6 Factors of Translation Security and Data Protection 

Given the spate of ransomware and phishing attacks in recent years, you should expect that all your company’s vendors are taking reasonable steps to protect your data when you entrust it to them. This includes the content you send them for translation. Only you should decide who may receive your content and when they can access it. Is your translation provider protecting your content at least as well as your company would?  

6 Factors of Translation Security and Data Protection 

When considering your translation provider's approach to data security, keep these six factors in mind: 

1. Encryption

Is your translation provider encrypting your data when at rest and during transmittal? The truth about modern workflows in the translation industry is that when you send your data to your translation company it does not stay within its four walls (it likely doesn’t even have walls!). Most translation is produced by transmitting your content to individual translators located around the world.  

Depending on how your translation provider’s production methods, your content may first be submitted to a cloud-based server that is running a machine translation engine and then they send it to their human post-editors. All of this takes place over the Internet.  

Confirm the following with your translation provider: 

A. Your content is stored in the cloud in a translation management system that encrypts the data in transit and at rest. 

• Make sure your translation partner is using a translation management system and communication channels that use SSL/TLS protocols when transmitting data.  
• When your data is at rest on a translation company’s servers it should also be encrypted. For example, Microsoft Azure servers encrypt at-rest data using 256-bit AES encryption. 

B. If they use machine translation as part of their translation production, ensure that they are utilizing proprietary engines and not publicly indexed engines. They can only guarantee your data security if they are utilizing customized engines, which will limit who has access to your data. So-called “public” engines will mix your company’s data with that of other users. This could expose your data to the public. 

2. Access control

Your translation partner should have systems that utilize modern access controls such as strong passwords, multi-factor authentication (MFA), and role-based access (for security and proper control of their production processes). 

For example, how are you submitting your data to your translation partner? Do they have a web portal that allows you to securely upload files? If yes, be sure it uses “https” at the beginning of the web address. Also, when they grant you access, be sure you set your own password and don’t continue using the default password provided when your account was set up. 

Since encryption has become standard for most corporate email systems, emailing project data should be secure, but depending on your vendor’s infrastructure you may not be able to guarantee that their email is encrypted, so it does not hurt to ask. 

The same holds true for third-party file transfer services (if your company even allows the use of such systems). If your vendor wants to send large file downloads via a third-party file transfer service, be sure it uses “https” in the address and that the use of such service is compliant with your company’s data protection policies. 

3. Data handling

Confirm with your translation partner that they have protocols in place to ensure that only authorized personnel have access to your translation data. In addition, these protocols must ensure that your data will not be stored on personal devices, that your data is backed up, and that it can be fully deleted when no longer needed. 

4. Compliance

Audit your translation provider for compliance with standards that apply to your company. If your company must maintain GDPR or HIPAA compliance, then so must your translation provider. 

5. Security awareness training

Since a majority of security breaches are caused by human error (88% according to Stanford Research), check the status of your translation provider’s security awareness training. This training should include identifying phishing attacks, recognizing suspicious activity, and overall awareness of the importance of data security. 

6. Vendor selection

Given the length of the translation supply chain, much of your content will reach individual translators, editors, proofreaders, desktop publishing specialists, and even localization engineers. It is your translation vendor’s responsibility to ensure that all these individuals have been properly vetted and qualified as professional providers who can be entrusted with your translation data. They too must be committed to data security.

Simple efforts by your translation partner with its vendors include: 

• Confirming that they don’t work over public networks and if they do, they can encrypt their connections using VPN (this is a potential risk, since many independent translators will work from virtually anywhere—coffee shops, conferences, hotels. For that level of freedom comes the responsibility to take proper precautions!) 

• Reminding them to implement strong passwords on their routers and to invest in robust anti-virus/-phishing software 
• Ensuring that their vendors’ computers are dedicated to work and are not shared by members of their households. 

Such measures can easily be communicated to vendors as part of their onboarding and training and do not require large investments of time and budget. 

The measures we have described here have become common sense in the world of corporate computing. Your job as a translation buyer is simply to hold your translation partner accountable. At the very least, you will remind them how important data security is to you and your company. Hopefully, this will simply move them from complacency to action.