How to redact an email in Outlook or Office 365?

TL;DR

• Redacting an email is necessary to protect sensitive information and comply with privacy laws and regulations.
• There is no manual way to redact an email in Office 365, but senders can recall messages and receivers can delete or manually redact and send back to themselves.
• Strac Office 365 Email DLP (Data Loss Prevention) Redactor App is an automatic way to redact emails and attachments, with audit reports for compliance and security officers.
• Strac's app can also redact old emails to comply with privacy laws.
• Book a meeting with Strac for more information or to see redaction on your emails in 15 minutes.

Why is there a need to redact an email?

There is a need to redact an email to protect sensitive, confidential or personal information. Redaction helps to ensure that information such as

• Financial data like credit card numbers
• PHI -Medical records
• PII -Personal addresses and phone numbers
• Classified Documents
• Audio Containing Senstive PII ,PHI, Financial Data.

Additionally, redaction may be required to comply with privacy laws and regulations, such as the General Data Protection Regulation (GDPR) or the Health Insurance Portability and Accountability Act (HIPAA), or it may be required for compliance like SOC2, PCI (Payment Card Industry) DSS (Requirement 3). By redacting sensitive information, you can prevent potential harm or legal consequences for you and the individuals whose data is in the email.

Redacting an Email: The Basics

Email redaction is the process of removing or obscuring sensitive information from an email before it is sent. This practice is crucial for protecting personal data and maintaining privacy, especially in professional settings where confidential information may be shared. Typical data that should be redacted includes:

• Social Security numbers
• Bank account details
• Personal identification numbers
• Addresses
• Dates of birth

Understanding when and how to redact emails helps prevent data breaches and potential legal issues arising from unauthorized information disclosure.

You Cannot Redact an Email in Microsoft Outlook

It's important to note that Microsoft Outlook does not have a built-in feature for redacting emails. Once an email is sent, you cannot edit it to remove sensitive information. The only options available are to attempt to recall the email (which has limitations) or to send a follow-up email clarifying the mistake. 

‍

Therefore, using dedicated redaction tools before sending emails containing sensitive information is essential for ensuring data security.

‍

How to Redact an Email in Outlook/Office 365?

Strac Office 365 Email Redactor is the only way to automatically redact sensitive parts in an email body or sensitive attachments. There here is no way to manual way to redact an email in Office 365; however, you can take some manual steps to either recall if you are a sender OR delete what you received if you are a receiver. If a sender accidentally sends an email containing sensitive data, the sender can recall the message.

When Recalling an Email in Outlook Isn't an Option... What Next?

Sometimes, hitting "send" can be premature. And while recalling an email in Outlook is handy, it's not always guaranteed, especially if the recipient has opened your message. The solution? Use Outlook's delay delivery feature! It gives you a buffer to rethink, redact, or simply refine your emails before they're sent out.

Step 1: Launch Outlook and hit the 'File' button, top-left.‍

Step 2: Head down and select 'Manage Rules & Alerts'.‍

Step 3: In the window that pops up, go for 'New Rule'.

Step 4: A new dialogue will emerge. Select 'Apply Rule on Messages I Send', and then 'Next'.

Step 5: On the ensuing screen, just hit 'Next' again.

Step 6: Now, spot the 'Defer Delivery By a Number of Minutes' option. You can set your buffer time here (up to 120 minutes). Once done, hit 'OK' and then 'Next'.

Step 7: If you have certain emails or contacts you don't want the delay for, set those exceptions and continue by clicking 'Next'.

Step 8: Make sure 'Turn On This Rule' is checked, and then seal the deal with 'Finish'.

But is it an ideal solution? Absolutely Not! That's were redaction comes to play.

Recall Vs Redaction

Recall is a reactionary measure. It's something you'd use after realizing you made an error. It offers a way to potentially 'undo' sending an email, but with significant limitations based on the recipient's email provider and their actions.

On the other hand, redaction is a proactive measure. Before you even hit send, you're ensuring that the confidential information is obscured. It's a method of sending the necessary data without exposing sensitive details.

In a nutshell:

• Recall is the "Oops! Let me try to take that back" feature.
• Redaction is the "Let me cover this up before it goes out" tool.

While both serve the purpose of data protection in their own right, their methods, applications, and effectiveness vary. As you rightly pointed out, relying solely on recall can be risky, while redaction provides more assured protection of sensitive details

How to Recall an Email in Outlook Step-by-Step

While redaction is the most secure way to protect sensitive information in emails, sometimes users may need to recall an email that has already been sent. Microsoft Outlook offers a recall feature that can be useful in certain situations, although it has limitations. 

Here’s a step by step guide on how to recall an email in Outlook:

1. Open Outlook & go to the “Sent Items” folder.
2. Locate and double-click the email message that needs to be recalled. This will open the email in a new window.
3. In the message window, click on the “Message” tab in the top ribbon.
4. Look for the “Actions” dropdown menu. If using the simplified ribbon view, click on the three dots (…) icon on the right side of the ribbon.
5. Select “Recall This Message” from the dropdown menu.
6. A new window will appear with 2 options:
   
   • Delete unread copies of this message
   • Delete unread copies & replace with a new message
7. Choose the desired option & click “OK” to initiate the recall process.

It’s important to note that the success of an email recall depends on several factors:

• Both the sender & recipient must be using Microsoft Exchange or Microsoft 365 accounts within the identical organization.
• The recipient must not have seen the email yet.
• The email must not have been moved to a different folder by the recipient’s rules.

While the recall feature can be helpful in some cases, it’s not a foolproof solution for protecting sensitive information. Organizations handling confidential data should consider implementing more robust SaaS DLP solutions to prevent data leaks before they occur.

For businesses dealing with enormous volumes of sensitive data, a comprehensive sensitive data discovery and classification system can help identify potential risks before emails are sent. This proactive approach is far more effective than relying on email recalls.

Additionally, companies using various cloud applications should explore integrations that extend data protection across multiple platforms, ensuring consistent security measures throughout their digital ecosystem.

By combining email recall techniques with advanced data security posture management, organizations can significantly reduce the risk of accidental data exposure and maintain compliance with data protection regulations.

How to Redact an Email Before Sharing It with a Third Party

When you need to share an email containing sensitive information with a third party, follow these steps to effectively redact the necessary details:

1. Print the Email: Start by printing the email that contains sensitive information.
2. Scan the Document: After printing, scan the document and save it as a PDF file.
3. Use a Redaction Tool: Upload your scanned PDF document to a dedicated redaction software, such as Redactable. This software can help identify and redact personally identifiable information (PII) and other sensitive content.

‍

4. Select Items for Redaction: Utilize the software's intuitive interface to choose which items you want to redact.
5. Download the Redacted Document: Once you have made your selections, download the newly redacted document.

By following these steps, you can ensure that sensitive information is not disclosed when sharing emails with third parties, thus maintaining compliance with privacy regulations and protecting personal data.

‍

Why is Redaction a Better Option to Outlook's in-built Recall Feature?

Outlook/Office 365 comes with several limitations in recall feature such as:

1. Recipient's Email Client: The recall feature is specifically designed for Outlook. If the recipient isn't using Microsoft Outlook as their email client, you cannot recall the message.
2. Email Status: For a recall to be successful, the recipient should not have read the email. Once they've opened it, the recall option won't work as intended.
3. Recipient's Mailbox Configuration: If the recipient's Outlook is configured to deliver new messages directly to a folder other than the inbox (due to rules, for example), recalling the message will fail.
4. Notifications: When attempting to recall an email, Outlook might send a notification to the recipient informing them that you are trying to recall the message. This might draw more attention to the email you're trying to take back.
5. External Email Addresses: Recalling an email sent to addresses outside of your organization or domain (like Gmail, Hotmail, or live.com) is typically not possible.
6. Interruption: If the recipient is working on the email (e.g., moving or processing it with a rule), while you try to recall it, the recall might not be successful
7. Public Folders: If the email is saved to a public folder and someone reads it, the recall action will not be successful.

Strac for Email Data Loss Prevention in Office 365

Strac Office 365 DLP is a Data Loss Prevention (DLP) software. It masks (aka redacts) sensitive emails while allowing authorized users to view those emails in Strac UI Vault. To redact emails, a business can configure a list of sensitive data elements (SSN, DoB, DL, Passport, CC#, Debit Card, API Keys, etc.). Compliance, Risk and Security officers will also get audit reports of who accessed what messages and at what time.

With Strac's  integration, you can mask (aka redact) your customers' sensitive data in emails. It lets you redact (mask) documents automatically in seconds, from emails to pdf, docx, png, jpeg, doc, and xls attachments.

Is It Possible to Redact Old Emails?

Yes, Strac's Office 365 DLP can also look at older emails and redact all sensitive content from the body and sensitive attachments from email. This is a requirement for many of the compliance frameworks and privacy laws where businesses need to remove customer data from older emails once after the business function is done.

Read our other resources on Email Data security:

• Gmail Data Loss Prevention
• Complete Guide to Email Data Security