Federal Rule of Civil Procedure 5.2 establishes mandatory redaction requirements for documents filed with federal courts. Unlike HIPAA or state privacy laws that apply to specific industries, FRCP 5.2 applies to every attorney who files documents in federal court — making it one of the most universally relevant redaction rules in legal practice.
Despite its broad applicability, FRCP 5.2 violations remain common. Understanding what the rule requires, and implementing reliable processes to comply, is essential for every litigation practice.
What FRCP 5.2 Requires
Rule 5.2(a) mandates that unless the court orders otherwise, the following personal identifiers must be redacted from all electronic or paper filings:
Social Security numbers and taxpayer identification numbers. Only the last four digits may appear. A filing that references a party's SSN must display it as XXX-XX-1234, not the full number.
Dates of birth. Only the year may be included. A filing referencing a party's date of birth should show only the birth year, not the month or day.
Names of minor children. Only initials may be used. If a case involves a minor named John Smith, filings must reference the child as J.S.
Financial account numbers. Only the last four digits may appear. Bank accounts, credit card numbers, and other financial identifiers must be truncated.
Home addresses in criminal cases. In criminal proceedings, only the city and state may be listed for individuals — the full street address must be redacted.
When Exceptions Apply
FRCP 5.2(b) allows a party to file an unredacted document under seal, accompanied by a redacted version for the public record. This is common when the full personal identifiers are material to the case and the court needs access to complete information.
Rule 5.2(d) provides additional protection for Social Security cases and immigration cases, where filings are made under seal by default due to the inherently sensitive nature of the records involved.
Rule 5.2(h) also permits a court to modify the redaction requirements by protective order — either expanding them to cover additional categories or narrowing them when redaction would be impractical.
Common Compliance Failures
Attachments and exhibits. Attorneys often redact the body of a brief but forget that attached exhibits — medical records, financial statements, tax returns — contain the same identifiers. Every page of every attachment must comply with the same redaction requirements as the primary filing.
Metadata and hidden text. Electronically filed documents can contain metadata, tracked changes, or hidden text layers that include unredacted identifiers. Court filing systems like CM/ECF do not strip metadata automatically.
Inconsistent partial redaction. Redacting an SSN on page two but leaving it visible in a footnote on page eight is functionally the same as not redacting at all. Compliance requires thoroughness across the entire filing.
Relying on opposing counsel. Some attorneys assume that because opposing counsel produced a document containing personal identifiers, the filing party is not responsible for redacting them. This is incorrect. The filing party bears the obligation to redact regardless of who produced the original document.
Consequences of Non-Compliance
The consequences of filing unredacted personal identifiers range from judicial admonishment to sanctions. Courts have ordered attorneys to retrieve and re-file non-compliant documents, imposed monetary sanctions, and in egregious cases referred attorneys to disciplinary authorities.
Beyond formal sanctions, an unredacted filing exposes your client's personal information on PACER — a system accessible to the public for a nominal per-page fee. Once personal identifiers are on PACER, the practical ability to contain the disclosure is limited.
Building a Compliant Workflow
Create a pre-filing redaction checklist. Before any document is filed, verify that all five categories of personal identifiers have been addressed — not just in the primary document but in every attachment and exhibit.
Use automated redaction tools. Software like RedactLaw can scan entire filing packages for SSNs, dates of birth, minor names, financial account numbers, and addresses, flagging them for redaction before filing. Automated detection eliminates the risk of human oversight on large document sets.
Implement a second-reviewer protocol. The attorney who drafted the filing should not be the same person who performs the final redaction check. A fresh set of eyes — whether human or automated — catches what familiarity misses.
Scrub metadata before filing. Run all documents through a metadata removal tool before uploading to CM/ECF. This addresses hidden text, tracked changes, embedded comments, and document properties that may contain personal identifiers.
Conclusion
FRCP 5.2 compliance is not complex in concept — five categories of information, clearly defined redaction rules. The challenge is execution, particularly when filings involve voluminous exhibits or tight deadlines. By combining automated detection tools with structured review processes, firms can file with confidence that their documents meet federal court requirements every time.