One of the foremost causes of data breaches in general come in the form of internal cyber breaches.
Companies with hundreds or thousands of employees risk accidents that can lead to data theft and leakage. More than 85 percent of employees have admitted to taking company documents and information when they left a business. Data leakage and lack of information are two critical issues that can harm businesses. Nonetheless, due to the ever-growing global marketing and communication needs, the temptation to use the fast and free online translation tools continues to rise.
Apart from the inefficiencies these tools pose to businesses in the form of low-quality translation output, enterprises continue to overlook potentially more damning issues. Whenever an employee uses a free online translation tool, they risk causing data privacy breaches by making the consumer data searchable. Data breaches like this happen due to employee negligence and employees looking for a quick translation solution. This can leave millions of customers’ sensitive data exposed.
In 2020 alone, there were over 1,000 recorded instances of major data breaches and exposed records. The number of actual instances that occur is much higher because organizations often go through an investigation prior to releasing any details of a breach. Many of these incidents involved the leak of personally identifiable information, including names, birth dates, email addresses, social security numbers, bank account information, home addresses, employment records, and even income data. Millions of customers, patients, and employees have been affected by these leaks.
Some prominent examples of breaches include:
- Kroger data breach: On January 23rd, 2021, Kroger experienced a file-transfer service hack. Kroger released an article saying that 2 percent of their customers were impacted by the breach. Some of the compromised data included clinic and pharmacy information along with HR data.
- Healthcare ransomware incidents: Since the pandemic started, many healthcare organizations fell victim to ransomware incidents. 39 percent of healthcare organizations suffered ransomware attacks in the cloud in 2020. The surveyed organizations stated their top three cloud security concerns were lack of budget, lack of IT security staff, and employee negligence.
- Statoil translation breach: Statoil, a global oil and gas company, used the free translation tool Translate.com and compromised sensitive client data. Since Statoil had large clientele like governments and private institutions and the leaked data included usernames and passwords. Luckily, the translations were found quickly, and the damage was mitigated.
Many of the breaches have been pinpointed back to employees engaging in negligent activities. A primary cause of employees falling victim to data breaches is the use of free online translation tools. Google released a report stating that nearly 500 million people use its free online translation service every day. Many of these 500 million people using free translation tools are employees at companies dealing with sensitive data. What employees do not comprehend is that these free translation tools are public and searchable.
Additionally, there are a variety of data compliance laws being violated by using free translation tools.
Companies must understand how data breaches occur, the regulatory consequences and finding safe alternatives to prevent compliance violations.
How Data Breaches Occur
Even professional human translators require the distribution of source content across translators and editors to perform specific tasks. There are two overarching ways in which confidential information is leaked:
- First, the information is stolen ‘in transit’. This means, when someone transfers data over unsecured servers such as public Wi-Fi hotspot or cloud servers, data leaks occur which are clear indications of lax oversight.
- Secondly, data can be leaked when using online machine translation tools as mentioned earlier. The data translated online can be found by anyone who conducts an Internet search.
Companies must find a middle ground where they can utilize translation tools without risking their data being leaked or stolen. The solution is to use an on-premise NMT to secure the information that is being translated and to mask the sensitive data with tools like the AnonymizerTM.
When Employees Turn to the Cloud
Let’s paint a scenario. We’ll call it hypothetical but it’s one that we see daily. Imagine you’re the IT director of a company in the healthcare sector. You’re noticing a lot of requests being made to Google Translate from your company’s system. When you investigate, you discover that employees were using Google Translate to translate confidential patient data. You estimate that over time, employees used Google hundreds of thousands of times to translate data – and worst of all, you have absolutely no way of knowing what or whose data had been used.
Here is the problem with scenarios such as this: when employees use Google Translate and other free online translation tools to make translation requests, that data is distributed across the cloud. During this process, Google “may need to use a third-party vendor to help provide some aspect of [Google’s] services, such as storage or transmission of data.” This means that there’s no way of knowing or controlling where your information may go or where it may be stored.
Regulatory Concerns over Free Translation Tools
Data theft is not the primary concern when companies’ data is in the cloud and accessible to everyone. The true threat lies in accidentally violating numerous contracts and industry regulations when it comes to handling personal or confidential data. The regulations can differ depending on where a company is operating its business. Some of the main regulatory laws companies should be aware of include:
The HIPAA Omnibus rule took effect in 2013. Among the changes made to HIPAA guidelines was the inclusion that any cloud service provider is considered a business associate, and all business associates must be HIPAA compliant. HIPAA states that “… document storage companies maintaining protected health information on behalf of covered entities are considered business associates, regardless of whether they actually view the information they hold.”
This means that healthcare companies must utilize a HIPAA compliant cloud service for storing patient data. Public cloud services and online translation tools, such as Google Translate, typically will not meet HIPAA compliance requirements. Using these services in association with confidential patient data could put the company at risk of a HIPAA violation. If a HIPAA-covered entity is found to violate these rules, U.S. Department of Health and Human Services may impose civil monetary penalties up to $1.5 million. Additionally, this penalty can be assessed for each violation, potentially making total penalties much higher.
Non-Disclosure Agreements (NDA)
Anthem Inc.’s major data breach in 2015 leaked the personal information of 80 million people. This incident is expected to cost over $100 million, but could go up as high as $8 billion due to an ongoing class action lawsuit.
Non-disclosure agreements: The typical non-disclosure agreement (NDA) states that recipients are obligated to maintain the confidentiality of information given to them. Placing confidential or proprietary information within the cloud is a direct violation of most NDAs. If your company is handling client information under an NDA, utilizing online translation software that is not encrypted or protected by a firewall could be seen as a contract violation. Any breach of this contract could lead to legal actions, including a lawsuit for damages.
Data Privacy Regulation
Privacy Act of 1974
Additionally, the loss of intellectual property or trade secrets due to a data breach can also result in shareholder suits or SEC investigations, depending on the situation.
The Privacy Act of 1974 was created in response to concerns regarding how computerized databases might impact an individual’s privacy rights. One of the four rules of the act places restrictions on how government agencies can share an individual’s data with other people and agencies.
Because of this rule, federal agencies that use a cloud service to store personal data may be in violation of the Privacy Act of 1974. Because of the questionable security of the cloud, some data experts have even argued that provisions such as this, as well as records management laws may limit federal agencies from storing records in the cloud. That also includes the use of cloud-based translation tools.
Since the European Union law in existence with General Data Protection Regulation (GDPR), companies have been receiving heavy fines when found guilty of data breaches.
GDPR provides citizens with the right to ask businesses to keep their information secure. This means that they have authority to prevent criminals from stealing any kind of personal information.
When organizations use online translation tools to translate customer information, they are literally serving the information to criminals on a silver platter. Thus, whenever using an online translator tool, organizations have to be wary about the type of information being disclosed and whether they follow GDPR or not.
The CCPA establishes new rights for consumers and households resident in California — defined as domiciled in California for tax purposes — impacts businesses that control or process data that contains personally identifiable information (“PII”). The CCPA defines PII as information that” identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.”
The CCPA gives California consumers more control over companies’ retention, sale and use of their personally identifiable data. Under the CCPA, consumers will have the right to know, among other things:
- What information is being collected
- If their personal data is being sold to or shared with third parties and who those are
- The sources of the information collected, and
- The purpose for collecting and selling their information
To sum up, the CCPA enables California residents to have a right on how their information is shared. If businesses use online free translation tools, California residents must be notified and this can open up a lot of opportunities for legal ramifications.
Finding Safe Alternatives to Prevent Violations
Companies with weak internal policies and no alternatives for employees cannot place the blame of compliance violations solely on the employees. Companies need to architect their environment to reduce the likelihood of employee error significantly. Although employee error is common, there are several proactive measures companies can take to mitigate violating data compliance laws. Some of these measures include:
Prior to using any solutions, companies must inform their employees on why using public cloud services for translations are dangerous. If employees are unaware why using an internal tool is important, they will keep resorting to using public cloud services that will compromise the data of a company. Educating employees on the rationale behind using an internal tool will prevent them from using free alternatives. Sending an email internally, holding a quick meeting or webinar can prevent millions of dollars in losses for companies.
Providing Internal Tools
If employees have a good internal tool to use for translations, this removes the need for public cloud services completely. An in-house translation tool like SYSTRAN can be used within a company behind a firewall. This reduces the chance of data leakage tremendously. Additionally, SYSTRAN provides companies with enterprise servers. This allows companies to have:
- Unlimited translation volume
- High availability architecture
- Dedicated support with installation on private cloud or on-premise
The executive team at a company can task a C-suite executive like the CTO to perform randomized audits on the usage of translation tools. Many companies that violated data compliance laws only figured out after it had been happening for years and the damage was already done. The instances where a company was able to renavigate their compliance violations occurred when the damage was relatively minor.
Assessing usage of free translation tools will not only prevent compliance violations, but it will also prevent the leakage of company data. This is an initiative that can be done by any company and it will deter employees from using free translation tools.
A great portion of organizations today are unknowingly violating some of the costliest data compliance laws by using free online translation tools. Depending on the location a business operates in, they may be liable to several data compliance fines and multiple investigations. What’s more problematic is that data theft and leakage is on the rise with several major corporations falling victim.
Most data breaches are directly correlated with employees putting sensitive customer data into the open internet. When using free online tools, any of the information that is translated can be searched and stolen by anyone with internet access. Companies can take a proactive approach and mitigate the risk of employee errors by using tools like SYSTRAN. This gives employees a viable alternative to using free online translation tools. Since SYSTRAN can be installed within a firewall, companies can minimize this risk even further.
Sign up for a free trial of SYSTRAN Translate PRO to see how your company can leverage SYSTRAN to prevent data theft and leakage.