Breach-investigation redaction is the removal of personal data from an incident case built after a suspected exposure. UK GDPR Art. 33 requires notification to the ICO within 72 hours. anonym.plus runs on your device, so impacted individuals are cleared while the timeline stays.
When this applies
An investigation lists impacted patients, the staff involved, and the access log. To brief leadership or prepare an ICO summary, that personal detail comes out first.
How anonym.plus handles it
- Open the case in anonym.plus on your device.
- Local OCR reads scanned notices and forms.
- It flags impacted names, staff, IPs, and timestamps.
- Confirm the flags and keep the root-cause notes.
- Swap each item for a label, or black it out.
- Save the cleaned case. The source stays local.
What you need to provide
- The case file (PDF, DOCX, CSV, or scan).
- An operator (Redact for a defensible summary).
- Optional list of impacted parties to label steadily.
Patient data entity types detected
| Category | anonym.plus entity type | Example |
|---|---|---|
| Patient | PERSON | impacted: 412 people → [PATIENT_n] |
| Staff | PERSON | involved RN Soto → [STAFF] |
| Staff ID | ID | user msoto → [USERNAME] |
| Network | IP_ADDRESS | 203.0.113.7 → [IP] |
| Dates | DATE_TIME | exposed 05/2026 → shifted [DATE] |
| Record IDs | MEDICAL_RECORD_NUMBER | NHS Nos. leaked → [NHS_NUMBER_n] |
Compliance achieved
- Supports incident handling under UK GDPR Art. 33 & DPA 2018.
- Clears patient names and the staff involved together.
- Offline work keeps a sensitive investigation inside the team.
Anonymise breach investigation files offline — see plans & start free →
Limitations & cautions
An investigation file is highly sensitive and must stay defensible. Never remove facts the ICO needs for its 72-hour notification. Clear the personal detail, keep a log of what changed, and confirm the redaction scope with your Data Protection Officer.
Frequently asked questions
What does an investigation file contain?
It lists the people exposed, the staff involved, the access records, and the cause. The personal detail can be cleared for briefings while the root cause is kept.
What does UK GDPR Art. 33 require?
It requires notification to the ICO within 72 hours of becoming aware of an incident. Redacting personal detail for internal summaries lowers further exposure during the response.
Are usernames and IPs cleared?
Yes. Access usernames, IPs, and timestamps are flagged with patient and staff names.