Why can't I just black out personal information in a PDF with a highlight or box before sharing it?
It feels intuitive: cover the sensitive text with a black rectangle or a colored highlight, save the file, and send it out. The problem is that this hides information from your eyes without removing it from the file. A PDF is a layered container, and a shape drawn on top is just another object sitting above text that is still fully present underneath.
Why the Box Doesn’t Work
When you draw a box or highlight in most PDF and image editors, you are adding a visual overlay, not deleting data. The original characters remain in the document’s text layer. That means the “hidden” information can be recovered in seconds by anyone who:
- Copies the text under the box and pastes it elsewhere.
- Runs a text search or extracts the document’s content stream.
- Moves or deletes the overlay object in an editor.
- Opens the file’s underlying code or an earlier saved version.
Highlights are even worse, because a highlight is designed to be semi-transparent and is never meant to conceal anything. These failures are not rare edge cases. Improperly “redacted” documents released to courts, the press, and the public have repeatedly exposed names, Social Security numbers, and other sensitive data.
What True Redaction Does
Real redaction permanently removes the underlying content, not just its appearance. A proper redaction tool deletes the targeted text, images, and metadata, then replaces the area with an opaque marking so nothing recoverable is left behind. The cleaned file is typically flattened or re-saved so the original layer cannot be restored.
Good practice includes a few habits:
- Use a dedicated redaction function that strips the content, then verify by searching and copying the redacted areas.
- Check hidden places too: document metadata, comments, embedded files, tracked changes, and prior versions.
- Keep an unredacted original under access controls, and share only the verified redacted copy.
The Bigger Principle
Protecting personal information is a data-management obligation, not a cosmetic one. Frameworks for handling personally identifiable information emphasize minimizing and controlling the data you actually disclose, not merely hiding it from casual view. Treating redaction as “make it invisible” instead of “make it gone” is one of the most common and avoidable privacy breaches in records work.
For more on handling sensitive data responsibly, see the privacy and PII topic hub.
Sources & further reading
Authoritative government and non-profit references.
- FOIA frequently asked questions — FOIA.gov / U.S. DOJ
- NIST Privacy Framework — NIST
How to cite this page
APA
RM University Editorial. (2026). Why can't I just black out personal information in a PDF with a highlight or box before sharing it?. Records Management University. https://www.recordsmgmt.org/questions/why-black-box-redaction-in-a-pdf-does-not-actually-remove-pii/
MLA
RM University Editorial. "Why can't I just black out personal information in a PDF with a highlight or box before sharing it?." Records Management University, 16 June 2026, www.recordsmgmt.org/questions/why-black-box-redaction-in-a-pdf-does-not-actually-remove-pii/.
Related questions
- Can a multinational use ISO 15489 to build one global records policy, or does it still need separate schedules per country?
- Can blockchain or immutable storage be used for records when privacy laws require you to delete personal data on request?
- Can I keep customer data longer than my retention schedule says if I might need it later?
- Can I keep customer personal data indefinitely if they agreed to my privacy policy when they signed up?
- Can you be fined for failing to honor a data subject's deletion request if you can't find their records?