When retailers engage service providers to translate and localize ecommerce sites they put customer data within the reach of those providers. Here are several questions retailers should ask translation firms about their security and privacy practices.

Craig Witt, chief revenue officer, MotionPoint

In the competitive, fast-paced world of ecommerce, retailers must ensure the security and privacy of their customers’ personal information. This is especially the case for brands that serve international markets with localized websites.

Most companies rely on solutions offered by traditional translation partners—most of which weren’t designed to localize highly complex websites. Rather than depend on approaches that may not be fit for website localization, companies must ensure their translation providers have the technical and security expertise to offer a secure, translated UX to international customers.

Here are several best practices to keep in mind as you evaluate the security capabilities of your current, or prospective, digital translation partner.

Data security and privacy are top priorities for your global customers, as they should also be for your company—and your localization provider.

Protecting Customer Data

The best translation partners are vigilant in identifying and preventing security risks, implementing security best practices and continually evaluating ways to protect sensitive data.


Security-conscious localization partners support industry-recommended secure encryption protocols for transmitting your data, such as using your site’s SSL connection for receiving, translating, converting and delivering content.

Another core practice is the use of website translation technology that does not store customers’ information. Names, addresses, credit card numbers and other personal data should automatically pass through the technology unseen and untouched.

In addition to automatic settings that ignore private content, some solutions use “directive tags” that add an extra layer of security. These tags can be applied to code within a website. Any content within these tags pass through the partner’s system completely ignored, unrecognized and untranslated.

Compliance with Security Protocols

Ask your localization partner if it provides flexible and comprehensive security controls and complies with strict industry requirements.

For instance, reputable partners complete security assessments at least on a yearly basis, which are conducted by independent PCI SSC Qualified Security Assessors. Your partner should also demonstrate ongoing security practices that comply with PCI DSS.


Your partner should implement a security program that supports customers in a variety of industries. In addition to PCI DSS, additional security standards include ISO 27001, FedRAMP, ITIL, HIPAA and others, all which demand the protection of confidential customer data.

Your localization provider should be fluent in international regulations, too. If you sell online in EU markets, your partner must be well-versed in the implications of recent GDPR legislation. It should also be certified in Privacy Shield frameworks, which provide a mechanism to comply with data protection requirements when transferring personal data from the European Union and Switzerland to the U.S.

Secure Hosting Solutions

Some partners provide hosting for their website translation solutions, which includes the content of your localized site. Their hosting infrastructures should provide best-of-breed security, scalability and redundancy. Ask if their solutions are hosted in physically secure, geographically diverse data centers. Great partners also use real-time network monitoring and system defense.

Hosted solutions should use data centers that are always staffed by security teams, with access restricted to authorized personnel, enforced with multi-factor authentication and controls.

Those facilities should also be rated at N+ redundancy, in compliance with industry standards, maintaining robust resilience plans for all computing environments.


Third-Party Partners

You’ll also need to investigate how the translation partner ensures that their own third-party partners uphold security standards while supporting components of its hosting services. Security-savvy partners choose third parties that demonstrate maturity in effectively managing complex network hosting and application infrastructures.

These partners must also support stringent service-level agreements and security controls that satisfy industry standards and third-party validation.

Look for solutions that recognize SSAE 16, PCI DSS, and/or ISO 27001 compliance as standards that best demonstrate a provider’s effectiveness in managing complex hosting and application services.

Best Practices for Secure Development

It’s not enough for partners to have secure solutions and robust hosting infrastructures. They also need on-site environment and programming practices that are supported by security-savvy professionals, trained to protect sensitive data.

Leading partners follow Center for Internet Security system-hardening guidelines, and routinely train employees about attack methods, and how to avoid them.


Ask if your partner integrates security into their training and HR practices. This includes personnel screening and ongoing education on how to safeguard data. Training should include topics such as:

  • Physical security
  • Data privacy
  • Incident reporting
  • Workstation security

They should also maintain robust operating environments with complementing layers of controls. Look for solutions that:

  • Honor industry-recommended practices
  • Conduct routine updates and management of access to systems
  • Continually tests systems to identify potential weakness

Security and Privacy Moving Forward

Data security and privacy are top priorities for your global customers, as they should also be for your company—and your localization provider.

Only use a translation approach that is aligned with various industry best practices and compliance mandates, and only use solutions that are supported by skilled professionals, dedicated to protecting your customers’ personal data.

MotionPoint provides translation services to online retailers.