We have public records requests we are emailing outside of our institution that include PDF files redacted with Adobe Acrobat DC. When we send these files as attachments, they are triggering our Microsoft Exchange (Hosted O365) Data Loss Prevention (DLP) rules that block SSN data from being transmitted to outside email recipients. I talked to MS support and they asked me to contact Adobe. MS thinks the data still exists in the PDF, but is only "masked" from view, and not removed. Our employee states that the actions she takes is: "marks for redaction", then selects "apply". Could someone tell me if this process only masks the data, or if it removes the SSN's data?
If they indeed applied the redactions then that information is gone for good. However, it's possible that not all instances of all SSNs were redacted, or that that information is available elsewhere in the file (for example, in the metadata).
Yes! Most likely the cause of the problem!