September 22, 2022
 min read

How to redact an email in Gmail?

Eliminate security attacks and comply with privacy laws


You've probably seen a warning like this in many digital services, from emails to forms. But creating these warnings for your customers may seem extraneous. After all, what does it matter if sensitive information is sent, so long as the sender trusts the receiver?

Why Should I Redact An Email

Security Reasons

If a customer emails sensitive data like a Social Security Number (SSN), the business hosting that email server is liable if that SSN is leaked. After a data breach, affected customers will often jointly sue the company responsible via a class-action lawsuit. In these suits, multimillion-dollar settlements are the norm. According to a 2022 IBM report, the average total cost of a data breach is $4.35 million, up from 2021. For companies in "critical infrastructure," such as financial services or technology, this number rose to $4.82 million.

Unfortunately, one need not look far for real-world examples of this. This week alone, genetics company Ambry Genetics agreed to pay $12.25 million to customers affected by a patient data breach. The cause of the data? A hack of an Ambry email account. But even Ambry's leak pales compared to Robinhood's recent settlement of $20 million to victims of its data breach. These are just two examples from the past several weeks, to say nothing of the numerous examples in the years prior. Thus, the costs of inaction around data are high.

Legal Compliance

A data breach can result in a class-action lawsuit requiring your company to pay enormous damages, and it can lead to a host of other issues. For one, data breaches damage trust with existing customers. They may choose to take their business elsewhere. Data breaches also make potential customers think twice about working with you. After all, who wants to put their water in a leaky bucket? All in all, data breaches can be catastrophic for businesses. Consequently, data privacy is an area of increasing legal and political interest, as seen in the passage of legislation worldwide to protect consumers' data. In the United States today, there is a patchwork of different data privacy laws, each about a specific area. Internationally, the situation can look a little different. The European Union's General Data Protection Regulation (GDPR)  establishes a "right to delete" for customers for their data being held by a private company. This means companies must delete all data a customer created on their servers, should the customer ask. This "right to delete" law is one of the strongest worldwide. It has also led to similar privacy laws being adopted in the United States at the state level. The California Consumer Privacy Act (CCPA) similarly establishes the right to request that a company delete customers' information. Though California's CCPA is comparatively strong, laws like this are still the exception, not the norm, in the United States. However, this is starting to change, with states like Colorado and Virginia recently passing similar laws. With a shifting legal environment, companies must be prepared to comply with data privacy requirements. It may be required for compliance like SOC2, PCI (Payment Card Industry) DSS.

How can you manually redact an email?

Sender: If a sender accidentally sends an email containing sensitive data, the sender can recall the message.


Receiver: Once you receive an email that contains sensitive data, you can either delete or manually copy the email, mask the sensitive data, and send it back to yourself.


This is highly time-consuming, especially on a larger scale. Worse yet, it opens the door to human errors. In a data breach, even the tiniest oversight can open a company to legal liability, loss of customer trust, and significant expenses in damages.

Is there an automatic way to redact an email?

Strac Gmail Redactor App is a Data Loss Prevention (DLP) software. It masks (aka redacts) sensitive emails while allowing authorized users to view those emails in Strac UI Vault. To redact, a business can configure a list of sensitive data elements (SSN, DoB, DL, Passport, CC#, Debit Card, API Keys, etc.). Compliance, Risk and Security officers will also get audit reports of who accessed what messages and at what time.

With Strac's 15-minute integration, you can mask (aka redact) your customers' sensitive data in emails. Then, instead of a time-consuming and error-prone process, redact documents automatically in seconds, from emails to pdf, docx, png, jpeg, doc, and xls files.  

Strac: Email Auditor - Detect & remove sensitive personal data (PII/PHI) from email | Product Hunt

Any questions?

If you have questions or want to see redaction on your emails in 15 minutes, please book a meeting with us.

Founder, Strac. ex-Amazon Payments Infrastructure (Widget, API, Security) Builder for 11 years.

Latest articles

Browse all