Document redaction with data retention

What is claimed is: 1 . A method for redacting an electronic document (ED) having a file format, comprising: obtaining a request to redact a sensitive data item in the ED; identifying a first instance and a second instance of the sensitive data item in a markup of the ED, wherein the second instance of the sensitive data item is not visible in a rendered version of the ED; and generating a redacted ED having the file format by: replacing the first instance of the sensitive data item and the second instance of the sensitive data item with a neutral data item, and inserting, into the markup, an encrypted version of the sensitive data item at a first location. 2 . The method of claim 1 , wherein generating the redacted ED further comprises: inserting, into the markup, the encrypted version of the sensitive data item at a second location corresponding to the second instance of the sensitive data item, wherein the first location corresponds to the first instance of the sensitive data item. 3 . The method of claim 2 , further comprising: identifying a third instance of the sensitive data item in the markup of the ED, wherein generating the redacted ED further comprises: replacing the third instance of the sensitive data item with the neutral data item; and inserting, into the markup, a third encrypted instance of the sensitive data item at a third location corresponding to the third instance of the sensitive data item, wherein the first instance of the sensitive data item and the third instance of the sensitive data item are located in different files in the markup of the ED. 4 . The method of claim 1 , further comprising: identifying, during a search of the markup, a third instance of the sensitive data item; displaying a prompt based on the third instance; receiving, in response to the prompt, an instruction to not redact the third instance; and resuming the search without replacing the third instance based on the instruction. 5 . The method of claim 1 , wherein inserting the encrypted version of the sensitive data item comprises: creating an alternate content section in the markup comprising the encrypted version of the sensitive data item. 6 . The method of claim 1 , wherein inserting the encrypted version of the sensitive data item comprises: creating a content extension section in the markup comprising the encrypted version of the sensitive data item. 7 . The method of claim 1 , wherein the file format is Open Office XML (OOXML). 8 . The method of claim 1 , wherein replacing the first instance of the sensitive data item comprises: determining a size of a bounding box for the first instance of the sensitive data item; removing the first instance of the sensitive data item from the markup of the ED; and modifying the markup of the ED to include the neutral data item having the size of the bounding box. 9 . A system for redacting an electronic document (ED) having a file format, comprising: a computer processor; a user interface (UI) configured to obtain a request to redact a sensitive data item in the ED; an identification engine (IE) configured to identify a first and a second instance of the sensitive data item in a markup of the ED, wherein the second instance of the sensitive data item is not visible in a rendered version of the ED; and a redaction engine (RE), executing on the computer processor, and configured to generate a redacted ED having the file format by: replacing the first instance of the sensitive data item and the second instance of the sensitive data item with a neutral data item, and inserting, into the markup, an encrypted version of the sensitive data item at a first location. 10 . The system of claim 9 , wherein the RE is further configured to: insert, into the markup, the encrypted version of the sensitive data item at a second location corresponding to the second instance of the sensitive data item, wherein the first location corresponds to the first instance of the sensitive data item. 11 . The system of claim 10 wherein: the IE is further configured to identify a third instance of the sensitive data item in the markup of the ED, and the RE is further configured to: replace the third instance of the sensitive data item with the neutral data item; and insert, into the markup, a third instance of the sensitive data item at a third location corresponding to the third instance of the sensitive data item, wherein the first instance of the sensitive data item and the third instance of the sensitive data item are located in different files of the ED. 12 . The system of claim 9 , wherein inserting the encrypted version of the sensitive data item comprises: creating an alternate content section in the markup comprising the encrypted version of the sensitive data item. 13 . The system of claim 9 , wherein inserting the encrypted version of the sensitive data item comprises: creating a content extension section in the markup comprising the encrypted version of the sensitive data item. 14 . The system of claim 9 , wherein the file format is Open Office XML (OOXML). 15 . A non-transitory computer readable medium (CRM) storing instructions for redacting an electronic document (ED) having a file format, the instructions comprising functionality for: obtaining a request to redact a sensitive data item in the ED; identifying a first instance and a second instance of the sensitive data item in a markup of the ED, wherein the second instance of the sensitive data item is not visible in a rendered version of the ED; and generating a redacted ED having the file format by: replacing the first instance of the sensitive data item and the second instance of the sensitive data item with a neutral data item, and inserting, into the markup, an encrypted version of the sensitive data item at a first location. 16 . The non-transitory CRM of claim 15 , wherein the instructions for generating the redacted ED further comprise functionality for: inserting, into the markup, the encrypted version of the sensitive data item at a second location corresponding to the second instance of the sensitive data item, wherein the first location corresponds to the first instance of the sensitive data item. 17 . The non-transitory CRM of claim 16 , wherein the instructions for redacting the ED further comprise functionality for: identifying a third instance of the sensitive data item in the markup of the ED, wherein generating the redacted ED further comprises: replacing the third instance of the sensitive data item with the neutral data item; and inserting, into the markup, a third encrypted instance of the sensitive data item at a third location corresponding to the third instance of the sensitive data item, wherein the first instance of the sensitive data item and the third instance of the sensitive data item are located in different files in the markup of the ED. 18 . The non-transitory CRM of claim 15 , wherein the instructions for inserting the encrypted version of the sensitive data item comprise functionality for: creating an alternate content section in the markup comprising the encrypted version of the sensitive data item. 19 . The non-transitory CRM of claim 15 , wherein the instructions for inserting the encrypted version of the sensitive data item comprise functionality for: creating a content extension section in the markup comprising the encrypted version of the sensitive data item. 20 . The non-