Your organisation has to publish a contract under transparency obligations. The contract contains commercial sensitive information that's exempt from disclosure. The redactions need to survive a journalist with a copy of Acrobat trying to extract them at 2am.
Assume hostile inspection
Public releases are inspected by the same tools available to everyone — select-all, copy-paste, metadata viewers, PDF forensics. Anything that's not properly redacted will be extracted within hours.
This isn't paranoia. Major public-release leaks have happened to UK government departments, US federal agencies, and large corporates. The fix is technical — proper redaction tooling — and procedural — verification before release.
Use true redaction
Flint's redaction tool, or Acrobat's Redact tool, or equivalent. Not the rectangle tool, not the highlighter, not a cover image. The underlying content must be removed from the file, not just visually hidden.
After redaction, open the output and select the redacted regions. If anything copies out, redaction failed and the file isn't ready for release.
Strip metadata thoroughly
PDF metadata can leak:
- Author name (often the document's original drafter, sometimes sensitive). - Software and version (fingerprints internal IT systems). - File path on the originating machine. - Comments and revisions from earlier drafts.
Use a metadata-strip tool before release. Some workflows render the file to images and re-OCR to produce a 'clean' release version with no historical metadata.
Public release governance
For high-volume releases (FOIA, regulatory transparency), put a multi-stage review in place:
1. Lawyer applies redactions based on exemption analysis. 2. Document specialist verifies redaction technically (select-all test, metadata strip). 3. Senior reviewer spot-checks a sample of redacted documents. 4. Final QA on the actual files about to be uploaded.
This is overhead. It's cheaper than the headlines from a botched release.
FAQ
What's the worst-case scenario?
A reversible redaction in a public release leaks protected information (a witness identity, commercial figures, classified material). Damage ranges from embarrassment to legal liability to operational harm.
Do I need to flatten the document?
Helpful but not required if true redaction is applied. Flattening (rendering to images then re-OCR) is belt-and-braces — useful for very sensitive releases.
Can AI tools help redact?
Yes for detection (finding PII to redact). Always verify the output manually — AI misses unusual formats and over-redacts common terms. Use it as a first pass, not the only pass.
Should I keep an unredacted version?
Yes — securely. You'll need it for internal reference and if redaction is challenged.
Public release = highest stakes. Use a tool that holds up to inspection and verify before publication.