Data Security in translation workflows
Data Security in translation workflows
Last year, the EU declared British data protection standards are ‘adequate’ and that for at least the next few years, businesses in the UK can continue to share data freely with companies in Europe. However, Brussels has warned the decision could be revoked ‘immediately’ if the same standards aren’t upheld.
An overturn of this agreement would plunge businesses that rely on digital data sharing with EU countries into disarray, so there is now a responsibility on everyone in the UK to maintain current standards by implementing processes that put data protection central to their operations.
As language specialists supporting international businesses, part of that accountability sits with us; we need to implement the most stringent controls when it comes to the sharing of data with colleagues, clients and suppliers, so we ensure the safest transferring of communications and content while carrying out translations. And rightly so; we’re trusted with some of the most sensitive data businesses need to translate. It’s a basic level of service to sign an NDA or redact particularly sensitive snippets within a document, but as an industry, we must demonstrate we go much further than that when it comes to meeting international data privacy requirements.
We make it a priority to ensure that our processes are robust enough to support businesses that have this challenge. It can no longer be an additional service; clients have been actively seeking reassurance that we, as a translation provider, are using the appropriate workflows, technology and platforms to protect their data.
From secure machine translation to penetration testing, there are steps we’ve taken to support clients operating on an international scale and ensure the highest standards when it comes to data security.
Secure file transfer
Although email platforms offer a certain level of security, they can be easily intercepted and accessed by malicious third parties. For clients working with particularly sensitive data such as confidential company information or employee personal details, health data or financial information, this can be very unnerving. As such, we are able to provide a more reliable solution which offers greater protection when it comes to sharing confidential information. We have a secure file transfer system, allowing clients and suppliers to log in and send or receive encrypted files via a secure SSL/ TLS tunnel. This system is available to any of our clients looking for an increased level of security when they request sensitive information to be translated.
Translation management systems (TMS)
Much of the work we do at The Translation People involves translation of business or corporate data that must be kept secure to protect their company reputation or IP. Those working in the pharmaceutical, legal, software, and healthcare industries, for example, must adhere to strict data security processes, and when appointed to translate that content for them, we need to demonstrate we have all the tools in place to achieve the same standards. One solution to this challenge is the use of a translation management system (TMS), which can plug directly into a client’s content management system, encrypting the data before transfer via an API over SSL/TLS to our TMS. When content is received, our translators log in and conduct the translation within the TMS without downloading any files locally. Then, the completed translations can be returned back to the client through the system. The platform is certified to ISO 27001 Information Security Management and streamlines the translation of data which can’t risk falling into the wrong hands.
We are able to isolate data stored on our servers, so that only certain people can access it. This proves very useful, but clients may question the resilience of our servers, to ensure the data we store can’t be accessed from outside the business. To demonstrate how seriously we take this, we have regular PCI penetration testing on our servers conducted by an approved third-party cyber security company. This process exposes any potential weaknesses in our security, enabling us to patch them quickly to avoid any future issues.
GDPR rules stipulate that personal data can’t be transferred outside of the EU to third parties, but for some clients – who may need translations of documents containing personal data, often between non-European languages – this is essential for the nature for their business. As such, standard contractual clauses (SCCs) are used which ensure appropriate data protection safeguards for the transfer of data from within the EU to third countries. In addition to implementing SCCs in the event of having to use translators outside the EU for sensitive data, we ensure that these linguists work within our TMS, preventing them from saving anything locally.
As translation technology advances, so too do the security capabilities of the platforms we are using. Machine translation is becoming increasingly popular across the globe as a means of achieving efficiencies in the translation process, but data security with this type of service is also a key priority. Many companies need to translate confidential data, and business users wanting to partner with a translation provider for machine translation purposes will require assurances which prove that all necessary steps are being taken to keep the information protected and confidential. Reputable translation providers will only use secure machine translation technologies to eradicate the risk of confidential data re-use and the revealing of highly sensitive information. Beware though – not all machine translation platforms are like this. Freely available online tools typically input data to a cloud storage space where it is combined with translations from other businesses and firms. All these materials are then utilised to improve the engine’s overall capabilities, so such a platform would be unsuitable for those translating confidential data or materials.
We live in an age where our security responsibilities will never be fully satisfied; hackers and fraudsters are becoming increasingly sophisticated in their capabilities. To ensure our clients are never placed at risk, we need to continually analyse and improve our existing security processes, and we need to implement new and improved practices as and when they become available even if they require significant investment. Demonstrating to clients that the security of their data is a business priority of our own, shows that we place customer service and care centrally to even the most complex challenges and positions us as a business that they can trust – which makes every big security investment more than worth it.