Your Website Translation Provider Could Be Compromising Your Guests' Safety

Press enter to search
Close search
Open Menu

Your Website Translation Provider Could Be Compromising Your Guests' Safety

By Craig Witt, CRO at MotionPoint - 09/05/2019

Besides making guests feel welcome and comfortable, hoteliers must also protect their guests’ privacy. This includes securing the personal information they provide when booking their stays online.

Security is particularly important for hotels that serve international guests with multilingual websites.

Some international hoteliers rely on their longtime translation providers to localize their websites. Unfortunately, those partners may lack the expertise to effectively localize portal content. This is often because they specialize in translating offline content (such as books or brochures), but do not possess the technologies that are optimized to securely localize online experiences.

It’s imperative that hoteliers ensure their translation providers have the technical expertise required to offer a secure, localized experience for international guests.

Here are several best practices hotel brands should follow to evaluate the security features of a digital translation partner.

Protecting Guest Data

Leading localization partners proactively identify and prevent security risks. This includes strictly adhering to industry best practices, and continually evaluating ways to protect sensitive data.

A security-conscious localization partner uses industry-recommended secure encryption protocols for transmitting your data, like using your site’s SSL connection for receiving, translating and delivering content.

Another core practice is the use of website translation technology that does not store or see guests’ information. Names, addresses, numbers and other personally identifying information is automatically ignored by the technology.

Some solutions also use “directive tags” that can add even more security. Any content within these tags pass through the partner’s system, completely unrecognized and untranslated.

Complying with Industry Requirements

Your translation provider should follow comprehensive security controls and comply with strict industry requirements.

For instance, it’s common for reputable partners to complete annual security assessments conducted by independent PCI SSC Qualified Security Assessors. Your partner should demonstrate security practices that comply with PCI DSS on an ongoing basis, too.

The partner should have experience following security programs suited for customers in a variety of industries, including hotels and hospitality

Your localization provider should be fluent in international regulations, too. If you serve guests in EU markets, your partner must be well-versed in GDPR legislation, and be certified in Privacy Shield frameworks. Privacy Shield provides a mechanism to comply with data protection requirements when transferring personal data from the EU and Switzerland to the U.S.

Considerations for Secure Hosting

Some partners provide website hosting for the content of their customers’ localized websites. Their hosting infrastructures should also provide top of the line security, scalability and redundancy.

Great partners host their solutions in physically secure, geographically diverse data centers, and use real-time network monitoring and system defense.

Data centers should always be staffed by security teams, restrict access to authorized personnel and enforce security with multi-factor authentication and controls.

Third-Party Partners

Ask how your translation partner ensures that their own third-parties partners uphold security standards while providing or supporting components of its hosting services. Partners dedicated to security choose third parties that can prove effective management of complex network hosting and application infrastructures.

These partners must also support strict service-level agreements and security controls that satisfy industry standards and third-party validation, such as SSAE 16, PCI DSS, and/or ISO 27001 compliance.

Secure Development

In addition to providing secure solutions and robust hosting infrastructures, superior translation partners need on-site environment and programming practices that are supported by security-savvy professionals, trained to protect confidential data.

Leading partners follow Center for Internet Security system-hardening guidelines, and routinely train employees about attack methods, and how to avoid them.

Ask if your partner integrates security into their training and HR practices, such as personnel screening and ongoing education on how to safeguard data. Training should include topics such as:

  • Physical security
  • Workstation security
  • Data privacy
  • Incident prevention and reporting

They should also maintain robust operating environments with layers of security controls. Look for solutions that:

  • Adhere to industry-recommended security and privacy best practices
  • Regularly updates and manages system access
  • Continually tests systems to identify potential weaknesses

Protecting Your Guests Moving Forward

Privacy and security are top priorities for your global guests, as they should also be for your hotel brand—and your translation partner.

Only trust translation solutions that stick to various industry best practices and compliance mandates, and only use partners that hire skilled experts, dedicated to protecting your guests’ personal data.

About the Author

Craig Witt is the Chief Revenue Officer (CRO) at MotionPoint, a company that solves the operational complexity and cost of website localization. He has 28 years’ experience in building, leading and scaling high performing Go-To-Market teams at global enterprises.