data.day
pii / governance / deal-killer / redaction

The Unredacted Payroll File That Ended the Conversation

A single file exposed personal data and signaled weak governance. The buyer assumed if we couldn't protect a Social Security Number, we couldn't protect their capital.

Elena Dossier Elena Dossier

One Click Can Cost You Millions

You believe that “oops” is an acceptable excuse in business. You think that if you upload the wrong file, you can just delete it and no one will notice.

In a Data Room, nothing goes unnoticed. Most modern rooms have a feature called “New Document Alert.” The moment you hit upload, fifty lawyers get an email. If that document contains toxic data, the damage is instantaneous.

The Red Flag: The Toxic Excel Sheet

The incident in question involved a healthy SaaS company. The founder, in a rush to meet a Friday deadline, dragged and dropped the HR folder into the Data Room.

He uploaded Master_Payroll_2024.xlsx.

He thought he was sharing salaries. He was actually sharing:

  • Social Security Numbers.
  • Home addresses.
  • Bank account routing numbers (for direct deposit).
  • A “Notes” column where the HR manager had written things like “Performance Plan - likely termination” and “Pregnancy leave starts June.”

The buyer’s counsel opened the file. They did not see a company ready for acquisition. They saw a lawsuit waiting to happen.

  • Privacy Violation: Sharing SSNs is a breach of data protection laws.
  • HR Liability: Documenting “likely termination” in a shared file suggests premeditation and bias.
  • Governance Vacuum: It proved nobody was checking the output.

The buyer walked away. They concluded that if the founder was this careless with his own team’s data, he would be reckless with the buyer’s capital.

The Protocol: Containment and Re-issuance

If you commit this error, you cannot simply “Undo.” You must execute a Containment Protocol.

Step 1: The Kill Switch Revoke access to the document immediately. Do not just delete the file; check the “Activity Log.” Did anyone download it?

  • If No: Delete and breathe.
  • If Yes: You are in damage control.

Step 2: The Admission You must contact the counterparty’s lead counsel. Do not pretend it didn’t happen.

  • The Script: “We identified an inadvertent upload of non-redacted PII in folder 3.0. The file has been removed. Please confirm deletion of any local copies immediately for compliance purposes.”
  • This shifts the frame from “incompetence” to “compliance.”

Step 3: The Sanitized Re-issuance You must immediately replace the file with the correct version. Create a new version: Employee_Census_Anonymized_v1.pdf.

  • Remove names. Use IDs (Employee #001).
  • Remove PII columns entirely.
  • Convert to PDF to prevent un-hiding of columns.

[TO EDITOR: Guidance for illustration. A workflow diagram. Step 1: ‘Raw Excel’ -> Step 2: ‘Sanitization Tool’ (Masking names/PII) -> Step 3: ‘PDF Conversion’ -> Step 4: ‘Upload’.]

The Lesson

There is no such thing as an “internal draft” once it hits the upload bucket. Treat every file as if it will be read by a judge, a competitor, or a tax auditor.

Because in M&A, it usually is.

FAQs

We accidentally uploaded PII. Should we just delete it?

Deleting it is step one. But you must also notify the other side's lead counsel immediately. Trying to hide the mistake makes it a cover-up.

Is it okay to share salaries?

Salaries, yes. But anonymize the names in the early stages. 'CTO: $180k' is fine. 'Jane Doe: $180k' is unnecessary exposure.

How do we check for hidden data?

Use the 'Inspect Document' feature in Excel/Word to remove metadata, hidden rows, and invisible content before converting to PDF.