Redacting Insurance Claim Documents: What Claims Handlers Need to Know

A motor claim arrives from a third-party claimant's solicitor. The file includes a police report naming six witnesses, a GP medical report on a person who isn't your policyholder, a handwritten witness statement, dashcam footage metadata, and your claims handler's internal notes. You need to share a copy of the file with your reinsurer. Every document in that bundle contains personal data that doesn't belong to the recipient - and some of it is special category data under UK GDPR.

Insurance claim files are among the most data-dense documents in any industry. A single motor claim can touch the personal data of a policyholder, a claimant, multiple witnesses, a treating GP, a solicitor, and a police officer - often in the same document. For claims handlers, compliance teams at brokers and MGAs, and adjusters preparing files for third-party sharing, getting redaction right is not optional under UK GDPR, the Data Protection Act 2018, or the FCA's Consumer Duty framework.

This guide walks through a typical insurance claim file - motor, liability, and health - and identifies what to redact before sharing with each type of recipient. It covers the specific regulatory requirements that apply to claim data and ends with answers to the questions we hear most often from claims teams.

What the regulations actually require from claims handlers

UK GDPR Article 5(1)(c) - the data minimisation principle - means that personal data shared for a particular purpose should be limited to what is necessary for that purpose. A reinsurer reviewing exposure on a liability claim does not need witness names. A solicitor acting for a claimant does not need the policyholder's medical history from a previous unrelated claim. Sharing more than necessary is a breach, not a technicality.

The FCA Consumer Duty (effective July 2023 for new products, July 2024 in full) adds a further layer for FCA-authorised insurers and intermediaries. Principle 12 and the associated rules require firms to deliver good outcomes for retail customers - which the FCA has indicated includes handling claims fairly and communicating clearly. In 2025-26, the FCA identified claims handling as a priority supervisory focus, with data access and customer outcomes at the centre. Sharing inadequately redacted claim files, or using claim data beyond the purpose for which it was collected, creates Consumer Duty exposure alongside GDPR risk.

Special category data under Article 9 of UK GDPR - which includes health information, data about criminal convictions, and religious or ethnic background - attracts a higher protection standard. Insurance claim files routinely contain medical reports, police reports, and records of criminal proceedings. Each of these falls into at least one special category. Processing them (including sharing them) requires an Article 9 condition in addition to a lawful basis under Article 6.

Schedule 1 of the Data Protection Act 2018 provides the specific conditions for processing special category data in the insurance context. The ICO's guidance on special category data is the practical reference for understanding which conditions apply in which circumstances.

Walking through a typical claim file: what to redact and where

The sections below use a motor third-party liability claim as the primary example, with notes where liability and health claims differ materially. The claim involves a policyholder, a third-party claimant represented by solicitors, four witnesses, a police report, a GP report, and a surveillance record.

Police report

Police reports in motor and liability claims typically contain: officer names and warrant numbers, witness names and contact details, statements from all parties, vehicle registration and description details, and sometimes records of prior driving offences or outstanding matters.

Before sharing a police report with any external recipient:

• Officer personal details (home address if present, personal mobile numbers) - redact. Officers' warrant numbers are appropriate to keep if operationally relevant.
• Witness names and addresses - redact unless the specific recipient has a legitimate need to contact the witness (e.g. a solicitor managing that witness's representation, not a reinsurer reviewing aggregate exposure)
• Third-party personal data not related to the claim - redact. If the report covers an unrelated incident involving the same location, that material should be removed entirely.
• Records of prior offences or investigations that are not directly relevant to the current claim - seek legal advice before including. Sharing information about spent convictions may create additional data protection obligations.

Medical report (GP or specialist)

Medical reports are special category data without exception. The treating GP's report on a claimant's injuries will contain diagnosis, treatment history, medication, and often background health information that the GP considered relevant context. Insurers routinely receive these under the Medical Reports Act 1988 or as part of litigation disclosure. The question is not whether you can process them - the claim legitimately requires it - but how much of the report needs to travel with the file when you share it.

• Background health information not relevant to the claimed injury - redact before sharing with third parties. If the claimant has diabetes and the claim is for a whiplash injury, the diabetes information is out of scope for a reinsurer or third-party administrator.
• Names of other healthcare providers or referenced specialists - may need redaction if their involvement is not directly relevant to the claim outcome
• Medication names and treatment details for unrelated conditions - redact. Only the information pertinent to the specific injury and prognosis should travel outside the claims handling chain.
• The claimant's address and date of birth as they appear in the report - keep in the version shared with the claimant's own solicitor (they already hold it); redact from any version shared with parties who don't need it for their function

Witness statement

Witness statements contain the witness's name, contact details, account of events, and sometimes their occupation or relationship to the parties. When sharing with solicitors acting for a party, the statement content is generally disclosable - that is its purpose. The question is who else receives it.

• Witness contact details (home address, phone number, email) - redact from any version shared beyond the parties who need to contact the witness
• Occupation or employer if not relevant to the claim - redact
• Any personal detail the witness has included beyond the factual account - review each statement individually

If a witness is also a data subject with their own DSAR rights and later makes a Subject Access Request, the tension between their right of access and third-party protection creates a specific challenge. The ICO's guidance on SARs and third-party data covers how to balance these competing interests.

Claim form (policyholder and claimant details)

The claim form is the document that contains the most concentrated PII: full name, address, date of birth, policy number, NI number in some cases, bank account details for payment, vehicle registration, employment details where income loss is claimed, and sometimes details of prior claims or incidents.

• Bank account details - redact from any shared version. The insurer's payments team needs them; a reinsurer, a loss adjuster reviewing liability, and external legal counsel do not.
• NI number - redact from external sharing unless specifically required
• Prior claims history references - these may be commercially sensitive and contain additional personal data. Share only what's directly relevant to the current claim.
• Employment and income details - redact from any recipient whose function doesn't require them to assess quantum

Surveillance evidence and investigation reports

Where insurers instruct surveillance in fraud or exaggeration cases, the investigation report may contain photographs, video metadata, location data, observations about daily activities, and potentially information about third parties who appeared incidentally in the footage. This is high-sensitivity personal data.

• Third-party individuals captured incidentally - faces, vehicle registrations of uninvolved parties - should be obscured or removed before any sharing
• Investigator identity and methodology - may need to be protected in reports shared with the claimant's representatives, especially where ongoing investigation is possible
• Location data and activity logs - share only to the extent necessary for the purpose of the disclosure

Who you are sharing with changes what you redact

The same claim file needs different treatment depending on the recipient. A version prepared for a reinsurer is not the same as a version disclosed to the claimant's solicitor, which is not the same as a version transferred to a panel firm handling litigation. The table below summarises the approach.

Sharing with the claimant's solicitor: They act for the claimant and are entitled to the information relevant to the claim. Redact third-party witness contact details (not the statements themselves), investigator methodology where ongoing investigation exists, and any policyholder data that is commercially sensitive and not in dispute.

Sharing with a reinsurer: The reinsurer needs loss data, exposure information, and the facts of the claim. They do not need witness contact details, individual medical report background sections, bank account information, or NI numbers. Apply data minimisation actively - share the facts of the claim, not the entire personal data file.

Sharing with a loss adjuster or third-party administrator: Define the scope of their instructions. They should receive the documents relevant to their function. A loss adjuster assessing quantum needs the medical report; they don't need the full police report. Build redaction scope around the instruction mandate.

Sharing with the policyholder: If the policyholder requests a copy of their claim file, treat it as a Subject Access Request. They are entitled to their own personal data but not to third-party personal data about the claimant, witnesses, or other parties. See our guide to

See our guide to redacting documents for disclosure for the full SAR workflow.

Why the redaction method matters for insurance files

Overlay redaction - placing a black rectangle over text in a PDF - does not remove the underlying data. The text layer remains in the file and can be extracted by anyone who copies and pastes or uses a PDF reader with text extraction. The ICO has explicitly flagged this risk in its guidance on secure document disclosure. For insurance files containing special category data - medical reports, police records - overlay redaction is not an adequate method.

Pixel-burn redaction converts the document to an image at the point of redaction, permanently destroying the text layer beneath. This is the appropriate method for any insurance document shared externally. The redacted text cannot be recovered regardless of the tools used by the recipient.

Read more on the technical difference in our guide to common redaction mistakes.

The redaction log: making your process defensible

Regulated firms handling significant claim volumes are increasingly expected to demonstrate consistent, documented redaction processes - not ad hoc decisions made under deadline pressure. A redaction log doesn't need to be complex. For each file prepared for external sharing, note:

• Document reference and claim number
• Recipient and the purpose of sharing
• Documents included in the shared bundle
• Categories of information redacted and the basis (data minimisation, third-party protection, special category data protection)
• Who reviewed and authorised the disclosure
• Date and method of transmission

This log stays internal. It is your evidence base if a complaint is made to the ICO, if a data subject argues their data was mishandled, or if the FCA later asks how you handled a specific claim file. The ICO has issued enforcement action against insurers for inadequate data handling in claims contexts - having a documented, consistent process is the clearest mitigation.

A downloadable redaction policy template suitable for insurance teams is available at /resources/redaction-policy-template.

Compliance teams: the broader document landscape

Claims files are just one category of insurance document that requires careful redaction. For compliance teams supporting wider business functions - regulatory submissions to the FCA, employee records involved in internal investigations, broker due diligence files - the principles are the same but the specific redaction points differ. Our guide to document redaction for compliance teams covers audit reports, regulatory submissions, and investigation files in detail.

RedactProof processes insurance claim files directly in your browser. Documents are not uploaded to servers. The AI detection engine identifies 40+ types of PII - names, addresses, medical identifiers, financial data, NI numbers - across every page, and pixel-burn redaction permanently removes them.