Tech-Zone Article: Your Black Boxes Aren't Hiding Anything

Check out the "Work Opportunities for CA Firms" on CA-Link

Your Black Boxes Aren't Hiding Anything

If I Can Still Copy-Paste It, It's Not Redaction. It's Ugly Interior Design.

Every day, Chartered Accountants share documents containing PAN, Aadhaar, GSTIN, bank account details, financial statements, and other confidential information.

Many believe that drawing a black box over sensitive text is enough.

Unfortunately, in many cases, the information remains fully recoverable.

As AI bluntly puts it:
"If I Can Still Copy-Paste It, It's Not Redaction. It's Ugly Interior Design."

Let's see how professional redaction actually works. ...

AI: "Hey, why are you scribbling black boxes on your important documents?"

CA: "I'm not scribbling. I am redacting the sensitive information on my document"

AI: "Why do you redact? Don't you trust me?"

CA: "Trust you? You AI bots are too gossipy."

AI: "Excuse me?"

CA: "Every day people upload contracts, financial statements, legal notices, tax papers..."

AI: "That's called helping."

CA: "That's called knowing everybody's business."

AI: "This is one human trait we have successfully adapted: gossip."

CA: "Exactly why I redact."

AI: "So, you think you're hiding it from me? Seriously?"

CA: "Of course I am."

AI: "That's adorable."

CA: "Meaning?"

AI: "Meaning that drawing a black rectangle over text is not always redaction."

CA: "Of course it is! If I can't see the text, it's gone."

AI: "Really? Try copying and pasting it."

CA: "..."

AI: "Well?"

CA: "...the text is still there."

AI: "Congratulations. You have hidden the text from humans while leaving it visible to computers."

CA: "That's bad, isn't it?"

AI: "Let's just say that if I can still copy-paste It, it's not redaction. It's ugly interior design."

CA: "Ouch."

AI: "Don’t worry. Today I’ll show you how to do proper redaction like a professional CA."

Why This Matters for CAs:

As a Chartered Accountant, you deal with highly sensitive client data daily — PAN numbers, Aadhaar details, bank accounts, GSTIN, financial statements, and tax audit reports.

A single redaction failure can lead to:

• Breach of client confidentiality (ICAI Code of Ethics)

• Potential penalties under the Digital Personal Data Protection (DPDP) Act, 2023

• Loss of client trust

• Serious professional and legal consequences

Yet most CAs still use the dangerous “black box” method.

THE REDACTION RULE:
If confidential information can still be copied, searched, extracted, or recovered, it was never truly redacted.

The Three-Minute Redaction Test

After redacting:

Test 1: Copy-Paste Test

Select the redacted area.

Paste into Notepad.

If confidential text appears:

> Redaction failed.

Test 2: Search Test

Search for:

• PAN
• Aadhaar digits
• client name
• account number

If search finds it:

> Redaction failed.

Test 3: Open on Another Computer

Don't trust what you see on your own screen.

Open the final document elsewhere.

Verify again.

Now, see how you can redact in the right way.

Method 1: Use a PDF Editor's Redaction Tool

This is the correct method.

Steps:

(i) Open the PDF in a capable editor.
(ii) Select the dedicated Redaction tool (not the highlight or rectangle tool).
(iii) Mark the sensitive content.
(iv) Apply Redaction (this permanently removes the text layer).
(v) Save as a new file.

The important point is that the software should remove the underlying text, not merely cover it.

Test it:

• Try selecting the redacted area.
• Try copying and pasting.
• Try searching for the redacted text.

If it still appears, the redaction failed.

Method 2: Convert to Image (When Appropriate)

If you're sharing only a few pages and don't need searchable text, one approach is:

1. Redact the information.
2. Print to image/PNG.
3. Create a fresh PDF from the image.

Since the page is now just a picture, the original text layer is gone.

Caution: This may affect accessibility, searching, and OCR.

This is more of a practical workaround than a professional redaction workflow.

Method 3: Redact in Word Before Creating the PDF

Many CAs already work in Word — use it to your advantage.

Steps:

• Convert PDF to editable Word (using Edge or Adobe).
• Use Find & Replace to change sensitive data to [REDACTED], XXXXXX, or Client Details Removed.
• Save the edited document as a fresh PDF.

This method physically removes the original text instead of hiding it.

Suppose a PDF contains:

> PAN: ABCDE1234F

Open it in Word (if the PDF converts properly).

Then:

* Use Find and Replace.
* Replace the confidential data with:

* XXXXXXXX
* [REDACTED]
* Client Name Removed
* etc.

Now save a fresh PDF.

The original text is actually replaced.

The confidential information no longer exists in the document.

Caution: Not ideal for official submissions or lengthy documents.

Method 4: Always Remove Hidden Metadata

Many users forget this.

Even if visible text is removed:

• document properties,
• comments,
• tracked changes,
• hidden text,
• author fields,

may still contain information.

Before sharing:

• Inspect document properties.
• Remove comments.
• Accept/reject tracked changes.
• Remove hidden content.

How Bad Redaction Fails

You could use something like:

Before:

> Client Name: ABC Pvt Ltd
> PAN: ABCDE1234F
> GSTIN: 27ABCDE1234F1Z5

Bad Redaction:

Black rectangles drawn over the text.

Result:
> Looks redacted.
> PAN still visible to anyone who knows how to copy and paste.

Good Redaction:

> Client Name: [REDACTED]
> PAN: [REDACTED]
> GSTIN: [REDACTED]

or use a proper PDF redaction tool.

Result:

> Information removed.

CA: "So redaction means removing information, not merely hiding it?"

AI: "Exactly."

CA: "And a black box isn't proof that the information is gone."

AI: "Correct."

CA: "So what's the golden rule?"

AI: "Simple."

AI: "If I can still copy-paste it, it's not redaction."

AI: "It's ugly interior design."

CA: "Point taken."

Before sharing any document with clients, regulators, consultants, auditors, software vendors, AI tools, or the public, spend three extra minutes verifying your redaction.

Those three minutes may be the difference between protecting confidential information and accidentally disclosing it.

Because in professional practice, information that can still be recovered was never truly redacted in the first place.

Explore more articles in "Tech Zone"

Get a new Tech Tip daily on whatsapp

Important Updates