Overseas Transcription Services. Who is Transcribing Your Content?
A Checklist for Protecting Your Data When Using Offshore Transcription Services.
When you outsource tasks you effectively bring on a new member of staff — even if it’s just for a short period of time.
Transcription services are no different.
Just like when you hire someone new, you need to think about who you are bringing into your team. If you trade in sensitive or confidential material, this becomes critical to your operational security.
Many businesses and individuals trust their most sensitive material to transcription firms assuming that their information will stay safe and their data protected. Unfortunately, things aren’t that simple.
Cybercrime and corporate theft are on the rise. Hackers attack every 39 seconds. All businesses need to take every precaution they can. Whenever you share data with external parties, sensitive information, trade secrets, personal data and your reputation are on the line.
Do you know exactly who has access to your data?
But, we’re not here to scare you. This is your checklist for understanding the risks to ensure that you get a secure transcription service.
Who is Transcribing Your Audio? The Root of Secure Transcription Services
This might seem like an odd place to start. In a high-tech age, people think about cybersecurity first when discussing data protection. But, in 2019 90% of cyber data breaches were caused by human error!1
You might also presume that relying on company reputation or size might seem good enough when contracting with transcription firms. However, it is worth thinking about the exact person who is assigned to your transcript, the transcriber.
Offshore transcription services.
Using overseas services is not a rare occurrence in the transcription industry. Many teams that rely on remote workers will employ people from around the world. Offshore transcription can be cheaper due to reduced operating costs. However, those lower costs may be accounted for, in part, by fewer regulations on privacy and information protection. This adds additional strain to any centralised control over your data.
Overseas transcribers may not be aware of the data protection laws you rely on and may not be using the latest technology or security procedures. Even if they are, enforcing multiple policies from different nations can simply be too much work. For that reason, it’s prudent to avoid companies using offshore workers if data security is a high priority.
This principle applies to both the offshore countries that you may immediately think of, as well as others that might not be as obvious from a cost perspective. The onus is usually on you, the data controller, to assess the situation and to be confident that the correct levels of protection are not only in place, but that those rights are enforceable.
Compliance responsibilities
It’s frustrating to think that the effort you’ve put into your security practices and processes could be undermined by a third party who doesn’t share your high standards. Especially if you’re managing data on behalf of your clients, you need to ensure you know your compliance responsibilities and that any third parties don’t impact your ability to adhere to them.
- Check for security credentials and certifications
- Ask for details on how data is processed, managed and stored, including encryption protocols
You may feel confident that you are uploading your content (audio files or video files) in a secure manner, but do you know what happens to it next?
It’s best to use services that provide secure controlled environments for their transcribers to access and transcribe your content. Some companies may allow transcribers to download your content as a local file. This is problematic as you’re then reliant on the security of the transcriber’s machine.
Some companies may split your content into segments to minimise the opportunity for an individual to have access to the complete information, therefore reducing the risk. However, you may wish to consider if this is sufficient, particularly if your data contains sensitive, confidential or personal information.
Market research in healthcare or research involving children may need extra consideration along with legal or government content.
Non-Disclosure Agreements (NDAs)
NDAs are a legally binding contract that ensures the service provider or vendor cannot discuss, disclose or share the information you share with them. This includes the contents of any audio/video data or transcriptions in their hands or on their servers. Breaching this contract puts them at serious risk of litigation. The most reliable transcription services will offer NDAs on request and make it clear that they are available either on their website or when you get in touch.
You should also consider the company’s ability to enforce NDAs, which can be challenging with an offshore workforce. In the UK violations are pursued, but this is not always the case in other countries, so be mindful of the location of not only the business but its workforce too.
Ethical responsibilities
An unfortunate downside to offshoring is also low standards of recruitment and work practices. More stringent regulations and employment laws that apply in countries like the UK, US and Australia often aren’t applicable to offshore workforces. For example, in the past, there have been cases of children being recruited as transcribers.
There are also reports that some offshore transcribers can be working long hours at very low rates. This obviously may impact the quality of the service you receive. In addition, you may wish to consider if this practice is in line with your brand values and corporate social responsibility strategy.
Who has Access to Your Data?
Removing the Human Altogether — ASR and Speech-to-Text Software
Some might assume that using automated speech-to-text, or ASR (automatic speech recognition) software is a more secure option because there’s no human input involved. However, that’s not necessarily true.
Transcription service providers using ASR software may have access to your recordings for quality control, customer support or product development purposes.
They want to ensure the software is working as intended in a variety of different circumstances and, as such, may use customer recordings in place of producing their own in-house content. This could include the training of algorithms or the development and testing of new features and functionality.
This means you may not know which employees of that vendor have access to your recordings or whether or not they might outsource these assessment and development tasks to companies you’re unaware of. In addition, you may not know where those people are located, or where the servers are that your data is stored on.
ASR vendors are unlikely to put your data intentionally at risk, but it helps maintain your peace of mind if you know who, exactly, has access to your data. ASR or human-driven, the assessment of what makes a secure professional transcription service is broadly unchanged regardless of these distinctions. Make sure you check any small print to ensure you know exactly who has access to your data and for what purpose.
Access for Only Those That Need It or 1000’s?
Human transcription services will typically have lots of transcribers at the ready to eagerly start work on your transcript. Although large teams can be helpful in achieving tight deadlines, it does provide the potential for 1000’s of people to have access to your data, even if they don’t end up working on the transcription.
Check how work is allocated to transcribers, to understand who your data is visible to and how they are able to access it. For example, can they download it as a local file or is it stored in an encrypted portal? Does the service operate a restricted visibility approach or is it open access to everyone in the company?
You should never hesitate to ask about a transcription service’s practices for keeping your data safe. They should already have a policy available that details exactly what efforts they make to secure all client information. If they don’t have one, or can’t demonstrate how they’ll protect your data, it’s probably worth looking elsewhere.
You have been reading about the security of transcription services in relation to who is transcribing your content. You can also read further information about Take Note’s security & compliance on our dedicated webpage.
Disclaimer – This blog aims to provide you with some basic information regarding security when using transcription services. It is not legal, security or technical advice and should not be relied on as such. Please seek professional advice where required.
