FOI request (FOIR-345919131)

Implementing GDPR Rules in Redaction

Requested Wed 30 June 2021
Responded Wed 21 July 2021

The Social Security Scotland already have in place Adobe Reader and Acrobat Redaction tools, The questions we need help with is how do organisation like yours implement Redaction to be GDPR compliant in the Government Organisation and how it is done?

1. When Redaction is done, do they keep originals, if Yes, will it still be 100% GDPR compliant?

2. How does Redaction work as a process in these organisations?

3. What tools they use for Redaction and what are the positives / shortcomings of these tools?

4. Is Redaction entirely manual or is it automated in anyway?

5. Do some organisation Redact more than others and why?

6. How will a scenario of a mistaken Redaction be corrected (Is it rolled back)?

7. How will large volumes of document be Redacted?

8. Are there Redaction teams that go through documents or are documents done on a case to case basis?

9. Is Redaction done by the person who identify the text to be Redacted, is it done by a 3rd person or a case manager?

Response

1. Originals are always retained as the master version of a document.

2. Once information has been gathered for release, the final step in the process is to decide if any redaction is required.

3. Adobe Acrobat Professional.

4. Redaction is entirely manual.

5. All redaction is carried out according to the law.

6. We always retain a non-redacted master version of all documents.

7. The process is the same regardless of volume. Redaction is entirely manual.

8. Documents are redacted on a case-by-case basis.

9. Redaction is normally completed by the Information Officer or Data Protection Officer.