If you are looking to get a transcription made of sensitive information, you will be confronted with something of a conundrum. By outsourcing the task, you run the risk of your information falling into the wrong hands. But, creating a transcript yourself is surprisingly hard and time-consuming.
The truth is that the only way to be 100% guaranteed of the security of your data and maintaining confidentiality is to make the transcription yourself — using an air-gapped computer no less. But, likely, that is not a practical solution. Even for excellent typists, creating a transcript is a slow and somewhat tedious assignment. Under realistic circumstances, you are going to need to use a transcription service.How, then, do you do so safely? Transcription services are generally pretty safe. Their business relies on the trust of their customers, so you are unlikely to run into real scammers in the market. Although, it is worth a quick Google search to investigate the company with which you are looking to partner. But, just because a business does not have bad intentions does not mean that they take the safety of your data seriously. When it comes to data security, negligence can be just as damaging as mal-intent. If you are really concerned about the safety of your data, here are the eight things you should watch out for that indicate a safe and secure service.
1. They Make a Big Deal Out of Security and Confidentiality
Just because a company says that they take security seriously, it is not a guarantee that they do — but, it is a good sign. Every business looks for ways to differentiate itself. If a transcription service delivers data security policies above and beyond the average, they are likely to make a big deal about it. They will, at least, have information about their security policy somewhere on their website.
You need to look into the specifics, but boisterous claims of a secure service are a good sign. Complete silence about data security, on the other hand, is a red flag. As your first signpost, look for transcription services that advertise the security of their services. Next, look into the specifics of what that means.
2. ISO 27001 & 9001 Accreditation
One of the best indicators of a robust data security operation is ISO accreditations, specifically ISO 27001 & 9001. ISO is a set of international standards on quality assurance that allow companies to document their capabilities and the elements implemented to maintain those assurances. To receive an ISO accreditation, companies must apply and are then subject to a third party formal assessment.
ISO 9001 is a management system standard. ISO 27001 is for information security management. Together, these signpost a positive outcome from a customer service perspective and a system designed to reduce risk. These are a great sign that your data will be in good hands.
3. An HTTPS Website
A good piece of general web hygiene is to look at the URL. Over the last few years, most websites (and almost all legitimate web services that request personal or sensitive information) have switched from older ‘http’ to ‘https’ addresses. An https address introduces encryption to communication between the website and your browser.
You should be hesitant of putting any personal information into a website that has not gone to the trouble of upgrading their web protocols. When looking to get sensitive material transcribed, an https website should be a prerequisite.
4. The Use of Encrypted Log-In Portals and Storage
Services that take security seriously will go beyond https encryption and apply additional encryption measures. This means using SSL or TLS encrypted log-in portals for sharing your information with transcriptionists. It also means storing information in encrypted formats.
Encrypted storage is a critical point that is often missed. Although it is important to use encryption while sharing information, your information is always vulnerable when online. To be really secure, that information needs to be stored in an encrypted format as well.
5. Willingness Guarantee Confidentiality by Signing an NDA
When you use a human-based transcription service, it is impossible to avoid having a person from outside of your organisation look at your data. You want that person (and the transcription service) to sign a non-disclosure agreement (NDA), otherwise you risk your information being spread outside of your control.
Most transcription services are willing to sign NDAs. This is a good indication that they take data protection seriously. It is also critical to retaining control over your information. If they don’t sign an NDA, you have little recourse if your information is leaked. Make sure that they will sign an NDA and then follow through with getting one signed. If an NDA is not an option, it should give you pause even if you weren’t considering getting one signed.
6. Not Using Offshore Transcriptionists
NDAs are important. But, that does not always mean that a company will really have the ability to enforce such an agreement. Most transcription services operate using a dispersed network of freelance transcriptionists. Even when on permanent contracts, these transcribers will work from home. Sometimes, these networks operate on a global scale.
By offshoring transcripts, transcription services can lower prices. But, that comes at the expense of control. Many transcriptionists are based in countries with limited privacy laws and even lower tendencies to pursue violations. Regardless of the local circumstances, their location within a different legal jurisdiction than their employer makes it harder for that company to enforce NDAs and otherwise guarantee the safety of your data.
If concerned about the security of your data, you should look for transcription services that make pledges about where their transcriptionists are based. You want to look for areas with high ethical business standards and judicial systems that pursue violations. If you operate in a country subject to strict privacy regulation (such as the GDPR), it is advisable to keep your transcription business partners within that region as well. If the location of transcriptionists is not mentioned at all, it is likely that the service uses an offshore workforce.
7. A Medium-Range Starting Price
Although it can be tempting to just pick the lowest price you can find, this might not be the best idea. Transcription service pricing can actually be a bit complicated. Even without concerns for security, a low starting price often means that there are a lot of ‘additions’. This can create a confusing experience that isn’t always as cheap as it first seems.
Low prices almost always guarantee the use of offshore transcriptionists. You are also likely putting your data in the hands of people who aren’t paid that well. Like with a lot of things, you get what you pay for. If you want a quality service that places a premium on security, you will likely have to pay a little extra for that. A starting price at least one rung up from the bottom is often a good sign that you are dealing with a quality company.
8. Speech to Text Software … Maybe
If you want to avoid a ‘person’ stealing your data, one of the most obvious choices is to remove the human element entirely and just use automated transcription services, or automatic speech recognition (ASR) software. This might work. But, these services don’t deliver quite the same outcome. You also need to avoid being lured into a false sense of security.
‘Automatic transcription service’ does not necessarily mean that no human will see your data. If no guarantees are made in a service level agreement, there is nothing stopping someone from listening to your recording. For example, your recording might be used for review purposes. Some services also store data online for quite some time after the transcript has been delivered.
Factors such as encryption during storage and safe data transfers are just as important when using speech to text software as it is with human-based transcription services. Ideally, you want to find a service that deletes your data once finished, otherwise you run unnecessary risks by having your data stored by a third party online.
Even more problematic than security issues is the fact that speech to text software will likely be unsuitable for your transcription service needs. This is not entirely related to security, but automated services struggle with accuracy. Even if you find one that is secure, you may go to all that effort to receive a transcript that is nothing but gibberish.
To make ASR work, you need ‘clean’ audio with people speaking slowly, one at a time and with no background noise. Even then, you should not expect accuracy rates higher than 80%. If there are one or more of these factors present, the accuracy rate can sink to the single digits. For many recordings, ASR is not a realistic option. No matter what, retain a vigilant eye on the security of your data.