Redaction in Legal Agencies
Law, Order, and Redaction
The resulting discourse regarding the 2016 election and influence from other governments into the results also brought redaction into the forefront of mainstream media. Both Special Counsel Robert Mueller and the resulting public release by Attorney General William Barr showed pages and pages of redactions or text obliterated with black boxes. The enormous media attention had Americans clamoring for the details only to be somewhat mystified about the amount of redacted material. Redaction isn’t new to the public, but the large quantity of redacted material did bring more focus to the method of redaction and its use to retain privacy in legal matters.
Redaction is a process used in legal offices, law briefs, and courts across the United States. It is also used by governments, law enforcement, large corporations, and small businesses alike. Redaction is the process of removing data points, words, images, or other data that is considered private personal data. The method of redacting data in documents became a high-profile topic during the Mueller report release but is an example of how lawyers regularly protect client data on public records.
Mistakes can happen. In 2019, the legal counsel for Paul Manafort failed to properly redact a PDF that was a response to the information requested by the Mueller team. Such failures are not just embarrassing but can involve civil liability and disciplinary action by the local bar association or courts. Simple mistakes can lead to loss of attorney-client privilege, malpractice, or even professional discipline. These can be significant consequences and costly to both the client and the legal representation. Even with technology, an extra set of eyes should be used to review documents, so there is no chance for error.
Jan L. Jacobowitz, director of the Professional Responsibility and Ethics Program at the University of Miami School of Law, stated this about redaction errors. “The improper use of technology to redact a document is one example that may receive less attention on tech best-practices lists. Yet, this seemingly mundane task becomes monumental if a lawyer produces a document on which confidential or privileged information appears to be redacted but is actually highlighted.”
Dave Deppe, President of UnitedLex, a legal services firm, added his thoughts to the issue. “It has never been as important as it has been today to redact information properly because the impact and consequences are much greater.”
Why Law Firms Use Redaction
Law firms represent the rule of law, the courts, and their clients. The law requires that attorneys maintain the confidentiality of their clients. This requirement often includes the redaction of essential details and personal data to ensure the client’s privacy. Rule 5.2(as) is listed under the title “Redacted Filings.” It describes certain personally identifying information that is required to be redacted within the content of filings. These redactions would include social security or tax ID number, birthdates, minors’ details, or even financial account numbers. When a lawyer, legal firm, or group of attorneys fail to redact their clients’ data properly, they can be considered violations of the ABA Model Rules of Professional Conduct. It also violates court rules on confidentiality.
More importantly, as Leslie C. Levin, a professor at the University of Connecticut School of Law, describes a violation of legal representation’s primary tenant. “It’s also a violation of the duty of competence under Rule 1.1. Under Rule 1.1, competent handling of a matter includes giving the required attention to a matter.” Rule 1.1, as detailed, is the foundation of professional rules of conduct for lawyers. The law states that a lawyer “shall provide competent representation to a client. Competent representation requires the legal knowledge, skill, thoroughness, and preparation reasonably necessary for the representation.”
Today, most documents are delivered and transferred to other parties electronically. Courts are becoming more accepting of accepting redactions in the legal process to protect personal data from being breached or access given during civil discovery. Though courts sometimes make exceptions, most legal redactions are generally limited to privileged communications and personal data.
There have been many cases in which a corporation, or lawyer, believe they have adequately redacted a document only to find out later that it was done incorrectly. Many media outlets have used a standard method of discovery: copy-paste. This method is one way to discover what is under black boxes if the redaction was performed improperly. When copy/pasting the details from one document onto a new word document, the missing information is suddenly present. This approach is actually the process that revealed the details in the Paul Manafort case.
Courts, Evidence, Privacy
How do the courts view privacy? Both state and federal courts have allowed open access to court records. This transparency has been the mainstay of judicial integrity, allowing cases and rulings to become public record. For many years, courts have been challenged to use discretion with the disclosure of certain sensitive information. There can be a fully open court record. Access is available within the court’s confines, along with limited access to internet documents posted on court decisions, filings, and cases. Most courts have a searchable database that is available online to anyone who chooses to access it.
Over the past several years, courts across the country have been reevaluating their privacy policies and modifying public access records. The idea is to increase personal data protection that can be found within court records by anyone with an internet connection. As society becomes more data-aware and concerned about privacy, courts are under heavy scrutiny and pressure to conform to restricting access to private data. Many states have enacted state security breach laws on the private-sector to protect consumer privacy and deter identity theft; it makes sense that courts would consider their own actions when handling and disbursing personal data.
Recently the Illinois Supreme Court became more restrictive with releasing personal data, especially when placing records online, due to concerns over data privacy. Some Illinois residents are relieved that there is more protection for their information; however, critics and some attorneys have voiced concern that not allowing public access to court records creates an undue burden costing clients additional time and money.
After recommendations from the Supreme Court, many lower courts are now more accepting of redacted filings. They follow the guidelines set out by Rule 5.2. This federal ruling entails that unless the court orders otherwise, specific details must be cleansed from filings. These include documents that contain the following:
• The last four digits of social security or taxpayer-identification numbers.
• The year of birth of individuals, day, and month are permissible.
• Any details regarding the identity of a minor, including referring to them by their initials.
• The last four digits of any financial account number.
LegalTech and Data Protection
Data privacy and data protection have become one of the biggest challenges globally. Lawyers, judges, paralegals, and legal tech experts voice concern about the confidentiality and security of data posted online. They also share concerns over protecting an individual’s mobile data, as presented in court evidence. However, some individuals criticized the possibility of creating privacy limits on mobile data in the court process. Ed McAndrew, a former US Department of Justice cybercrime coordinator, gave his observations concerning mobile data and privacy. “The best evidence is now held in mobile devices and the apps, social networks, and cloud services we utilize with those devices. Any investigator or litigator who ignores that evidence may be committing malpractice in many instances.”
Privacy and Legal Challenges
The courts are facing a significant challenge as they face the future of data privacy legislation and policies. In recent discussions regarding courtroom filings and handling of data and complying with legislation such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act. One concern that was discussed was about compliance with both legislation and the court’s disbursement of data. It was questioned about the precedence or rulings on how to handle requests that a data subject insists that data be expunged under the right to erasure provisions included in Article 17 of the GDPR. How can the court continue to give transparency with the posting of case data publicly and the right to deletion under the CCPA? Are there provisions that state that the information used in the court process is subject to a legal hold? Some of the answers are still discretionary by the individual court, as there are exceptions to data privacy regulations. One example is that as part of the CCPA, Article 1798.105(3) “provides an exception to the right of deletion for complying with legal obligations.”
Johnny Lee, a partner with Grant Thornton in Ohio, stated that technology is the answer. “Centralized institutions—from social media platforms to governments—have shown that they may not be capable of fostering privacy in the manner that the global citizenry has come to expect. I’m particularly excited about technology advancements, like blockchain, and the privacy potential that they augur.”
Recommendations for the Redaction Process
If technology is the answer, then redaction and encryption processes are part of the solution. Technology, like CaseGuard’s redaction software, can take the additional workload and concerns for complying with data privacy regulations and automate it for the user. Using a top-quality redaction system can be far more accurate than leaving compliance open to human error. In the case of Paul Manafort, the error was most likely due to mistakes made by personnel.
One such way that the mistake with Paul Manafort’s case could have been made is that a paralegal or other office employee highlighted the information needed to be removed within their word processing application. Highlighting the private data with black boxes within a word document is not the same as full redaction. In this scenario, once the data was highlighted, the record was then processed into a PDF. The text appears to be unreadable and removed. However, because the data was merely covered up, not entirely redacted, the copy-paste method works to reveal what is left under the highlighted areas.
There is no way to know for sure; however, redaction failures can be too costly. The court views paralegals and office personnel who work under an attorney’s supervision as part of the attorney’s responsibility. Regardless of who within the office makes a mistake, as supervisor and employer, the attorney is liable. It is the attorney’s job to double-check their work and ensure that everyone under his authority is adequately trained in redaction techniques.
There have been many government agencies and corporations that have given proper redaction information to the public. In 2005, the National Security Agency released a publication called Redacting with Confidence: How to Safely Publish Sanitized Reports Converted from Word to PDF. Later, in 2006, Adobe published a technical guide entitled Redaction of Confidential Information in Electronic Documents. Free information is available to all corporations on redaction procedures, privacy legislation, and how to comply with data protection law. Making errors now reflects on the trustworthiness of the agency in the handling of personal data.
Redaction failures are not merely happening in court filings but also occur every day with large and small companies, government agencies, and non-profit organizations. The liability falls back to the agency that failed to understand the technology. CaseGuard’s redaction software is one way to guarantee compliance. Specific information can be searched, found, and removed with artificial intelligence and machine learning accuracy. The software can redact details from documents, audio, and video files accurately. However, when handling legal briefs and filings representing an attorney’s reputation before the court, a review of the redacted material with human eyes can help prevent any failures. When an attorney or another company’s integrity is on the line, failure is not an option.