Home » loc mgmt competences » Take data security into consideration from the start

Take data security into consideration from the start

High profile privacy breaches, such as the Translate.com breach of “what must [have been]… millions of indexed pages containing highly sensitive data,” are unfortunately common in our digital age. They emphasize the importance of careful consideration into the way that content is shared in the localization (or any) industry. Most LSPs put careful thought into the way that clients share files with them and the way that they, in turn, share confidential client content with production teams, including external providers such as translators and editors. LSPs also house the confidential information of translators and editors, including rates, tax ID numbers, contact details, etc. This data too needs to be handled with care.

Depending on an organization’s model, external providers with whom content is shared may also include a whole host of other types of translation and localization agencies, such as… 

  • SLVs – Single-Language Vendors
  • MLVs – Multiple-Language Vendors
  • ALVs – Any-Language Vendors

Working with SLVs has the advantage of allowing an LSP greater control over content, though many global enterprises elect to work with MLVs in order to outsource the costs and risks associated with managing pools of providers. When selecting a MLV, global enterprises surely carry out due diligence to ensure the confidential handling of client content. LSPs and global enterprises may also elect to work with ALVs, or those that claim to offer all languages. Be aware that despite their claims, ALVs do not have talent in their pool for all languages. Rather, they bet that they will be able to find talent for any rare language that may be requested with speed. That speed likely prohibits their ability to carefully review the data security protocols of any talent they recruit. ALVs therefore need to be approached with the greatest skepticism.

The data security protocols in place at a translation firm will also be more or less stringent depending on the domains and markets in which a firm works. For example, certain types of work in the medical field, such as translating medical records, requires stricter protocols in order for firms to secure Protected Health Information (PHI) and remain compliant with HIPAA; work with the European Union requires compliance with the General Data Projection Regulation. Many of us, including the translators we work with as PMs, use free email accounts like Hotmail (so 1990!) or Yahoo. However, these types of accounts are not secure. All data shared to these domains is retained by the owners of these domains. A general best practice is therefore not to share confidential client information to these domains, or to avoid SLVs and translators and editors that use these domains for professional communications entirely. If you must share files via email, the Institute of Translation and Interpreting recommends that you at least zip and password protect your email attachments (9. IT Security). The article Passwords, Data encryption, and the underutilized file format offers a good tutorial on how content passed through email can be password protected.

On the topic of electronic correspondence, a note that emailing attachments of more than 4 MB is generally considered very poor form. If the attachment you are sending is larger than say 8-12 MB, this slows speeds for everyone working on your network, and thus causes your colleagues to complain! Generally, LSPs work on password-protected servers to facilitate the sharing of large files and maintain control of confidential content. Clients and translators alike are given logins and passwords. Users access the secure server via an FTP client. A unique folder for each user is created in order to control access, as users can only access the files placed in their folders.

Think for a moment of all of the systems used to manage content. LSPs that elect to use cloud storage such as Google Drive, Microsoft OneDrive, or Dropbox have surely read the terms and conditions for any service before selecting it as their file transfer solution. Still, being aware of the terms and conditions governing content ownership of the services you interact with never hurts! Reviewing the terms and conditions of services of industry giants like Google, Microsoft, and Apple is highly recommended, along with the terms of use for any other content sharing systems you use, if you can bear the reading!

Works cited

“Google Terms of Service.” Google, 25 Oct. 2017, policies.google.com/terms.

“Microsoft Services Agreement.” Microsoft, 30 Aug. 2019, www.microsoft.com/en-us/servicesagreement/

Brewster, Thomas. “Yahoo: Hackers Stole Data On Another Billion Accounts — UPDATED.” Forbes, 14 Dec. 2016, www.forbes.com/sites/thomasbrewster/2016/12/14/yahoo-admits-another-billion-user-accounts-were-leaked-in-2013/.

Faes, Florian. “Translate.com Exposes Highly Sensitive Information in Massive Privacy Breach.” Slator, 7 Sept. 2017, slator.com/technology/translate-com-exposes-highly-sensitive-information-massive-privacy-breach/.

Hern, Alex. “I read all the small print on the internet and it made me want to die.” The Guardian, www.theguardian.com/technology/2015/jun/15/i-read-all-the-small-print-on-the-internet.

Institute of Translation and Interpreting. “A Brief Guide to the GDPR.” ITI, 2018, www.atanet.org/resources/ITI_Guide_to_GDPR.pdf

Office for Civil Rights Headquarters, U.S. Department of Health & Human Services. “Summary of the HIPAA Security Rule.” HHS.gov, www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.html.

Sikoryak, Robert. “Comic artist repurposes iTunes’ terms and conditions into graphic novel.” The Guardian, https://www.theguardian.com/technology/2015/nov/12/apple-terms-conditions-graphic-novel-comic-robert-sikoryak.

Statz, Pamela. “FTP for Beginners.” Wired, 15 Feb. 2010, www.wired.com/2010/02/ftp_for_beginners/.

Wojowski, Joseph. “Passwords, Data encryption, and the underutilized file format.” Joseph Wojowski’s Translation Technology Blog, 18 Jan.

Sites DOT MIISThe Middlebury Institute site network.