PII preflight checklist for client PDFs
Run this checklist before any PDF containing client or employee data leaves your workspace: payslips, W-2 packets, exhibits, diligence documents, or client exports. The goal is a documented check, so you can show it happened, not just say it did.
Scan for sensitive patterns
- Run an automated PII scan on the final document. Vault PDF's PII preflight checks locally for Social Security numbers, account and routing numbers, and other common sensitive patterns without uploading the file.
- Search manually for identifiers automation can miss: full names paired with dates of birth, internal employee IDs, client matter numbers, and email addresses.
Check what the page does not show
- Review hidden metadata: author, title, comments, and tracked revisions can carry names and client identifiers. Strip metadata before export.
- If any content was redacted, verify the redaction is permanent, not a black box overlay. See the certified redaction QA checklist for the full verification steps.
- Check for appended pages, embedded attachments, and bookmarks that may contain data from another client or an earlier draft.
Confirm the destination
- Verify the recipient list. Multi-client consultants should confirm the packet contains only one client's data.
- Avoid routing the file through a free cloud converter for a last-minute merge or compress. That puts the document on third-party infrastructure after your check already ran.
Document the check
- Keep evidence that preflight ran: Vault PDF records a PII preflight entry in the audit log and issues a signed deletion receipt per job.
- Export the audit log periodically so you can answer a client or regulator's questions about any document after the fact.
PII preflight, receipts, and audit logs are included in Vault PDF plans, see pricing or the Trust Center for how the proof model works.