The Impact of Data Regulations on Contact Centers
There was a time that running a contact center was as simple as handing inbound and outbound phone calls. If a customer had a problem, she would pick up the phone and call customer service. If a service agent was unavailable, the customer would get a call back.
Simpler times, for sure. Today, companies must manage customer relationships on a dizzying amount of channels: the trusty phone is still there, but so is email, Twitter, Facebook, LinkedIn, SMS, Live Chat, and Chatbots. There’s a lot of complexity–and data–in managing that many channels. As new privacy regulations emerge, companies are faced not only with developing a strategy to best manage customer relationships but how to protect vital customer, employee, and partner data.
With the General Data Protection Regulation (GDPR) going into effect in 2018 and the California Consumer Privacy Act (CCPA) going into effect earlier this year, the movement to regulate the flow of data – and how companies use it – continues to grow. These regulations and corresponding penalties have profound impacts on the way contact centers operate and how they handle data.
For contact centers to adapt to changing data regulations, companies must approach privacy with transparency and diligence. What the early days of regulation have taught is that there is no black and white. Some companies have managed privacy with transparency, but have forgotten diligence. Many mistakenly thought that by working feverishly to become GDPR compliant that the hard work was done when they achieved it. Unfortunately, a strong privacy strategy is not something that can be implemented and then untouched. Regulations are constantly evolving and a privacy program needs constant attention and regular reviews.
When considering transparency, it is the metric companies to demonstrate that what they are doing is correct and justifiable. If there is not a clear reason for collecting a particular type of data, don’t collect it. If there is data you collected that you no longer need, remove it. Communication to stakeholders is of the utmost importance. Customers, prospects, employees, and partners all need to understand how data is being collected, stored, and ultimately used.
Diligence is defined by a company’s appetite to constantly evolve its thinking on privacy. Once a program is in place, it should be continually monitored and improved upon. Sadly, there is no silver bullet when it comes to privacy, so companies need to be vigilant. Set the regulation bar high and future proof the business from non-compliance. Service agent transcripts need regular review, as do social channels, emails and any other form of outbound communication, to ensure that the company is being transparent and meeting regulations.
With an organizational mantra of transparency and diligence, companies must consistently evaluate and do the following:
Understand Your Business
It seems simple but, when looked at in the aggregate and reviewed for all its moving parts, many companies struggle understanding their ecosystems. When considering the variety of audiences–customers, partners, prospects, employees, third-party vendors that leverage company data–it can be a painstaking activity to understand how and why data is being used and, when needed, change processes to ensure compliance.
Understand Your Environment
Even trickier than understanding the business is understanding what is happening outside the organization and its implications on the business.
At a minimum, keep an eye open for new legislation (warning: there will be more) across the geographies the company does business and understand how it impacts the company ecosystem. In fact, it’s good business to review every new privacy legislation regardless of whether or not it’s a region you have business in. What happens outside your ecosystem is sure to have implications down the road to which you will have to adapt.
Prepare for the Worst
The sad reality of all the time spent adhering to regulations, monitoring and changing your protocols, and evolving your company culture to prioritize compliance, you can still be non-compliant–and, worse yet, your data can still be vulnerable to outside threats. This is where future proofing and setting a high bar for compliance come in. If regulators come in, work with them. Identify the parts of your privacy program that need to be addressed.
Privacy–and security more generally–is never perfect and requires continual improvement. Lead with transparency and diligence, take these steps and you will reduce the level of surprise for your business.
About the author: Edgar Pimenta serves as Information Security Director for Talkdesk, where he has worked since 2017. He is responsible for Governance, Compliance, and Information Security Risk Management at Talkdesk. He also serves as an invited Professor in Fraud Management and Internal Audit and Enterprise Risk Management post-grad classes at Porto Business School.