Does masking or redacting PII count as deleting it for retention and privacy purposes?
Short answer: usually no. Masking and redacting personally identifiable information (PII) limit who can see it, but they generally do not satisfy a requirement to delete, destroy, or dispose of the underlying record. Whether they “count” depends on the technique used and what the obligation actually demands.
Masking and redaction vs. deletion
These terms describe related but distinct actions:
- Masking obscures data from view (for example, showing only the last four digits) while the full value typically still exists somewhere underneath.
- Redaction removes or blocks information from a specific copy or rendering of a record, leaving the source record intact.
- Deletion or destruction eliminates the information so it can no longer be retrieved or reconstructed.
If the original data is still recoverable—in a backup, an audit log, the source database, or an unflattened layer of a document—then masking or redaction has reduced exposure, not eliminated the record.
Why the distinction matters
For retention and disposition, the record exists until it is actually destroyed under an approved schedule. Redacting fields does not “start the clock” or fulfill a destruction action; the record must still be disposed of when its retention period ends.
For privacy, the goal is to manage and minimize risk across the data’s lifecycle. Frameworks treat de-identification, masking, and disposal as different controls with different residual risk. Masking can be appropriate for sharing or limiting access, while a deletion or “right to erasure” obligation generally calls for true destruction or irreversible de-identification.
A key test is reversibility: if the masking can be undone or the source remains, the PII is still present for legal, retention, and breach purposes.
Practical guidance
- Match the technique to the requirement—use masking for access control, and destruction for disposition.
- For redacted releases (such as FOIA responses), preserve the unredacted original per its retention schedule; redaction applies to the released copy.
- When deletion is required, ensure backups, caches, and source systems are addressed and the result is irreversible.
- Document your method and rationale.
Learn more at the privacy and PII topic hub.
Sources & further reading
Authoritative government and non-profit references.
- NIST Privacy Framework — NIST
- Privacy Act of 1974 — U.S. Department of Justice
How to cite this page
APA
RM University Editorial. (2026). Does masking or redacting PII count as deleting it for retention and privacy purposes?. Records Management University. https://www.recordsmgmt.org/questions/does-masking-or-redacting-pii-count-as-deletion/
MLA
RM University Editorial. "Does masking or redacting PII count as deleting it for retention and privacy purposes?." Records Management University, 16 June 2026, www.recordsmgmt.org/questions/does-masking-or-redacting-pii-count-as-deletion/.
Related questions
- Can a multinational use ISO 15489 to build one global records policy, or does it still need separate schedules per country?
- Can blockchain or immutable storage be used for records when privacy laws require you to delete personal data on request?
- Can I keep customer data longer than my retention schedule says if I might need it later?
- Can I keep customer personal data indefinitely if they agreed to my privacy policy when they signed up?
- Can you be fined for failing to honor a data subject's deletion request if you can't find their records?