Pages in topic:   < [1 2 3 4 5 6 7] >
SecurePRO update - list of security practices derived from SecurePRO cards
Thread poster: Henry Dotterer
Maxi Schwarz
Maxi Schwarz  Identity Verified
Local time: 17:48
German to English
+ ...
This expresses it better Aug 22, 2017

Fiona Grace Peterson wrote:

I admit I am still unclear - and Henry maybe you can help me out here? - is whether all statements on the definitive list will be visible to prospective clients - the "ticked" and "non-ticked" alike. If the customer is able to see those statements that do not apply to certain freelancers, then I think they can be discriminatory.

Let's take the example I gave - "PHYSICAL SPACE", and assume that the following three statements are eventually chosen.

* My home office is in its own room.
* I am the only one who uses my home office.
* I am willing to agree to make my home office available for on-site audit.

The publication of these statements in the "SecurePRO" section gives the impression that these are the conditions necessary for a freelancer's working practices to be "secure". And failure to "tick them" gives the impression that those who do not tick them are "not secure." Consequently, the statements above risk being read as follows:
* My home office is NOT in its own room / I am NOT the only one who uses my home office (customer interpretation: "So who else uses this room?")
* I am NOT willing to agree to make my home office available for on-site audit" (customer interpretation: "what's she got to hide?")

Obviously if the only statements which appear in a particular freelancer's SecurePRO card are those which apply to his or her particular case, then all this is moot.


Yes - how might it be interpreted?
In my case, there is the implication that paper copies are a less secure practice. The certified translations that I produce must be printed, stamped, signed, and sent to the client. I make paper copies of my translations and of the source document. This does not make my practices "less secure".


 
Alistair Gainey
Alistair Gainey  Identity Verified
United Kingdom
Local time: 22:48
Russian to English
Legal status and liability Aug 22, 2017

It's good to see Proz moving things forward and coming up with new ideas, but what's the legal status of all this? Suppose, for example, I promise to shred all my documents and agree to my home office being audited, but someone from a client turns up and finds a huge pile of their documents that I haven't got round to shredding? Or suppose I declare my home office network to be password-protected, but I leave a piece of paper with the password on lying around and someone hacks into the network a... See more
It's good to see Proz moving things forward and coming up with new ideas, but what's the legal status of all this? Suppose, for example, I promise to shred all my documents and agree to my home office being audited, but someone from a client turns up and finds a huge pile of their documents that I haven't got round to shredding? Or suppose I declare my home office network to be password-protected, but I leave a piece of paper with the password on lying around and someone hacks into the network and accesses all my clients' documents? (Or whatever...) By ticking the boxes, as it were, am I accepting some form of legal liability for any violations of these promises? (And if I am, is this legally binding?) Or is this just a bit of "fun"? In which case, I'm not sure I see the point, because surely clients who are concerned about these things will just make us sign NDAs and confidentiality agreements anyway? In other words, if these are legally binding obligations (I'm assuming they're not, but someone correct me if I'm wrong), this is an inappropriate way of agreeing to them (confidentiality and non-disclosure issues should be dealt with in agreements clearly specifying the consequences of violation, limitations on liability, dispute resolution procedures, applicable law, etc., not through "box-ticking" on a web portal), and if they're just promises that I may or may not keep, they're not worth the "paper" they're written on. Sorry to be such a nitpicker.

[Edited at 2017-08-22 15:05 GMT]
Collapse


 
Sheila Wilson
Sheila Wilson  Identity Verified
Spain
Local time: 22:48
Member (2007)
English
+ ...
Some more whatevers Aug 22, 2017

Alistair Gainey wrote:
what's the legal status of all this? Suppose, for example, I promise to shred all my documents and agree to my home office being audited, but someone from a client turns up and finds a huge pile of their documents that I haven't got round to shredding? Or suppose I declare my home office network to be password-protected, but I leave a piece of paper with the password on lying around and someone hacks into the network and accesses all my clients' documents? (Or whatever...)

Some more whatevers might be that you say:
* I am the only one who uses my home office.
But then your partner/cleaner/IT expert wants or needs access... What happens if granting them access inadvertently causes problems with the client's data? Speaking personally, do I get sued because I let my husband into a room in his own house ? Being sued for the loss of the client's data is one thing, but that?
* I am willing to agree to make my home office available for on-site audit... But what if your partner isn't so willing to have total strangers inspecting his/her house?
* I am willing to agree to destroy any translation memories created from the current work, upon completion of the project... But everyone knows from recent paedophilia trials that the real experts can get at data on hard disks that the owners reckon they've deleted. So, can we get sued for not being IT geniuses? In NDAs I always insist on "to the best of my ability" or similar being added.
* I am willing to agree that completed translations are the property of the client or client's client, and waive any personal rights thereof... But if they don't pay? Anyway, that one is covered either by copyright legislation or on an individual basis when necessary. It can't be a blanket Yes/No for a lifetime.

And I repeat my earlier statement that I suspect ProZ.com has no right to be requesting us to provide some of this information. It's the simple asking for personal data that causes an intrusion of privacy; there doesn't have to be a requirement to provide it, or any misuse of that data. It's totally different with clients as we have a partnership contract with them (whether or not we've signed anything). ProZ.com isn't a client of mine.

Sorry to be such a nitpicker.

I for one think all the nits you mentioned need to be picked, Alistair.


Elzbieta Dubois
 
Henry Dotterer
Henry Dotterer
Local time: 18:48
SITE FOUNDER
TOPIC STARTER
Thanks, Maxi. And a point about what it means to offer a certain practice Aug 22, 2017

Maxi Schwarz wrote:
Henry Dotterer wrote:
Your experience seems atypical. None of your clients has asked you to sign an NDA?


I hope that I have managed to clarify things.

Thank you, Maxi, it is very clear, and informative.

I want to make a distinction about what it means when you a person indicates that he or she offers one of these practices. With regard to paper copies, as an example, please note that the practice reads: "I either do not create paper copies, or am willing to agree to shred them upon project completion."

Where did this come from? "I do not create paper copies" is something a number of people have written in their profiles. (Apparently they do not offer certified translations, at least not in Canada.) Other people have written things like "I shred documents ten days after project completion". This is why the practice came into the list.

But note the wording. By signaling that one offers this practice, you are not saying you always shred documents. You are signaling that you are willing or potentially willing (if the "conditionally" option is selected) to *agree to do that for a certain project*. By picking never, you are saying that even if the client wants that, you don't offer it (maybe because you want to always have paper copies of what you have done, or maybe just because you don't own a shredder and don't plan to buy one.)


 
Henry Dotterer
Henry Dotterer
Local time: 18:48
SITE FOUNDER
TOPIC STARTER
Legal status is similar to that of statements made in profiles Aug 22, 2017

Alistair Gainey wrote:

It's good to see Proz moving things forward and coming up with new ideas, but what's the legal status of all this? Suppose, for example, I promise to shred all my documents and agree to my home office being audited, but someone from a client turns up and finds a huge pile of their documents that I haven't got round to shredding? Or suppose I declare my home office network to be password-protected, but I leave a piece of paper with the password on lying around and someone hacks into the network and accesses all my clients' documents? (Or whatever...) By ticking the boxes, as it were, am I accepting some form of legal liability for any violations of these promises? (And if I am, is this legally binding?)

Thanks for asking that question. Assuming you are asking specifically about the legal status of ticking off a list of security practices offered, consider that these are the sorts of statement that are already routinely made in profiles. The platform now provides a more expedient means of making those statements. I would suggest that the degree to which ticking one of these practices is legally binding is the degree to which making the same statement in one's profile is legally binding.

Further, note that the program presents this as an inventory of services offered or potentially offered, not as a guarantee that the service will be delivered on each and every project. The client still has to "order" the practice, and the translators still has to agree to "deliver" it, for a given project.

In other words, there is no agreement here. Only statement of offerings and capabilities.

One might ask, "What, then, is the point?" Again, expediency. It is easier to put these statements in one's profile using "tick-boxes". And besides, you just might think of some things you would otherwise forget or never even think of.


 
Henry Dotterer
Henry Dotterer
Local time: 18:48
SITE FOUNDER
TOPIC STARTER
The target audience is clients Aug 22, 2017

Sheila Wilson wrote:
And I repeat my earlier statement that I suspect ProZ.com has no right to be requesting us to provide some of this information. It's the simple asking for personal data that causes an intrusion of privacy... ProZ.com isn't a client of mine.

And I will try to make the same point that I have been making, which is that the target audience, when you clarify your service offerings, is not "ProZ.com" (which is an inanimate platform), but potential new clients.

In other words, this new feature is not presented so that you can convey information to ProZ.com, but so that you can *optionally* convey information about your services to potential new clients.

Get it?


 
Henry Dotterer
Henry Dotterer
Local time: 18:48
SITE FOUNDER
TOPIC STARTER
Thanks to those who are entering their practices Aug 22, 2017

Thanks to those of you who have set your own offerings using the list page!

Please note that you can change these settings at any time, or clear them. Aggregate data will be shown if enough people enter their settings. (If ten or more people enter a setting for a certain practice, percentages get shown.)

We are almost at ten on a few practices, but need more responses on most... the percentages are interesting and I am looking forward to the discussion that aggregate da
... See more
Thanks to those of you who have set your own offerings using the list page!

Please note that you can change these settings at any time, or clear them. Aggregate data will be shown if enough people enter their settings. (If ten or more people enter a setting for a certain practice, percentages get shown.)

We are almost at ten on a few practices, but need more responses on most... the percentages are interesting and I am looking forward to the discussion that aggregate data may stimulate.

The page is proz.com / security - practices
Collapse


 
Samuel Murray
Samuel Murray  Identity Verified
Netherlands
Local time: 23:48
Member (2006)
English to Afrikaans
+ ...
Option to expand all unexpanded text all at once Aug 23, 2017

Henry Dotterer wrote:
The page is proz.com / security - practices


There are about 80 options there, each with a bit of unexpanded text that one can expand by clicking the "+" icons individually. That's a bit silly, isn't it? Imagine reading any web site (blog, news, etc) in which only the first sentence of each paragraph is visible, and you have to click a "+" icon each time to read the rest of the paragraph. There should be an option to expand all these unexpanded text all at once.

Added: Oh, wait. Only two of those "+" icons have any effect. Perhaps there should be a way to show whether clicking the icon will open extra information or simply change it from a "+" to a "-".



[Edited at 2017-08-23 06:30 GMT]


 
Henry Dotterer
Henry Dotterer
Local time: 18:48
SITE FOUNDER
TOPIC STARTER
Thanks, Samuel Aug 23, 2017

Samuel Murray wrote:

Henry Dotterer wrote:
The page is proz.com / security - practices

There are about 80 options there, each with a bit of unexpanded text that one can expand by clicking the "+" icons individually. That's a bit silly, isn't it? Imagine reading any web site (blog, news, etc) in which only the first sentence of each paragraph is visible, and you have to click a "+" icon each time to read the rest of the paragraph. There should be an option to expand all these unexpanded text all at once.

Added: Oh, wait. Only two of those "+" icons have any effect. Perhaps there should be a way to show whether clicking the icon will open extra information or simply change it from a "+" to a "-".

Good feedback, Samuel, thank you, I'll pass it along. By the way, there is an option to "Expand all", on the left.


 
Mirko Mainardi
Mirko Mainardi  Identity Verified
Italy
Local time: 23:48
Member
English to Italian
Visibility toggle Aug 23, 2017

Please add a visibility toggle for this section, as we have for several others (including "Professional practices", which is similar in nature and intent) in our profiles, instead of showing "This person has opted not to show a SecurePRO™ card", which might be easily interpreted with a negative connotation by some clients.

Also, please consider doing the same for each of the two sections of the "SecurePRO™ card" itself (i.e. "Identity / Know Your Translator™ data" and "Procedu
... See more
Please add a visibility toggle for this section, as we have for several others (including "Professional practices", which is similar in nature and intent) in our profiles, instead of showing "This person has opted not to show a SecurePRO™ card", which might be easily interpreted with a negative connotation by some clients.

Also, please consider doing the same for each of the two sections of the "SecurePRO™ card" itself (i.e. "Identity / Know Your Translator™ data" and "Procedures and policies"), especially the latter, instead of showing a blank tab or another "opted not to show" message. This way, a translator could freely decide to use both sections or just one of them without (openly) giving the impression something "is missing" or is "not up to par".

Thank you.
Collapse


 
Henry Dotterer
Henry Dotterer
Local time: 18:48
SITE FOUNDER
TOPIC STARTER
Permission based Aug 23, 2017

Mirko Mainardi wrote:

Please add a visibility toggle for this section, as we have for several others (including "Professional practices", which is similar in nature and intent) in our profiles, instead of showing "This person has opted not to show a SecurePRO™ card", which might be easily interpreted with a negative connotation by some clients.

Also, please consider doing the same for each of the two sections of the "SecurePRO™ card" itself (i.e. "Identity / Know Your Translator™ data" and "Procedures and policies"), especially the latter, instead of showing a blank tab or another "opted not to show" message. This way, a translator could freely decide to use both sections or just one of them without (openly) giving the impression something "is missing" or is "not up to par".

Thank you.

Thanks, Mirko. We are making refinements in this area now. As usual, preference will be respected. Clarification of exactly who will see what will be made before the feature goes "live" (in the sense of people being able to see each other's cards.)


 
Henry Dotterer
Henry Dotterer
Local time: 18:48
SITE FOUNDER
TOPIC STARTER
SecurePRO FAQ Aug 23, 2017

I've started a SecurePRO FAQ. More questions will be added. I would welcome any feedback on the following.

What is the goal of the SecurePRO™ program?

To enhance the ability of LSPs and freelancers to ensure the confidentiality of end-client data, while still carrying out work in an efficient manner.

How does the SecurePRO™ program accomplish that?

For a start, by raising awareness of security practices. Beyond that, a means i
... See more
I've started a SecurePRO FAQ. More questions will be added. I would welcome any feedback on the following.

What is the goal of the SecurePRO™ program?

To enhance the ability of LSPs and freelancers to ensure the confidentiality of end-client data, while still carrying out work in an efficient manner.

How does the SecurePRO™ program accomplish that?

For a start, by raising awareness of security practices. Beyond that, a means is provided for freelancers to efficiently present their security practices and capabilities, and for clients to specify security needs on a project-by-project basis. Other important program features are forthcoming.

Is the point of the program to replace NDA's?

Not at all. The program is expected to help streamline and support the NDA process.

What is a SecurePRO™ Card?

A SecurePRO™ Card is the digital card, accessible from within profiles, where a freelancer can specify his or her security practices.

Who can create a SecurePRO™ Card?

Anyone with a ProZ.com profile of type freelancer or "both".

How does a freelancer create a SecurePRO™ Card?

By going to the comprehensive list of security practices and indicating which ones he or she offers.

What happens when I indicate that I offer, or conditionally offer, one of the security practices on the list?

The fact that you offer or conditionally offer that practice will be stated in your SecurePRO™ card.

If I indicate that I never offer a certain practice, is that shown in my SecurePRO™ card?

No. The card shows what you offer. No mention is made of what you do not offer.

What is the point of ticking "Never" if it does not even get shown?

It gets displayed in the aggregate data, which will be displayed not only to colleagues but also to clients when they are indicating which security practices they wish to require. (It may be useful for a client to know that by requiring a particular security practice, one is reducing one's pool of available translators by one-half, one-third, or whatever.)

What is the effect of ticking "Clear/Skip"?

Ticking "Clear/Skip" lets the system know that you choose not to specify whether or not you offer that particular practice. You will not be prompted to enter a response to this practice in the future.

Can I change settings?

Yes, you can freely change your setting for each practice at any time.

What legal ramification is there, if any, of my ticking a given security practice?

Consider it similar to making the same statement in free text form in your profile.

How was the comprehensive list of security practices created?

The list has been derived from practices described, in free text form, by freelance translators in their SecurePRO™ cards.

What if I want to offer security practices that are not on the list?

Apart from ticking off the practices that you offer from the list, you can enter additional information in the SecurePRO Card in free text form.

Who gets to see SecurePRO™ cards?

Full SecurePRO™ support is part of ProZ.com's Plus service package. For a SecurePRO™ card to be visible, either the owner of the card or the viewer must be a Plus subscriber (professional or business.)
Collapse


 
Lincoln Hui
Lincoln Hui  Identity Verified
Hong Kong
Local time: 06:48
Member
Chinese to English
+ ...
Feedback Aug 24, 2017

1. The number of items is self-defeating. The list is so long that it fragments emphasis, drawing focus away from the things that really matter. Assuming that one answers Always or Sometimes to all the items, the SecurePRO card display becomes very effective at preventing people from reading it by virtue of sheer length. (If that was the point, disregard this.)
The card should not use more than 30 lines of text with standard font sizes, 50 at the absolute maximum.

2. One of th
... See more
1. The number of items is self-defeating. The list is so long that it fragments emphasis, drawing focus away from the things that really matter. Assuming that one answers Always or Sometimes to all the items, the SecurePRO card display becomes very effective at preventing people from reading it by virtue of sheer length. (If that was the point, disregard this.)
The card should not use more than 30 lines of text with standard font sizes, 50 at the absolute maximum.

2. One of the fundamental issues of the program is that translators are incentivized to provide positive responses that are, for all due intents and purposes, impossible to prove one way or the other. There is no reason for it to have any real credibility. I also do not believe that this can replace a custom NDA or confidentiality agreement between client and contractor from a legal perspective, which means that it is entirely superfluous and does not serve any practical purpose.

3. Most importantly, though, I would like to ensure that the SecurePRO card cannot be used as a search criteria or a filtering criteria (whether for postings or searches). No one searching for translators should be able to set search parameters based on what security policies the translator has set, or whether he or she has a SecurePRO card.
Collapse


 
Sheila Wilson
Sheila Wilson  Identity Verified
Spain
Local time: 22:48
Member (2007)
English
+ ...
I'm afraid N°3 is out, apparently Aug 24, 2017

Lincoln Hui wrote:
3. Most importantly, though, I would like to ensure that the SecurePRO card cannot be used as a search criteria or a filtering criteria (whether for postings or searches). No one searching for translators should be able to set search parameters based on what security policies the translator has set, or whether he or she has a SecurePRO card.


The FAQ quoted by Henry above, with some extra highlighting:
What is the point of ticking "Never" if it does not even get shown?

It gets displayed in the aggregate data, which will be displayed not only to colleagues but also to clients when they are indicating which security practices they wish to require. (It may be useful for a client to know that by requiring a particular security practice, one is reducing one's pool of available translators by one-half, one-third, or whatever.)

So, it's sign up or lose valuable opportunities for collaborating with good clients.


 
Mirko Mainardi
Mirko Mainardi  Identity Verified
Italy
Local time: 23:48
Member
English to Italian
Sudden and unexplained drop in "Profile completeness" Aug 24, 2017

Just a few minutes ago I noticed my "profile completeness" had suddenly and inexplicably dropped from 100% to 88%. After a lot of digging around, I finally managed to find (again) this: http://www.proz.com/profile-completion

Apparently, that happened because I had decided to tick the "I choose not to enter my security procedures" in the new "Data security" section of our profiles, whic
... See more
Just a few minutes ago I noticed my "profile completeness" had suddenly and inexplicably dropped from 100% to 88%. After a lot of digging around, I finally managed to find (again) this: http://www.proz.com/profile-completion

Apparently, that happened because I had decided to tick the "I choose not to enter my security procedures" in the new "Data security" section of our profiles, which is now part of the list of fields used to calculate profile completeness.

If I remember correctly, profile completeness does affect directory ranking and/or searches, therefore it is not trivial. I am not particularly happy with the fact my profile completeness changed by itself and without my knowledge, nor that I am now basically "forced" to use this feature to just keep things as they were before...

Lastly, I thought that expressly opting not to complete a section that counts toward profile completeness did not affect the completeness itself (at least for 'encouraged' fields).

E.g.
http://www.proz.com/forum/prozcom_translator_coop/61698-project_connect_update_part_4_milestone_for_charter_program_reached_press_coverage_received.html#472132
http://tam.proz.com/forum/prozcom:_translator_coop/104107-client_feedback_and_profile_completeness_added_as_options_in_directory_and_job_posting.html?print=1
Collapse


 
Pages in topic:   < [1 2 3 4 5 6 7] >


To report site rules violations or get help, contact a site moderator:


You can also contact site staff by submitting a support request »

SecurePRO update - list of security practices derived from SecurePRO cards






Trados Studio 2022 Freelance
The leading translation software used by over 270,000 translators.

Designed with your feedback in mind, Trados Studio 2022 delivers an unrivalled, powerful desktop and cloud solution, empowering you to work in the most efficient and cost-effective way.

More info »
Protemos translation business management system
Create your account in minutes, and start working! 3-month trial for agencies, and free for freelancers!

The system lets you keep client/vendor database, with contacts and rates, manage projects and assign jobs to vendors, issue invoices, track payments, store and manage project files, generate business reports on turnover profit per client/manager etc.

More info »