The State of Data Security in Today’s Contact Center
Dozens of international retailers, airlines, and restaurants experienced a massive data breach in 2017. The same year, courts asked Amazon and Apple to provide files and recordings as evidence in open cases. Already in 2018, Facebook CEO Mark Zuckerberg has testified for congress how the social network collects, manages, leverages, and shares personally identifiable information (PII). The public’s personal data security concerns are higher than ever and customer experience leaders are taking notice.
Consumers of all ages and demographics consistently report wanting to control and ensure the privacy of their PII. However, time and time again the behaviors of the public contradict this reported desire. Your customers have a myriad of opportunities, ways, and reasons to share their personal information – from wanting a tailored customer experience to requesting customer support assistance. Because of this seeming contradiction in reported desire and actual behavior, some brands have the mindset that their customers don’t care about their data.
However, each time a large data breach is reported the public panics, brand sentiment and loyalty are negatively impacted, and the organization ends up with hefty fees as a result. IBM’s 2017 Cost of a Data Breach Study found the average consolidated total cost of a single data breach is $3.62 million. As regulations continue to develop and international organizations comply with GDPR laws, brands can expect customer data privacy to remain in the spotlight. Forrester warns that even a multi-million dollar fine might not be the biggest ramification for brands that experience a data breach going forward. Their analysts suggest that activist groups will fight to exhaust an organization’s resources as backlash to a breach involving PII in a post-GDPR world.
So how can brands strike a balance between creating personalized experiences and a sense of security? How does one balance transformation and technological advances while ensuring that customer data is not compromised? What responsibilities do companies have to protecting this information as it is passed from system to system?
1. Default to privacy in an age of personalization
Your customers want privacy and they want their data to be protected. At the same time, they crave personalized experiences. As Principal Analyst at Forrester, Ian Jacobs, puts it, “your customers are walking, talking contradictions”. Jacobs writes, “In the age of the customer, default to privacy. Offer your customers the option to see exactly what they’re sharing with you, and show them how sharing their data will directly benefit them.”
As a business you must protect your customer’s privacy on their behalf, first and foremost. Pew Research found that 91% of adults agree or strongly agree that consumers have lost control of how personal information is collected and used by companies. In order to strike the right balance, the organization must empower customers with knowledge of their data collection and the subsequent control the customer has over his or her personal information.
Jacobs shares, “proactively break down your policies so users can understand what they gain from this exchange: share with us, and you’ll get a more streamlined, personalized customer service. Give a little, get a little.” The message that Jacobs continues to drive home on the subject of privacy is one of empowerment and accountability. “Transparency and simplicity will go a long way towards establishing trust with your customers.”
2. Maintain customer data privacy while creating magical moments
One should not assume that you can’t securely leverage customer data to create unique and convenient experiences. It’s very doable! Dan Gingiss, author of Winning at Social Care: How Top Brands Create Engaging Experiences on Social Media and co-host of the Experience This! Podcast, shared his advice for creating “wow” moments without jeopardizing customer PII.
“Not only is it possible to create personalized experiences while maintaining a customer’s privacy, it’s essential. Even with the Millennial set, which is more willing than most generations to share personal information, companies must make it a top priority to safeguard that personal data. The core issue here is TRUST, which is a major component of a positive customer experience. No one wants to do business with a company they don’t trust, and keeping personal information secure is a key way to earn – or lose – that trust.
That doesn’t mean that companies can’t personalize or create convenient experiences; it just means they have to get creative about how they do so. As an example, Discover Card shows customers certain pieces of data (like balance due and rewards dollars) within the mobile app without the customer having to log in. This has become a popular feature because of the convenience factor. But no action can be taken on the customer’s account without the customer logging in and being authenticated, so there is no privacy risk.
Customers expect a personalized experience, and they also expect their data to be protected, even in light of many public data breaches. Companies must be able to do both if they want a memorable customer experience.”
3. Security vs Privacy
Ultimately, who is responsible for protecting customer data? It may be more complicated than you think. Barak Engel, author of Why CISOs Fail and Founder/Chief Geek at the information security firm EAmmune, explains differences between data processors and data controllers and the role they both must play in protecting consumer PII:
Data controllers are the only ones which have a direct legal responsibility to the consumer. However, they are generally required to also bind (via contractual means) their processors to a subset of those requirements. There is a domino effect in the sense that processors (via those same contractual requirements) must further bind all their sub-processors to the same requirements, all the way until PII is no longer shared.
When a consumer wishes to exercise their access rights – for example, the right to be forgotten – then they must reach out to the businesses with which they have interacted directly. In turn, the controllers must forward the request to all of their processors (who, in turn, must do the same with their sub-processors, and so on). Note that the interaction takes places through the controller only.
As a result of these growing concerns from customers, I expect a lot of process change and preparation on the social networks/internet infrastructure (Facebook, Google, etc.) side of things as well as innovation from the most recognizable consumer brands.”
What are brands doing to ensure customer data privacy?
Brands are leveraging technology to take the burden off of the customer and remove the agent from the PII exchange process whenever possible. This is especially true in the contact center. Despite some advancement in this space, the US State of Data Security in Contact Centers report found that 72% of contact center agents still require customers to read numbers and share personal information over the phone, which is inherently unsafe. In the telephony space, solutions include pausing recordings when customers share data, IVR flows that collect needed PII before agent-handoff, and sound-altering tools like dual-tone multi-frequency solutions that mask the tones of keyed-in numbers.
Enterprise organizations are increasingly bolstering their digital messaging efforts in an attempt to provide full-service issue resolution, maintain brand image, and increase customer satisfaction. Messaging circumvents the need for customers to verbally repeat PII. Unlike chat, it provides both parties with a persistent record of previous conversations. This means that customers are less likely to have to repeatedly share the same PII and that they can also reference a record of the interactions exchanged.
Technological advancements in the messaging space have ushered in a new era of secure information collection and sharing. These advancements range from bots that can collect customer-specific data to CRM integrations that relay only relevant points of customer PII to customer support agents.
Ultimately, as the customer advocacy department and the first line of assistance, the contact center must lead the charge to protect customer data. Leaders of customer-facing teams will be tasked with providing amazing CX without jeopardizing PII security. There is an opportunity to stand out from the competition by building and earning trust with your customers. Ask yourself: how will your brand handle the data they collect from customers going forward? Where do we see opportunities for improvement and chances to do right by our customers?
Five ways to improve data privacy in your contact center
- Secure your software: Ensure that all agents are using secure software that has been approved by your organization to access customer-interfacing channels – and make sure this software complies with your industry regulations. This includes establishing a centralized system for accessing messaging and social channels like Facebook Messenger and Twitter, rather than doling out username and password information to your entire workforce.
- Restrict unnecessary access to support channels: Develop and maintain a system for accessing software and applications on personal networks and mobile devices – customer-facing representatives increasingly work remotely and in decentralized locations. Make sure that folks with access to your employee’s electronic devices do not have unauthorized access to your brand’s support channels.
- Establish secure processes and workflows: Familiarize yourself with your existing customer data privacy policies and procedures. By understanding your current situation, you will be able to best advocate for the needs of your customers, your contact center agents, and your brand’s reputation.
- Follow GDPR guidelines: This new regulation was put into place with consumers in mind and is centered around empowering individual consumers with access to and control over their data. By complying with the GDPR, brands must create processes that protect customer data and limit a company’s liability.