Redaction for HR: Employee Records, SARs, and Tribunal Bundles

Why HR redaction is different

HR documents contain personal data about multiple people in close proximity. A grievance file might include statements from the complainant, the respondent, three witnesses, two managers, and an external mediator. A SAR response for one employee requires you to redact everyone else's personal data from those same documents.

This creates a layered redaction problem. The data subject gets their own information. Everyone else's information comes out. But "everyone else's information" might be scattered across 200 pages of emails, meeting notes, and investigation reports - not neatly organised but threaded through narrative text where one person's account references another by name, role, or description.

Compare this with financial document redaction, where personal data tends to appear in structured fields (account holder name, sort code, address). HR documents are messier. A line manager's email might say "I spoke to the team member who raised the issue last Tuesday" - no name, but potentially identifying if the reader knows who raised the issue.

The documents HR teams typically redact

Subject Access Requests are the most common trigger. Under GDPR, an employee (or former employee) can request all personal data the organisation holds about them. HR responds by gathering everything - emails, performance reviews, absence records, meeting notes, payroll data - and redacting third-party personal data before disclosure.

Employment tribunal bundles often require redaction of irrelevant personal data. If a tribunal case concerns unfair dismissal, the bundle might include documents that reference other employees' disciplinary matters, health information, or personal circumstances that aren't relevant to the claim. Tribunals expect parties to redact irrelevant personal data from their bundles.

Internal investigations generate documents that may later need sharing with external parties - legal advisors, insurers, regulators. Witness statements, interview notes, and investigation reports all contain personal data from multiple individuals.

Redundancy and restructuring paperwork can contain scoring matrices, selection criteria assessments, and comparative data about multiple employees. If one individual requests their data, the others' information needs removing.

Practical workflow for HR redaction

Keep your unredacted originals separate. Every redaction should be performed on a copy, with the original retained securely under your normal retention policy. This protects you if a redaction decision is challenged later.

Consolidate documents by request, not by file type. When responding to a SAR, gather everything responsive to that individual and work through it as a set. This way you maintain context - if "Sarah" appears in Document A, you know to check for "Sarah", "S. Thompson", and "the team member who joined in March" across all documents in the set.

Use automated detection as your first pass. A tool that scans for names, dates, NI numbers, and other standard PII types across the full document set catches the straightforward instances. Manual review then focuses on the harder cases - contextual identification, partial references, and information that's only identifying because of what else is in the bundle.

Apply pixel-burn redaction. This is not optional for external disclosure. Overlay redaction that leaves text recoverable is a data breach.

Before releasing any documents, have someone who wasn't involved in the redaction review a sample of the output. Fresh eyes catch what tired ones miss.

Common HR redaction pitfalls

Email chains are particularly problematic. The same email thread might be printed or saved multiple times, with different amounts of the chain included. Redacting a name in one copy but missing it in another version of the same thread is embarrassingly common.

Absence records and return-to-work notes often contain health information that qualifies as special category data under GDPR Article 9. This requires extra care - not just redaction but also consideration of whether the document should be included in the disclosure at all.

Payroll data sometimes appears in unexpected places. A budget spreadsheet might include individual salary figures alongside project allocations. A purchase order might reference an individual's expense claim with their home address.

Calendar entries and meeting invites contain attendee names, times, and sometimes agenda items that reference individuals. These are easy to overlook when compiling a SAR response.