News | 28.03.2022

Data Security in translation workflows

Last year, the EU declared British data protection standards are ‘adequate’ and that for at least the next few years, businesses in the UK can continue to share data freely with companies in Europe. However, Brussels has warned the decision could be revoked ‘immediately’ if the same standards aren’t upheld.

An overturn of this agreement would plunge businesses that rely on digital data sharing with EU countries into disarray, so there is now a responsibility on everyone in the UK to maintain current standards by implementing processes that put data protection central to their operations.

As a translation agency supporting international businesses, part of that accountability sits with us; we need to implement the most stringent controls when it comes to the sharing of data with colleagues, clients and suppliers, so we ensure the safest transferring of communications and content while carrying out translations. And rightly so; we’re trusted with some of the most sensitive data clients need to translate. It’s a basic level of service to sign an NDA or redact particularly sensitive snippets within a document, but as an industry, we must demonstrate we go much further than that when it comes to meeting international data privacy requirements.

We make it a priority to ensure that our processes are robust enough to support businesses that have this challenge. It can no longer be an additional service; clients have been actively seeking reassurance that we, as a translation agency, are using the appropriate workflows, technology and platforms to protect their data.

From secure machine translation to penetration testing, there are steps we’ve taken to support clients operating on an international scale and ensure the highest standards when it comes to data security.

Secure file transfer

Although email platforms offer a certain level of security, they can be easily intercepted and accessed by malicious third parties. For clients working with particularly sensitive data such as confidential company information or employee personal details, health data or financial information, this can be very unnerving. As such, we are able to provide a more reliable solution which offers greater protection when it comes to sharing confidential information. We have a secure file transfer system, allowing clients and suppliers to log in and send or receive encrypted files via a secure SSL/ TLS tunnel. This system is available to any of our clients looking for an increased level of security when they request sensitive information to be translated.

Translation management systems (TMS)

Much of the work we do at The Translation People involves translation services relating to business or corporate data that must be kept secure to protect their company reputation or IP. Those working in the pharmaceutical, legal, software, and financial industries, for example, must adhere to strict data security processes, and when appointed to translate that content for them, we need to demonstrate we have all the tools in place to achieve the same standards. One solution to this challenge is the use of a translation management system (TMS), which can plug directly into a client’s content management system, encrypting the data before transfer via an API over SSL/TLS to our TMS. When content is received, our translators log in and conduct the translation within the TMS without downloading any files locally. Then, the completed translations can be returned back to the client through the system. The platform is certified to ISO 27001 Information Security Management and streamlines the translation of data which can’t risk falling into the wrong hands.

Penetration testing

We are able to isolate data stored on our servers, so that only certain people can access it. This proves very useful, but clients may question the resilience of our servers, to ensure the data we store can’t be accessed from outside the business. To demonstrate how seriously we take this, we have regular PCI penetration testing on our servers conducted by an approved third-party cyber security company. This process exposes any potential weaknesses in our security, enabling us to patch them quickly to avoid any future issues.

SCCs

GDPR rules stipulate that personal data can’t be transferred outside of the EU to third parties, but for some clients – who may need translations of documents containing personal data, often between non-European languages – this is essential for the nature for their business. As such, standard contractual clauses (SCCs) are used which ensure appropriate data protection safeguards for the transfer of data from within the EU to third countries. In addition to implementing SCCs in the event of having to use translators outside the EU for sensitive data, we ensure that these linguists work within our TMS, preventing them from saving anything locally.

Machine translation

As translation technology advances, so too do the security capabilities of the platforms we are using. Machine translation is becoming increasingly popular across the globe as a means of achieving efficiencies in the translation process, but data security with this type of service is also a key priority. Many companies need to translate confidential data, and business users wanting to partner with a translation provider for machine translation purposes will require assurances which prove that all necessary steps are being taken to keep the information protected and confidential. Reputable translation providers will only use secure machine translation technologies to eradicate the risk of confidential data re-use and the revealing of highly sensitive information. Beware though – not all machine translation platforms are like this. Freely available online tools typically input data to a cloud storage space where it is combined with translations from other businesses and firms. All these materials are then utilised to improve the engine’s overall capabilities, so such a platform would be unsuitable for those translating confidential data or materials.

We live in an age where our security responsibilities will never be fully satisfied; hackers and fraudsters are becoming increasingly sophisticated in their capabilities. To ensure our clients are never placed at risk, we need to continually analyse and improve our existing security processes, and we need to implement new and improved practices as and when they become available even if they require significant investment. Demonstrating to clients that the security of their data is a business priority of our own, shows that we place customer service and care centrally to even the most complex challenges and positions us as a business that they can trust – which makes every big security investment more than worth it.

For more information on the translation services we provide, visit our home page.

Name	Host	Duration	Type	Description
NID	google.com	6 months	Third Party	This cookie is used by Google to create a profile based on user’s interest and display personalised ads to the users.
_gid	google.com	1 day	Third Party	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected includes the number visitors, the source where they have come from, and the pages visited in an anonymous form.
_ga	google.com	2 years	Third Party	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site’s analytics report. The cookies store information anonymously and assigns a randomly generated number to identify unique visitors.
MR	microsoft.com	1 week	Third Party	This cookie is used to measure the use of the website for analytics purposes.
MUID	microsoft.com	1 year	Third Party	Used by Microsoft as a unique identifier. The cookie is set by embedded Microsoft scripts. The purpose of this cookie is to synchronise the ID across many different Microsoft domains to enable user tracking.
IDE	google.com	2 years	Third Party	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
GPS	youtube.com	30 minutes	Third Party	This cookie is set by Youtube and registers a unique ID for tracking users based on their geographical location
VISITOR_INFO1_LIVE	youtube.com	5 months	Third Party	This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.

Name	Host	Duration	Type	Description
_gat_UA-5518708-1	google.com	1 minute	Third Party	This is a pattern type cookie set by Google Analytics, where the pattern element on the name contains the unique identity number of the account or website it relates to. It appears to be a variation of the _gat cookie which is used to limit the amount of data recorded by Google on high traffic volume websites.
__cfduid	cloudflare.com	1 month	Third Party	The cookie is set by CloudFare. The cookie is used to identify individual clients behind a shared IP address to apply security settings on a per-client basis. It does not correspond to any user ID in the web application and does not store any personally identifiable information.
viewed_cookie_policy	thetranslationpeople.com	11 month	Self	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not the user has consented to the use of cookies. It does not store any personal data.
cookielawinfo-checkbox-necessary	thetranslationpeople.com	11 month	Self	This cookie is set by the GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Necessary".
YSC	youtube.com	1 month	Third Party	This cookies is set by Youtube and is used to track the views of embedded videos.

Data Security in translation workflows