Redaction for HR: Employee Records, SARs, and Tribunal Bundles

This article is for general informational purposes only and does not constitute legal advice. Regulatory requirements vary by jurisdiction and change over time. Consult a qualified legal professional for advice specific to your organisation's circumstances.

Why HR redaction is different

HR documents contain personal data about multiple people in close proximity. A grievance file might include statements from the complainant, the respondent, three witnesses, two managers, and an external mediator. A Subject Access Request (SAR) for one employee requires you to redact everyone else's personal data from those same documents.

This creates a layered redaction problem. The data subject gets their own information. Everyone else's information comes out. But "everyone else's information" might be scattered across 200 pages of emails, meeting notes, and investigation reports - not neatly organised but threaded through narrative text where one person's account references another by name, role, or description.

Compare this with financial document redaction, where personal data tends to appear in structured fields (account holder name, sort code, address). HR documents are messier. A line manager's email might say "I spoke to the team member who raised the issue last Tuesday" - no name, but potentially identifying if the reader knows who raised the issue.

The documents HR teams typically redact

Subject Access Requests are the most common trigger. Under GDPR, an employee (or former employee) can request all personal data the organisation holds about them. HR responds by gathering everything - emails, performance reviews, absence records, meeting notes, payroll data - and redacting third-party personal data before disclosure. For a detailed walkthrough of the disclosure process, see our guide on redacting documents for disclosure.

Employment tribunal bundles often require redaction of irrelevant personal data. If a tribunal case concerns unfair dismissal, the bundle might include documents that reference other employees' disciplinary matters, health information, or personal circumstances that aren't relevant to the claim. Tribunals expect parties to redact irrelevant personal data from their bundles.

Internal investigations generate documents that may later need sharing with external parties - legal advisors, insurers, regulators. Witness statements, interview notes, and investigation reports all contain personal data from multiple individuals.

Redundancy and restructuring paperwork can contain scoring matrices, selection criteria assessments, and comparative data about multiple employees. If one individual requests their data, the others' information needs removing.

Salary and pay data - a high-risk category

Salary information is personal data, but it often behaves differently from other PII in HR documents. It doesn't appear in dedicated "salary" fields. It turns up in budget spreadsheets, restructuring business cases, job offer letters, settlement agreements, and sometimes in email chains where a manager has forwarded a pay review decision.

The disclosure risk is compounded by context. A raw salary figure is personal data. But a salary figure alongside a job title, age bracket, and protected characteristic becomes special category-adjacent - it can reveal pay discrimination patterns that the organisation may have legitimate reasons to protect commercially or legally.

When redacting salary data in HR documents, the practical questions are:

• Whose salary is it? If a document shows the requesting employee's own salary, that's their data - it stays in. If it shows a colleague's, it comes out.
• Does the aggregated data identify individuals? A pay band breakdown showing one person in a band effectively discloses that person's salary range. Redact it or aggregate further.
• Is the document a settlement agreement? These typically include payment terms that are confidential - redact monetary figures when disclosing copies to anyone other than the signatory.
• Is there a gender pay gap reporting obligation? UK organisations with 250 or more employees are required under the Equality Act 2010 to publish aggregated gender pay gap data annually. That published data is not confidential. But the underlying salary data used to calculate it is still personal data and must be treated accordingly if it appears in a disclosed document.

Automated detection tools will catch salary figures expressed as numbers (£45,000, £25.50/hr) but often miss contextual salary references ("the top of the pay scale for that grade" or "the restructured role attracts a higher band"). Run automated detection first, then review narrative sections manually with salary context in mind.

For tribunal bundles involving equal pay claims, this becomes especially sensitive. The entire premise of the case may rest on salary comparators. Get legal advice on what the tribunal requires you to disclose before redacting anything from those specific documents.

Practical workflow for HR redaction

Keep your unredacted originals separate. Every redaction should be performed on a copy, with the original retained securely under your normal retention policy. This protects you if a redaction decision is challenged later.

Consolidate documents by request, not by file type. When responding to a SAR, gather everything responsive to that individual and work through it as a set. This way you maintain context - if "Sarah" appears in Document A, you know to check for "Sarah", "S. Thompson", and "the team member who joined in March" across all documents in the set.

Use automated detection as your first pass. A tool that scans for names, dates, NI numbers, and other standard PII types across the full document set catches the straightforward instances. Manual review then focuses on the harder cases - contextual identification, partial references, and information that's only identifying because of what else is in the bundle.

Apply pixel-burn redaction. This is not optional for external disclosure. Overlay redaction that leaves text recoverable is a data breach - not a technicality, a real liability.

Before releasing any documents, have someone who wasn't involved in the redaction review a sample of the output. Fresh eyes catch what tired ones miss.

RedactProof handles the detection and redaction entirely in your browser - documents are processed locally and are not uploaded to our servers. It detects 40+ PII types including names, NI numbers, salary figures, and health data automatically.

Common HR redaction pitfalls

Email chains are particularly problematic. The same email thread might be printed or saved multiple times, with different amounts of the chain included. Redacting a name in one copy but missing it in another version of the same thread is embarrassingly common. Before you finalise a SAR response, check for duplicates.

Absence records and return-to-work notes often contain health information that qualifies as special category data under GDPR Article 9. This requires extra care - not just redaction but also consideration of whether the document should be included in the disclosure at all.

Payroll data surfaces in unexpected places. A budget spreadsheet might include individual salary figures alongside project allocations. A purchase order might reference an individual's expense claim with their home address. Neither looks like "HR data" at first glance.

Calendar entries and meeting invites contain attendee names, times, and sometimes agenda items that reference individuals. These are easy to overlook when compiling a SAR response.

Disciplinary and performance documents sometimes include transcripts, particularly where formal hearings were recorded. Transcripts are dense with names, job titles, dates, and direct quotes - all of which need reviewing line by line. Automated detection helps but won't catch everything in a 60-page hearing transcript.