Chief Information Officer, TBSJ
But what will happen to the translator? Garfitt believes that companies are coming to recognize the ubiquity of human error and moving away from punitive responses. You likely will not be held responsible so long as (1) you act promptly and honestly and (2) were not grossly negligent, choosing to protect yourself as outlined above.
So what should you do if a breach occurs? Garfitt emphasizes the importance of informing your client promptly and with as much honesty and detail as possible. This allows them to take prompt and appropriate actions of their own. Remember that you are almost certainly contractually (not to mention legally and ethically) obligated to inform your client of a breach. Laws protecting personal information are particularly strict, and depending on the nature of the data or your sector, you or your client may additionally be required to notify law enforcement or information security agencies. Responsible companies have documented incident management processes in place to handle the situation and reflect on it for future improvements.
Above all, however, translators must manage client data in compliance with client policies and requests. This is the most surefire way to ensure that you will not be liable in the event of a breach.
When sending files, use password protection whenever possible. Newer formats such as .docx offer superior encryption. Never send passwords by the same channel as the file or link; if sending files by email, for example, passwords should be communicated by text message, phone conversation, or even snail mail.
Encryption tools can increase the security of email communication, but require both parties to have a key. Still, there are simple measures translators can take as well. To avoid inadvertently leaking information to the wrong party, always reply to the thread rather than creating a new message, and write the names of addressees within the first few lines. Remember that email is inherently insecure; write as if your message will be read by a third party and regularly delete old messages from your server so as to minimize the information a hacker could access.
So how can translators protect themselves? Jeff Chapman of Chapman Creative Works recommends that you first consider how to preserve the physical security of data: locking your computer to your desk, or working on a higher floor of a secure building, or other location that is challenging for a would-be burglar to access. To ensure that your data is protected even if the physical storage medium is compromised, set up hard disk encryption, automatic screen lockouts, and strong account passwords (and never write your password down on a Post-it on your screen). This goes for any device on which you view client data, including smartphones. Use a long password rather than the standard four-digit passcode, and enable remote tracking and wiping services so that you’ll be prepared if the device is ever lost.
Breaches of information security are more common that you might imagine, with 74% of small companies (with fewer than 150 employees) in the UK suffering breaches last year. While the media focuses on targeted and malicious breaches, Alex Garfitt of TBSJ cited the statistic that 50% of the worst breaches are simple human error: overheard conversations, un-shredded or lost documents, or emails forwarded to the wrong person, with 15% of all breaches being smartphone related.
Information security is often neglected in the language service industry. Many translators may be unaware of the risks inherent in technologies we take for granted. Others may not feel knowledgeable enough to set up security measures themselves, or assume they are too small and insignificant to be targeted. But from another perspective, translators and other contractors may be the weak link in a chain leading to the companies who are their clients, and so it is important to be aware and take precautions.