Language I/O Policy on Personal Data Embedded in CRM Content
With the introduction of the General Data Protection Regulation (GDPR) in the EU, data privacy has become a concern for companies around the world, including Language I/O. The primary function of the GDPR is to address security of personal data. Language I/O never intentionally collects personal data when it is translating content coming from our customers’ CRMs. Furthermore, we don’t persist in our database, log files or elsewhere any User Generated Content (UGC) that is sent to us for translation in case it contains personal data. However, we understand that especially where your customer’s chats and support tickets are concerned, because they are passed to us for translation, you often don’t know in advance whether that customer UGC contains personal data or not and we take our task of protecting that customer content very seriously.
GDPR questionnaires we receive from customers and prospects often include questions about third-party processors employed by Language I/O and the potential for a data security breach via a third party. Language I/O uses third-party translation services – both human and machine – in addition to in-house translation services. We do this to provide the highest translation quality available. So yes, there is the potential for third-party processors to receive personal data from your customers’ UGC.
The UGC referenced in this policy is UGC that is passed from the customer’s CRM into the Language I/O translation service and will take the form of either a chat or an email/ticket thread. This includes:
- UGC that comes from a support agent
- UGC that comes from a customer
Support Agent Content
Unlike content that comes from your customers, you can control the content generated by your support agents via policies and observation. Specifically, companies that use Language I/O CRM translation services should enforce policies that ensure their support agents never embed personal data in a chat or email response that is passed to Language I/O for translation. If a support agent needs to reference a piece of personal data in a response that is passed to Language I/O for translation in order to answer the customer’s question, they can do so via a CRM variable. This means that the UGC authored by a support agent and sent to Language I/O does not contain the actual personal data, only a variable referencing a piece of personal data. This should be standard practice for all users of the Language I/O translation service as Language I/O will not be responsible for personal data intentionally sent to us by our customers’ support agents.
UGC passed into your CRM by your customers – or the person seeking support – is of most concern to Language I/O. We recognize that your customer chats and tickets are more likely to contain embedded personal data when it is passed to us for translation. This personal data is outside of the control of the support agent as they won’t know that a customer chat or email contains personal data until it is translated by Language I/O. Hence, it needs to be carefully safeguarded.
There are two main types of third-party translation service that Language I/O employs:
- Machine translation services
- Human translation services
Because Language I/O only employs machine translation (MT) services that do not persist any content passed in for translation and which have sound data privacy policies, the safest route is to use the Language I/O MT services to translate UGC. The content passed to these MT engines is never actually viewed by human eyes and once it is translated and passed back into your CRM, it is gone from all systems. Because chats are always machine translated, chat content is not the concern. Email or ticket UGC generated by agents – as long as they adhere to this policy – can be safely human translated. However, email or ticket UGC generated by your customers should be solely machine translated.
To avoid having a human linguist ever see any customer UGC, follow these two steps to ensure that customer UGC is only machine translated, never human translated.
- All incoming customer questions should be machine translated. This is the default within all of our apps but there are ways to change the configuration on the CRM side and this should never be done for customer UGC.
- Either disable the “retranslate” option for incoming customer question translations or work with Language I/O to ensure that a secondary machine translation service, not a human translation service, is used for retranslation of incoming customer questions. Again, this is the default when we setup the integration, but it is re-configurable by CRM administrators on your side.