What is the Most Secure Transcription?
If you’re looking to get a transcription made of sensitive information, you will be confronted with something of a conundrum. By outsourcing the task, you run the risk of your information falling into the wrong hands. But, creating a transcript yourself is surprisingly hard and time-consuming.
The truth is, it’s almost impossible to 100% guarantee the security and confidentiality of your data, even if you make the transcription yourself. And, where time is money, it’s likely you’re going to need to use a transcription service.
How do you ensure your information is secure? Transcription services are generally pretty safe. Their business relies on the trust of their customers, so you are unlikely to run into real scammers in the market. Although, it is worth a quick Google search to investigate any company you’re considering partnering with, to make sure they’re legit.
However, just because a business does not have bad intentions doesn’t mean they’re doing everything possible to keep your data safe. If you want to ensure your data is as safe as possible, here are eight things you should look out for that indicate a safe and secure service.
1. They Don’t Shy Away From Talking About Security
Just because a company states that they take security seriously, it is not a guarantee that they do — but, it is a good sign. Every business looks for ways to differentiate itself. If a transcription service delivers data security policies above and beyond the average, they are likely to make a big deal about it. They will, at least, have information about their security policy easily available on their website.
Complete silence about data security, on the other hand, is a red flag. As your first signpost, look for transcription providers that advertise the security of their service. Next, look into the specifics of what that means. What processes and certifications do they have in place?
2. ISO 27001 & 9001 Certification
One of the best indicators of a robust data security operation is ISO certifications, specifically ISO 27001 & 9001. ISO is a set of international standards on quality assurance that allow companies to document their capabilities and the elements implemented to maintain those assurances. To receive an ISO certification, companies must apply and are then subject to a third party formal assessment.
ISO 9001 is a management system standard. ISO 27001 is for information security management. Together, these signpost a positive outcome from a customer service perspective and a system designed to reduce risk. The ISO certifications are a seal of approval from an independent expert and you can be confident that the company has gone through a rigorous process to achieve them.
3. An HTTPS Website
A good piece of general web hygiene is to look at the URL. Over the last few years, most websites (and almost all legitimate web services that request personal or sensitive information) have switched from older ‘http’ to ‘https’ addresses. An https address provides encryption of communication between the website and your browser.
You should be wary of entering any personal or sensitive information into a website that has not gone to the trouble of upgrading their web protocols. When looking to get sensitive material transcribed, an https website is a prerequisite.
4. The Use of Encrypted Log-In Portals and Storage
Services that take security seriously will go beyond https encryption and apply additional layers of protection. This means using SSL or TLS encrypted log-in portals for sharing your information with transcribers. It also means storing information in encrypted formats.
Encrypted storage is a critical point that is often missed. Although it is important to use encryption while sharing information, your information is always vulnerable when online. Therefore, information needs to be stored in an encrypted format as well.
If transcribers download your content as a local file to carry out the transcription, your data is only as secure as their machine. They may not know the best protocols to follow or have the most up to date security software in place.
5. Willingness to Guarantee Confidentiality by Signing an NDA
When you use a human-based transcription service, it is impossible to avoid having a person outside your organisation look at the data. You want that person (and the transcription service) to sign a non-disclosure agreement (NDA), otherwise you risk your information being spread outside of your control. As well as the signing of an NDA, you also need to ensure that any violations will be pursued.
You may also want to check who has access to your content. This can be a surprising number of people, in the thousands, depending on how the provider allocates transcriptions. You can reduce the risk by looking for companies who lock down access to only those who need it to complete the transcription.
Most transcription services are willing to sign NDAs. This is a good indication that they take data protection seriously. It is also critical to retaining control over your information. If they don’t sign an NDA, you have little recourse if your information is leaked. Make sure that they’re willing to sign an NDA and then follow through with getting one signed if you select them as a partner.
If a transcription service is not willing to sign an NDA, you should take that as a warning sign.
6. Not Using Offshore Transcribers
NDAs are important. But, that does not mean that a company will really have the ability to enforce such an agreement. Most transcription services operate using a dispersed network of transcribers. Sometimes, these networks operate on a global scale.
By offshoring transcripts, transcription services can lower prices. But, that comes at the expense of control. Many transcribers are based in countries with limited privacy laws and even lower tendencies to pursue violations. Regardless of the local circumstances, their location within a different legal jurisdiction than their employer makes it harder for that company to enforce NDAs and otherwise guarantee the safety of your data.
If concerned about the security of your data, you should look for transcription services that make pledges about where their transcribers are based. You want to look for areas with high ethical business standards and judicial systems that pursue violations. If you operate in a country subject to strict privacy regulation (such as the GDPR), it is advisable to keep your transcription business partners within that region as well. If the location of transcribers is not mentioned at all, it is likely that the service uses an offshore workforce.
7. A Medium-Range Starting Price
Although it can be tempting to pick the lowest price you can find, all transcription services are not created equal. Transcription service pricing can actually be a bit complicated. Even without concerns for security, a low starting price often means that there are a lot of ‘additions’. This can create a confusing experience that isn’t always as cheap as it first seems. You may find you never actually pay the ‘starting from’ price that’s advertised.
Low prices almost always guarantee the use of offshore transcribers. You are also likely putting your data in the hands of people who aren’t paid that well. Like with a lot of things, you get what you pay for. If you want a quality service that places a premium on security, that will be reflected in the price.
8. Speech to Text Software … Maybe
If you want to avoid a ‘person’ stealing your data, one of the most obvious choices is to remove the human element entirely and just use automated transcription services, or automatic speech recognition (ASR) software.
However, using a ‘Automatic transcription service’ does not necessarily mean that humans won’t have access to your data. This could be for quite innocent reasons such as quality control, customer success problem solving or product development. If no guarantees are made in a service level agreement, there is nothing stopping someone from listening to your recording.
Also, these services deliver a different output and outcome to human transcription service. Some services also store data online for quite sometime after the transcript has been delivered. So, make sure you’re not being lured into a false sense of security.
Factors such as encryption during storage and safe data transfers are just as important when using speech to text software as it is with human-based transcription services. Ideally, you want to find a service that deletes your data once finished, otherwise, you run unnecessary risks by having your data stored by a third party online.
No matter what service you choose, make sure you keep a vigilant eye on the security of your data.
To help you determine which human transcription service might be right for you, including their security credentials, we’ve pulled together a handy guide to get you started.
Disclaimer – This blog aims to provide you with some basic information regarding security when using transcription services. It is not legal, security or technical advice and should not be relied on as such. Please seek professional advice where required.