replaced with ***, [REDACTED], or a similar placeholder. Maximum safety; zero data utility for the removed content. Use when the downstream consumer doesn't need the value at all.

Before:  Patient John Doe was admitted on 2025-11-14.
After:   Patient *** was admitted on ***.

2. Mask (preserve the format, hide the content)

The format of the value is preserved; the content is hidden. A credit card becomes ****-****-****-1234; a phone number becomes (***) ***-1234. Useful when downstream systems need partial information for verification — "last four of your card" is a common UX pattern.

Before:  Card 4111-1111-1111-1234, expires 06/27.
After:   Card ****-****-****-1234, expires 06/27.

3. Encrypt (reversibly transform with a key)

The value is encrypted; the ciphertext replaces the plaintext. Systems holding the key can recover the original; everyone else sees an opaque token. Format-preserving encryption keeps the encrypted value the same shape as the input (so a downstream regex still recognizes it as "a SSN") while making the actual value unrecoverable without the key.

Before:  SSN 123-45-6789
After:   SSN 847-21-9302   (FPE; reversible with the key)

4. Hash / pseudonymize (one-way transform with a salt)

The value is replaced with a deterministic hash. The same input always produces the same output, so downstream systems can join across records (the same patient always appears as the same opaque ID), but the original can't be recovered. Salt the hash with a secret to prevent rainbow-table attacks.

Before:  MRN 8472193 in record 1, MRN 8472193 in record 2
After:   MRN p_3df97a2c in record 1, MRN p_3df97a2c in record 2
         (same hash → joinable; not reversible)

5. Replace with synthetic (substitute a realistic fake)

The value is replaced with a plausible synthetic equivalent. A name becomes another name; a date becomes another date; an address becomes another address. Useful for training datasets, demos, and analytics workflows where the downstream system needs values that look real even if they aren't.

Before:  Patient John Doe at 742 Evergreen Terrace, DOB 1972-03-14
After:   Patient Lisa Tran at 1801 Pine Street,    DOB 1969-08-22

Within "replace with synthetic" there's the related question of date shifting: replacing each date with one shifted by a random offset (per patient), so intervals between events are preserved but the absolute dates change. Critical for clinical research datasets where "discharge happened 4 days after admission" needs to survive de-identification.

Choosing per entity, not per document

The mistake most teams make is picking one strategy for the whole document. Real policies pick a strategy per entity type:

  • SSNs → format-preserving encryption (reversible by your secure system; safe everywhere else)
  • Names → consistent synthetic names (so analytics on per-patient counts still works)
  • Dates → date-shifted by a per-patient random offset
  • Phone numbers → masked to the last four (so customer service can verify)
  • ZIPs → truncated to 3 digits where population > 20,000 (HIPAA Safe Harbor rule)
  • Anything unrecognized → redacted with a placeholder (default deny)

That per-entity granularity is the difference between a redacted document that's still useful for its intended purpose and one that's a series of black bars. The Redaction Policy Editor exists to make per-entity strategy a clickable choice rather than a JSON hand-edit; Phileas is the engine underneath that actually applies the policy.

When do you need data redaction?

Four common triggers:

  1. Regulatory compliance. HIPAA Safe Harbor de-identification, GLBA Safeguards Rule, GDPR data minimization, CCPA right-to-delete. Every regulated industry has at least one mandate that effectively requires redaction at some boundary.
  2. Secondary use of data. You want to use clinical notes for research, customer transcripts for ML training, or production logs for analytics — but the raw versions contain PII you can't share with the downstream consumer.
  3. Cross-environment movement. Production data has to land in staging, sandbox, or developer environments. Redaction at the boundary keeps the lower environments out of compliance scope.
  4. AI / LLM workflows. Generative AI introduces new leak vectors at both ingestion (chunks landing in vector stores) and inference (prompts sent to hosted model providers). RAG-specific patterns here.

Manual vs. automated

Manual redaction (a human reading documents and removing sensitive content by hand) is slow, expensive, and inconsistent. Manual redaction also fails predictably at scale — humans miss things, and the error rate compounds across thousands of documents.

Automated redaction is essentially mandatory for any volume above a few hundred documents per day. Automation has its own failure modes (missed novel entity types, over-redaction destroying utility), but those failure modes are measurable. Manual redaction's failure modes are uniformly invisible until they show up in an OCR audit.

Measuring whether it worked

Automated redaction is a probabilistic process. The right question isn't "did we catch everything?" — it's "what percentage did we catch, and is that good enough for our domain?"

Two metrics dominate:

  • Recall — of all the sensitive data in the source, what fraction did we redact? High recall is what compliance cares about. Missing a single SSN can be a reportable event.
  • Precision — of everything we redacted, what fraction was actually sensitive? High precision keeps the redacted output useful for downstream purposes. Low precision creates documents full of holes.

Different domains target different ratios. Healthcare workflows typically need recall close to 100% (HIPAA tolerance for misses is essentially zero). Marketing workflows often weight precision higher to keep copy readable. Research workflows balance both via the F1 score. Philter Scope measures all three against any redaction pipeline; the threshold-tuning story is here.

Picking an engine

Three implementation paths, ranked by escalating commitment:

  • Hand-rolled regex. Works for a handful of well-formatted entities (SSNs, credit cards). Falls down hard the moment you need names, addresses, or any unstructured text. Not recommended as a primary solution above tiny scale.
  • Cloud SaaS (AWS Comprehend PII, Google Cloud DLP). Easy to integrate; pricey at scale; sends your data to the vendor. We did the TCO math.
  • Self-hosted hybrid engine (Philter / Phileas, Microsoft Presidio). Combines regex for structured data with NLP for unstructured. Data never leaves your perimeter. Apache 2.0 licensed in our case — we wrote about why hybrid wins.

The bottom line

"Data redaction" is a category, not a single technique. The right approach is a per-entity policy that picks the right transformation for each sensitive value — redact what doesn't need to be recovered, mask what needs partial preservation, encrypt what needs reversibility, hash what needs joinability, replace what needs realism. Apply the policy with a hybrid engine that combines regex precision with NLP context. Measure the result against your domain's recall and precision thresholds. Re-measure after every policy change.

That's the entire framework. The Philterd toolkit implements every piece of it as open source software. If you want to walk through how that maps to your specific data, get in touch — we'll process a sample and report back with metrics specific to your text rather than vendor-quoted averages.