An accounting firm uploads a client's tax return to share with an auditor. The return contains the client's Tax File Number, ABN, bank account details, and home address. Manually redacting these in Adobe Acrobat takes 15–20 minutes per document — and misses things.

The manual redaction problem

Manual redaction is slow, inconsistent, and error-prone. Adobe Acrobat's redaction tool requires you to find each sensitive item, draw a box around it, and apply the redaction. Miss one TFN on page 47 and you've just shared it with someone who didn't need to see it. Multiply this across dozens of documents per engagement and you've got hours of tedious, high-stakes work.

How AI changes this

AI-powered PII detection scans the entire document in seconds. Using a combination of pattern matching (regular expressions for known formats like TFNs, ABNs, BSBs) and large language model analysis (for contextual detection of addresses, names, and unusually formatted identifiers), the system returns a list of every sensitive item found — with type, location, and confidence score.

Australian-specific patterns

Generic PII detection tools are trained on US Social Security Numbers and UK National Insurance Numbers. They miss Australian-specific identifiers. A purpose-built system detects: Tax File Numbers (9 digits with Luhn validation), Australian Business Numbers (11 digits), BSB numbers (6 digits), bank account numbers (8–12 digits), Medicare numbers (10–11 digits), and Australian phone number formats.

The review-then-redact workflow

AI detection isn't magic — it needs human review. The best workflow shows the admin every detected item with a severity rating (high for TFNs and bank details, medium for addresses, low for phone numbers). The admin toggles which items to redact and which to leave visible. A redacted copy is generated; the original is preserved for the admin. Guests only see the clean version.

What this means for your practice

A 20-minute manual task becomes a 2-minute review. Consistency improves because the AI doesn't get tired at 4pm on a Friday. Compliance improves because nothing gets missed. And your clients' most sensitive data stays protected by default.