What real redaction means
There are two kinds of 'redaction' floating around the internet. The fake kind is drawing a black rectangle over text in a regular PDF editor — the underlying text stays in the file, and anyone with Acrobat can drag the rectangle aside or copy the hidden text. Lawyers have exposed client SSNs this way. The real kind — what compliance officers, court clerks, and corporate counsel mean — strips the text from the underlying PDF and replaces it with a solid black region. Even copy-paste, search, and OCR-on-the-redacted-file can't recover the data.
What you should redact
- Social Security numbers (full SSN; partial last-4 is sometimes OK)
- Full credit-card and bank account numbers
- Dates of birth in court filings (PACER rules)
- Home addresses for protected witnesses, juveniles, and victims
- Medical records (HIPAA — names plus diagnosis or treatment)
- Trade secrets when sharing contracts with prospective vendors
- Names of minors in any legal filing
The order of operations
- Make a backup of the original (un-redacted) PDF in secure storage.
- Open the redaction tool and mark every region.
- Apply redaction — this is the destructive step.
- Search the redacted file for any sensitive term you redacted. Zero hits = success.
- Strip metadata (Author, Title, Comments) before sharing.
- Save the redacted PDF with a clear filename like 'Smith_v_Jones_REDACTED.pdf'.
Common mistakes
- Drawing a black shape in a regular editor and assuming it counts. It doesn't.
- Redacting the visible text but forgetting metadata (Author field often contains the editor's name).
- Compressing first, redacting second — compression can rasterize text, making redaction harder to verify.
- Sharing the redacted PDF without checking — open and search for the redacted terms before sending.