Redaction of private information that is contained within electronic data is essential to ensuring the privacy of natural persons whenever data is repurposed for secondary uses, such as research or marketing studies. Several governmental agencies have passed regulations regarding the protection of private information held by companies, and often impose severe penalties on companies that leak or otherwise disclose personally identifiable information (PII) in the company's possession. As a result, applications that automatically redact or remove private information from electronic data are in high demand.
In order to meet customer demand and provide competitive products, software vendors need to deliver frequent updates to their automated data redaction (ADR) applications. Many software vendors provide their customers with frequent software updates by delivering their applications to the customer over the Internet (e.g., cloud-based software), and running the applications on the vendors' own facilities. However, by running such applications on its own facilities, a vendor is exposed to any private information included within the electronic data sent from the customer, and processed by the vendor-side ADR application. By processing private customer data within its own facilities, a vendor increases its risk of data breaches and improper disclosure of customer PII. This risk is particularly acute for vendors providing ADR applications, as the underlying data being processed by such applications frequently contains significant amounts of private information, including PII.