Postmortems Practical By Samson Tanimawo, PhD Published Jun 10, 2025 4 min read

Postmortem Anonymization

Strip PII.

What to scrub

Customer identifiers: emails, names, account IDs. Replace with placeholders.

Internal hostnames or IP addresses that identify private services.

Sensitive product detail: feature flags, A/B test names, business-sensitive context.

Service names (after assessment). Public services usually OK; internal ones depend.

Technical detail: error messages, log excerpts, metric values. The lesson is technical.

Timeline: dates, durations, sequence. The narrative is the value.

Anonymisation pipeline: regex-based scrubs of common patterns. Email addresses, IPs, customer IDs.

Pre-publish review: human checks for things automation missed.

Periodic audit: random sample of published postmortems checked for leaks.

Internal vs external. Internal versions less aggressive; external versions tightly scrubbed.

Legal review for high-stakes incidents. Some details have liability implications.

Annual review: published postmortems revisited; any drift in standards remediated.