Is Your Team Violating Data Compliance Laws with Online Translation Tools?

On the 3rd of September, 2018, Norwegian news outlet, NRK, reported that highly sensitive corporate information pertaining to the Statoil petroleum company was scattered across the internet. Shortly after, Slator, the translation industry news body, conducted a further investigation and found that “an astonishing variety” of similar information was freely available online from a huge number of other firms.

It turned out that Statoil and other firms had been taking shortcuts with important translations, using sites such as in particular to translate sensitive information.

This revelation sent shockwaves through the Scandinavian stock markets in particular, but serves as a lesson for the world of business as a whole, but what exactly are your responsibilities regarding data protection, and how did these breaches occur? Most importantly, how can you avoid the same fate as Statoil?

Your data responsibilities

The Data Protection Act of 2018 brought into force the UK’s own rendition of the EU-wide GDPR regulations, meaning that businesses now have the responsibility to safeguard personal information of their customers, contacts, employees, and just about anyone they store any data on.

These rules are strictly enforceable, and anyone can report a company for a breach of GDPR as easily as jumping on the government website. Even stricter rules apply surrounding especially sensitive information such as health, sexual orientation, political opinions, and trade union membership.

In essence, you must notify people when you’re collecting their data, what data you’re collecting and why, and once in possession of it, you must protect it as though it were your own. For those not capable of safeguarding data, the penalties are rightfully harsh.

machine translation with word360

How data breaches happen through online translation tools

Online translation tools are, by definition, online. This means they are accessible by anyone, anywhere. They’re also often neural machine translators, which means they absorb the information that you ask them to translate in order to learn and gradually get better and better at their jobs.

This is fine if you’re on holiday for example, and you need to translate your restaurant order, but if you were to ask it to translate a document littered with sensitive information, it would absorb and store everything you give it because it thinks it has something to learn from it.

In essence, it’s not too dissimilar to logging onto a public computer, at a library for example, opening your personal email account, and then just leaving it there for the world to see. Once you give the online translation tool that information, it’s there for the world to stumble across, even if it’s not right in front of you it’s now part of that translator’s memory.

So, when companies decide to take a shortcut with their translations, and use a free online translator instead of a dedicated and secure translation service, they are throwing sensitive information into the public domain and opening themselves up to not only embarrassment but also a roster of prosecutions and fines.

How to prevent translation data breaches

The answer to translation data breaches is to utilise a professional translation service that is secure, accredited, and most importantly, not hosted in a publicly accessible sphere.

For example, at Word360, we offer our translation services through a secure portal on our Wordskii software. This means that the content you submit to be translated is seen by no one outside of the Word360 team, and your personal data is not accessible as part of an online AI.

In addition, and crucially, when needs be we also ensure all stored data is stored domestically, in the same country as your business or organisation, whether that’s the UK, the US or wherever you may be.

Here’s 5 top things to check with your potential translation partner:

  • Where, geographically, is your translation data stored?
  • Is the translation conducted via any publicly accessible database?
  • Are they ISO 27001 accredited? (ensures data protections)
  • Are they ISO 17100 accredited? (ensures quality of translations)
  • Have they done any similarly secure work in the past?

We ourselves are ISO 27001 accredited and members of the Association of Translation Companies. We’ve been trusted by highly secure government and public sector organisations, such as the NHS, and major banking institutions like Goldman Sachs for 30 years. These kinds of guarantees are what you need to see before considering using a translation service.

Businesses usually turn to online translation tools because they’re free, and while the motive is understandable, the cost you save on your translation will be dwarfed by the fines and impacts of lost business further down the line.

To learn more about how professional translations blend human and software translators for a service that is secure, accurate, and cost-efficient, check out our whitepaper below.

machine translation with word360

Written by Ioana Gaicea

About the author