In today’s fast-paced and ever-changing language industry landscape, the two key considerations for both language service providers (LSPs) and their clients are price and quality control. These two factors form the basis for LSPs to market and sell their services, as well as how clients choose between the enormous variety of LSPs in the marketplace. However, one frequently overlooked – yet increasingly important – consideration is the issue of information security and confidentiality when it comes to clients’ content and data.
More often than not, language assignments involve some kind sensitive information. A document to be translated may include an individual’s social security number and medical history, bank account information, proprietary corporate content, and intellectual property, to name just a few common examples. This type of information is valuable to hackers, whether looking to commit identity theft or to steal a competitor’s secrets through corporate espionage.
With terabytes of client content being transferred around the globe on a daily basis, and frequent massive data breaches affecting even such large corporations as Yahoo, Marriott, and Equifax in recent years, it is incumbent upon LSPs to maintain robust policies and procedures to ensure the security and integrity of their clients’ data and information. Given the constant threats to information security, what should LSPs and clients be doing to mitigate these risks?
The most fundamental requirement is that all personnel at an LSP who come into contact with a client’s information should have signed a non-disclosure agreement (NDA). Often, NDAs are included in the contract or service agreement that a client signs when hiring a service provider. However, that does not account for sending the document(s) in question to the LSP – or multiple LSPs – to provide a quote prior to signing the service agreement. In this case, clients should not hesitate to ask the LSP to sign a separate NDA before sending the file for analysis.
Another key document that should be signed by all of an LSPs independent contractor linguists is a code of ethics and professional conduct. Numerous codes of conduct have been developed over the years, including by such leading industry organizations as the American Translators Association (ATA). These documents cover topics ranging from professional responsibility in accurately conveying the meaning between languages, maintaining impartiality, as well as adhering to strict confidentiality.
Some other industry best practices that clients may want to require from their LSP include policies pertaining to updates to antivirus and operating systems for both the LSP and any independent contractors, a secure network and firewall, password protecting all documents, regular data deletion or appropriate secure archiving of past projects, and secure record-keeping, to name only a few.
Many LSPs also offer secure file transfer options, ranging from secure File Transfer Protocol (FTP) platforms to secure online portals where clients may submit their content for translation and receive back their translated documents. Generally speaking, these types of platforms are much more secure than sending files back and forth by email. And, for clients that regularly work with sensitive medical documentation, they should expect that an LSP provides regular training in HIPAA compliance for both its in-house staff and contract linguists, and the steps the LSP takes to ensure such compliance.
In today’s digital environment, there is always a risk to sensitive information, whether from intentional hackers seeking to steal identities or a well-meaning linguist inadvertently discussing a client’s project in a public place. However, by better understanding the security climate, asking the right questions of your LSP, and following some of the simple recommendations above, clients can significantly mitigate that risk and keep their information more secure.