Lost in Transcription: Ensuring Data Security for Transcribed Audio Files

Nearly every aspect of our lives, from the business to the personal, has seen a certain improvement because of technology. “Going native” means “going digital” these days and this is a good thing because it simplifies complex processes, automates repetitive tasks and gives us more “bang for our buck”, so to speak.

And this revolution is not confined to just a few industries. It has touched them all – not least in terms of transcription.

Transcription has now moved from large, reel-to-reel and microcasette tapes, to the simplicity of digital audio and video files. Simple, not only because they’re completely intangible, but because they can be transferred — uploaded, downloaded, manipulated, edited, changed — from anywhere in the world, by anyone in the world.

But this ease of transfer and intangibility is also the digital format’s Achilles heel. It promotes efficiency, certainly, but it also opens us up to security breaches, information theft and other vulnerabilities.

Why does data security matter?

After the recent Cambridge Analytica activities involving Facebook, and several major data “break-ins” that have affected digital powerhouses such as Google+ and Sony’s Play Station network, data security is finally receiving the scrutiny it deserves.

Legal moves like the EU’s GDPR laws have come in to effect precisely to begin to incentivize companies to become tighter, more stringent and more transparent and explicit with their data collection and use policies — as well as the practices that come from these policies.

But it’s not just about increased scrutiny in a climate of caution: It’s also the fact that almost everyone’s records and personal information, including information that can be used to directly identify individuals, is being openly distributed, shared and disseminated because of the intangible nature of digital data.

Without data security, people and their privacy is made vulnerable, and open to being used by those who have less than admirable intentions for it.

And in such a reality, businesses and people need data security that is not only “tight” but airtight.

How to ensure transcribed audio files remain safe and secure

So what about digital transcriptions and the resulting audio files? Transcriptions, especially those in the legal profession or in the insurance industries, usually contain sensitive and personal information. But, beyond this, any breaches are actually illegal and constitute a break in client-business confidentiality.

And it’s not just the information of policyholders, claimants, or defendants. Attorneys, investigators and other concerned parties in a legal proceeding may find their confidential notes, such as legal stratagems and other sensitive data, exposed.

So how can companies avoid “losing” their data through the transcription process, and protect files from being openly accessed when transferring?

Adopting security precautions like encryption

First off, data files, whether housed on-premises or outsourced to a secure data facility, must be encrypted.

This includes both the digital audio files of transcriptions as well as any typed digital files or documents that make reference to or include portions of the transcription. If transcription businesses do decide to offload the storage of files to another data facility, they should be thoroughly vetting that company’s data security procedures and fail-safes.

Have a written compliance procedure

Of course, now it’s all but mandatory that the IT departments of firms have written privacy policies and compliance procedures for securing customer data.

Some firms, for example, have a “no-logs” policy for users who access their platform. With transcriptions, however, the issue is not so much identifying users as preventing unlawful access of the files themselves.

Written compliance procedures state the process that must be followed when accessing or transferring data, so that everyone in the company is on the same page when doing so. This prevents individuals claiming to be ignorant of the protocols, and using a transfer method that can be easily hacked.

Make sure the office is quick to adopt and adapt

Written compliance together with concrete layers of security precautions all necessitate one big thing: That your office be technologically up-to-speed, ready to adapt to the changing nature of digital best practices, and prepared to adopt any new technologies that close off the loopholes for file access.

This doesn’t only mean the policies that surround access or the methods of transference. This also means deploying hardware that effectively facilitates security protections.

Avoid using transfer techniques that make files visible and vulnerable

A US-based company that specialized in providing transcription services encountered a major data security breach because of the way it was choosing to handle its transcription file transfers.

The audio and transcript files contained sensitive and “personally identifiable information” (PII) about consumers, including children. The company was working with a third-party contractor, an outsourcing venture in India that provided transcription services for cents on the dollar.

The only problem was that, in transferring these large files, the US-based transcription business decided to use FTP or “file transfer protocol” to “medical audio and transcript files on its computer network and transmit the files between the network and its typists”.

Because of this chosen methodology, the application stored and transmitted files in readable text (i.e. unencrypted), configured so that the files could be accessed online by anyone without authentication. As well, the transcriptions of audio files were being indexed by major search engines — which means that anyone doing a search could potentially stumble upon them.

This is a precautionary tale that should highlight one major lesson: avoid using any methods that leave files open to, or accessible by, the general public.

Understand the transfer pipeline and identify possible points for breaches

IT teams responsible for data security should have various levels of password protection that go way beyond randomized key logging, and should routinely review file access. Furthermore, files can be stored and accessed on a “need-to” basis or a role-basis, instead of granting company-wide access.

Designated IT personnel should also be conducting routine reviews that examine the entire transfer pipeline and process, using white-hat hacking to test the layers of data protection.

The quality of a transcription services company is not only in the quality of the finished product but, as you can see, in the measures with which they approach the sensitive content they’re handling.

Quality transcription companies will themselves work with vetted partners, do their part in securing digital transcription audio files under layers of safety and be able to show compliance through written privacy policies. The key for you is to do your due diligence and ensure these parts are in place.

Leave a Reply

Your email address will not be published. Required fields are marked *