Overseas Transcription Services. Who is Transcribing Your Content?
A Checklist for Protecting Your Data When Using Offshore Transcription Services
When you work with outside vendors, you effectively bring on a new member of staff — even if it’s just for a short time.
Transcription services are no different.
Just like when you hire someone new, you need to carefully evaluate new partnerships with vendors. If you trade in sensitive or confidential material, these vendors can become critical to your operational security.
Many businesses and individuals trust their most sensitive material to transcription firms. When they collaborate with these companies, they’re assuming that their information will stay safe and their data protected. Unfortunately, things aren’t that simple.
Cybercrime and corporate theft are on the rise. Hackers attack every 39 seconds. All businesses need to take every precaution they can. Whenever you share data with external parties, sensitive information, trade secrets, personal data, and your reputation are on the line.
With this in mind, you should ask yourself, exactly who has access to your data?
We’re not here to scare you, but to give you information that will help you prevent a data breach. Here is your checklist for understanding how to find a secure transcription service.
Who is Transcribing Your Audio? The Root of Secure Transcription Services
This might seem like an odd place to start. In a high-tech age, people think about cybersecurity first when discussing data protection. However, in 2019 90% of cyber data breaches were caused by human error!
You might also presume that relying on company reputation or size is a good indication of transcription company security. Those companies hire people to handle recordings, though, so exactly who is working on your transcript? The answer is, the transcriber.
Offshore transcription services
Using overseas services is common in the transcription industry. Many teams that rely on remote workers will employ people from around the world. Offshore transcription can be cheaper due to reduced operating costs. However, those lower costs may be accounted for, in part, by fewer regulations on privacy and information protection. This adds additional strain to any centralized control over your data.
Overseas transcribers may not be aware of the data protection laws you rely on and may not be using the latest technology or security procedures. In addition, enforcing multiple policies from different nations can challenging. For that reason, it’s prudent to check the security credentials of any service you plan to use.
This principle applies to both the offshore countries that you may immediately think of, as well as others that might not be as obvious from a cost perspective. The onus is usually on you, the data controller, to assess the situation and to be confident that the correct levels of protection are in place.
It’s frustrating to think that the effort you’ve put into your security practices and processes could be undermined by a third party who doesn’t share your high standards. Especially if you’re managing data on behalf of your clients, you need to ensure you know your compliance responsibilities. You’ll also need to determine whether any third parties are impacting your ability to adhere to those standards.
- Check for security credentials and certifications
- Ask for details on how they process, manage and store their data, including encryption protocols
You may feel confident that you are uploading your content (audio files or video files) securely, but what happens to it next?
Services that use a secure controlled environment for their transcribers to access and transcribe your content mean that you know where your content is at all times. It can be problematic if transcribers can download your content as a local file. When this happens, you become reliant on the security of their machine.
Some companies may split your content into segments to minimize the opportunity for an individual to access complete information, therefore reducing the risk. However, you may wish to consider if this is sufficient, particularly if your data contains sensitive, confidential or personal information.
Market research in healthcare or research involving children may need extra consideration along with legal or government content.
Non-Disclosure Agreements (NDAs)
NDAs are a legally binding contract that ensures the service provider or vendor cannot discuss, disclose or share the information you share with them. This protection applies to content in audio/video data and transcriptions in service providers’ hands or on their servers. Breaching this contract puts them at serious risk of litigation. The most reliable transcription services will offer NDAs on request and make it clear that they are available.
You should also consider the company’s ability to enforce NDAs, which can be challenging with an offshore workforce. In the UK violations are pursued, but this is not always the case in other countries. Be mindful of the location of the business and its workforce.
An unfortunate downside of offshoring is also low standards of recruitment and work practices. More stringent regulations and employment laws that apply in countries like the UK, US and Australia often don’t apply to offshore workforces.
Offshore transcribers might be working long hours at very low rates. This obviously may impact the quality of the service you receive. In addition, you may wish to consider if this practice is in line with your brand values and corporate social responsibility strategy.
Who has Access to Your Data?
Removing Humans Altogether — ASR and Speech-to-Text Software
Some might assume that using automated speech-to-text, or ASR (automatic speech recognition) software is a more secure option because there’s no human involvement. However, that’s not necessarily true.
Transcription service providers using ASR software may have access to your recordings for quality control, customer support or product development purposes.
They want to ensure the software is working as intended in a variety of different circumstances. As such, they may use customer recordings in place of producing in-house content. This could include the training of algorithms or the development and testing of new features and functionality.
This means you may not know which employees of that vendor have access to your recordings or whether or not they might outsource these assessment and development tasks. In addition, you may not know the location of those people or the servers they use to store your data.
Many reputable ASR vendors take steps to protect your data. It’s good to evaluate their practices as you would any other provider. ASR or human-driven, it’s up to you to investigate whether they’re taking appropriate steps to protect your data. Make sure you check any small print to ensure you know exactly who has access to your data and for what purpose.
Access Should Only Be For Those That Need It
Human transcription services will typically have lots of transcribers at the ready to eagerly start work on your transcript. Although large teams can be helpful in achieving tight deadlines, it means that potentially thousands of people will have access to your data. In fact, even if they don’t end up working on the transcription, they might have access.
Check how the business allocates work to transcribers. This inquiry with help you understand who can access and see your data. For example, can they download it as a local file or is it stored in an encrypted portal? Does the service operate a restricted visibility approach or is it open access to everyone in the company?
You should never hesitate to ask about a transcription service’s practices for keeping your data safe. They should already have a policy available that details what efforts they make to secure all client information. If they don’t have one, or can’t demonstrate how they’ll protect your data, it’s probably worth looking elsewhere.
You have been reading about the security of transcription services concerning who is transcribing your content. You can also read further information about Verbit’s security & compliance here.
Disclaimer – This blog aims to provide you with some basic information regarding security when using transcription services. It is not legal, security or technical advice and should not be relied on as such. Please seek professional advice where required.