5 top tips for keeping your information safe during the translation process

Each and every one of us relies on someone, whether that’s an employer, doctor or solicitor, to keep our personal data private. And no matter what line of business you’re in, you will have material that needs to be kept safe from prying eyes.

If you work in the healthcare or pharmaceutical industry, this could mean the results of clinical trials for a promising new drug treatment. If you’re in the technology sector, this could include patent applications for innovative solutions that will ensure you stay ahead of competitors.

What happens when you need to have this content translated? How do you know that your language service provider will keep your data safe? Here are our top tips for keeping your information safe during the translation process.

#1: Make file transfer failsafe

Email is a feature of all our lives, and it looks like it’s here to stay. Yet you may also be aware that email is an inherently insecure form of communication. That’s because many email clients use Simple Mail Transfer Protocol (SMTP), with no encryption. If you’re worried about the contents of your email being intercepted when you’re working with your language service provider, there are a few ways of making file transfers more secure:

Use your translation provider’s customer portal

There are many benefits to using your translation provider’s customer portal – including enhanced visibility of all stages of your project and greater transparency with powerful reporting tools. Many out-of-the-box translation management systems also come with in-built secure file transfer solutions, with features such as two-factor authentication, TLS (SSL) encryption for safe data transfer and communication using the HTTPS protocol. If you are working on an ultra-confidential project, you can also specify that your translation provider should restrict access to your material to key personnel only – such as your project manager and linguist. Just ask.

Encrypt email attachments

Encrypt Microsoft’s Office 365 files such as Word or Excel with AES 256-bit password protection (File > Info > Protect Document > Encrypt with Password) before adding them as attachments when emailing your translation provider. Let them know the password via a different method of communication. Ask them to do the same when they return the translation to you.

Use secure file transfer apps to share large files

If you want to share larger files with your language service provider, there are various options to choose from, all with various security features. Take SharePoint, for example. The document management and storage system from Microsoft allows you to share large files with users within and outside your organisation, set permissions for individual files or folders and grant or revoke access as you deem necessary. Dropbox offers multi-layered protection, with 256-bit AES file encryption and SSL/TLS for data transfer. Those using WeTransfer can be assured that content is transferred over a secure HTTPS connection and the servers used to store content are GDPR compliant and secure.

#2: Be mindful when you’re on the move

With the pandemic having put dreams of being a digital nomad on hold for many, it’s worth taking a moment to reflect on the realities of remote work, particularly when it comes to information security.

Be alert when working in public spaces

While a coffee shop, public library or co-working space may seem like a welcome change of scene after being confined to your home over the last few months, high-value items such as your laptop, tablet or smartphone are magnets for theft. And while criminals probably aren’t interested in the contents of your hard drive, it goes without saying that you should never leave your devices unattended in a public place. You should also be conscious of your surroundings. You never know who might be interested in the material you’re working on, so always make sure that your screen is positioned away from inquisitive eyes.

Use a secured WiFi network to connect to the internet

Connecting to the internet in public venues via an unsecured public WiFi network could leave you vulnerable to a different type of theft: cybercriminals exploit these kinds of open connections to gain access to your devices and steal sensitive information such as bank account details and passwords. Many public places now offer a secured WiFi network, accessible for a fee or store purchase. Better yet, consider using a virtual private network (VPN) solution whenever you use a public WiFi network.

The virtues of VPN

Virtual private network technology was developed to help people use the internet safely and securely. A VPN tunnel is effectively an encrypted link between your device and an outside network, protecting users from hackers and other snoops. There are various protocols, including PPTP (Point to Point Tunneling Protocol), SSTP (Secure Socket Tunnelling Protocol and L2TP (Layer 2 Tunnelling Protocol). If you’ve been working from home during lockdown, your employer may well have set up a gold-standard SSL VPN connection for you. This provides end-to-end encryption, allowing you to access your organisation’s IT network securely.

It’s a good idea to familiarise yourself with your company’s policy on remote access and mobile computing, and to ask your language service provider about theirs. If you are at all concerned about your translation provider maintaining confidentiality when working remotely, you could include a clause in your NDA specifying permitted locations for carrying out work.

#3: Know your GDPR

The UK may have left the European Union, but the General Data Protection Regulation has been retained in UK law alongside the Data Protection Act 2018. And your LSP will likely be working with residents both within and outside the EU to fulfil your translation or localization project. So, what do you need to know?

• As the person commissioning translation work, you are the Data Controller. This means that the responsibility for any personal data contained within the document lies with you.
• The LSP processing this data on your behalf is the Data Processor.
• When the LSP selects a professional linguist to carry out the work, the LSP becomes a joint controller, and the linguist then becomes the data processor.
• The EU has made “adequacy decisions” regarding which countries outside the EU are deemed to have an adequate level of data protection. There may be a very good reason why an LSP wishes to transfer your data to a country or territory not covered by such “adequacy decisions”: native speakers living in the country where the target language is spoken will be attuned to subtle shifts in language use and able to produce translations that sound fluent and current. For example, a Thai translation carried out by a professional translator based in Thailand is far more likely to resonate with your Thai audience than one carried out by a Thai speaker who has not been resident in Thailand in many years. If your LSP plans to use a linguist based in a country outside the EU’s list of Adequate Countries, they will inform you ahead of starting on the work. As the Data Controller, it will then be your responsibility to give permission for the work to go ahead.
• If your document includes any of the following, consider whether you really do need to send it to your LSP:
  • a person’s name and surname
  • their home address
  • their email address
  • their ID card number
  • their IP address
• It might be worth redacting such personal data if it doesn’t need to be translated. In Adobe Acrobat Reader DC, you can do this by selecting the Redact option from the menu in the right-hand pane.
• Because of the nature of the work that LSPs undertake, all LSPs should have an appointed Data Protection Officer (DPO) or at least a person appointed to look after GDPR matters, depending on their size. They will be happy to answer any questions if you have any concerns about how GDPR affects the work that you send for translation.

#4: Use (free) machine translation tools with caution

If you’re on a budget, it can be tempting to use free online machine translation engines such as Google Translate for a quick-and-dirty solution. But did you know that by using Google Translate, you’re agreeing to their terms of service, allowing Google to reproduce, distribute, publish and publicly display your content?

Imagine how you would feel, knowing that sensitive information such as your work performance appraisal was in the public domain and could be found online via a simple Google search. That’s precisely the situation that employees of Norwegian energy company Statoil found themselves in a few years ago. They discovered that text typed into a free machine translation service powered by Microsoft Translator was just a Google search away. An investigation by Norwegian news agency NRK revealed that a raft of highly sensitive information was entered into the Translate.com machine translation engine, including full names, emails and phone numbers, making it freely accessible online.

The news sparked outrage at the time. And while Translate.com could rest easy by pointing to a clause in its Terms and Conditions that stated, “all information submitted on the website might potentially be publicly accessible”, it prompted many to consider just how safe their content really was in the hands of machine translation providers.

When you’re handling content of a sensitive nature, it’s best to avoid free online machine translation services altogether. If you’re using a paid machine translation service, it’s advisable to check the terms and conditions very carefully. Consider the following:

1. Is your data re-used in any way? If so, how? And for what purpose?
2. How long is your data stored for?
3. Where in the world are the machine translation engines located?
4. Are you breaching any agreements you have in place with the content owners by feeding their data into a machine translation engine?

If you’re entrusting your data to a professional translation agency, ask if they restrict their translators from using free online machine translation engines, either by disabling the option for machine translation integration in their CAT tools or by including a clause to this effect in their non-disclosure agreements.

#5: Look for an ISO 27001-certified translation provider

Information security has never been so important. As security threats continue to evolve, there are myriad ways in which your data could fall into the wrong hands. On a more positive note, there are multiple ways to combat these risks. The ISO 27001:2013 information security management system standard is a comprehensive set of guidelines on managing information security risks. It is well regarded and widely adopted by businesses in highly regulated industries such as banking. The standard covers aspects such as access control, business continuity, disaster recovery, compliance, physical security and incident management. A company that has made the effort to achieve certification to this standard takes information security very seriously indeed. A report by language industry intelligence research consultancy Slator published in September 2020 shows that around one-fifth of the LSPs it surveyed were ISO 27001 certified. If your LSP is certified to this standard, then you can rest assured that your data is in safe hands.

About the author

Antonios Koutsounouris is a translation industry veteran with an MSc in Machine Translation. He joined Planet Languages in 2001 as a Translations Systems Manager and was appointed as Operations Director in 2005. Antonios was instrumental in helping the company achieve certification to the ISO 27001 information security management systems standard. He is responsible for all matters GDPR and information security.