Foreign languages represented in cross-border deals or during court cases involving multiple jurisdictions can cause headaches for lawyers. The former process is characterised by large amounts of data and short timeframes; the latter by sudden and urgent requests for very accurate translation. But the common priority in both instances is data security. Since the Cambridge Analytica scandal came to light and the subsequent GDPR came into enforcement, more than ever before data-security is firmly under the microscope. It cannot become the weak link for a business. When handing-over sensitive information for translation to an external provider, careful and secure management of documentation throughout the production process is critical.
While many clients send documents for translation through e-mail, legal clients, in particular, often require a more stringent process to be put in place. Correspondence and sensitive information must be managed so it doesn’t pass through a production process accessible by everyone and anyone. Lawyers want to make sure clients’ information remains confidential but, especially with a new provider, this can feel like a leap of faith. Fortunately, there are relatively straight-forward ways to tighten security from the outset.
NDAs will most likely form a part of this process, but here are 5 measures law firms can action with their translation services provider to ensure content and correspondence remains secure:
1. Upgrade to using e-mail encryption for sensitive correspondence. Individual certificates, set-up by the translation services provider, enable the sender and recipient to be identified clearly, and the contents of the e-mail can be encrypted. Sending confidential information by regular e-mail should be considered a red flag for a law firm and its data-security.
2. Use secure file transfer with encryption and choose a preset time for documents to be automatically deleted.
Storage and access authorisation
3. Your firm’s data can be stored in a secure ERM platform with access restricted to, for example, the responsible account manager. Access restrictions can be clearly defined and should follow the “need to know”principle. Personal data can also be anonymized / pseudonymized in accordance with the GDPR. Data should not leave the secure data storage and there should be no transport via USB storage or e-mail forwarding.
4. A VPN (Virtual Private Network) connection to your firm’s network is possible so documents never enter the provider’s network. Alternatively, when a law firm’s data is in the provider’s network, access can be controlled and tracked, with no printing options or local saving options. Make sure your data is not compromised on the way to the provider or while it’s in the provider’s network. In addition to cryptography in transport, encrypted storage should be an available option.
5. Destruction periods on completion of work by a provider are defined by the GDPR but you can specify shorter timeframes when necessary and where legally possible.
If you have sensitive information that needs to be translated, speak with our teams at EVS Translations. Our in-house IT experts work with clients to deliver specific security solutions for sensitive documents.