As the central point of interaction between a business and its customers, the contact center handles, stores and processes immense amounts of sensitive consumer data. That makes contact centers inviting targets for cybercriminals looking to get their hands on personally identifiable information such as Social Security numbers and payment card information.
The challenge has become magnified in recent years with the adoption of consumer data privacy regulations such as the California Consumer Privacy Act (CCPA), which gives California consumers more control over the personal information that businesses collect about them. Under the CCPA, consumers have the right to know what personal information is being collected and how it is being used, shared or sold. They have the right to view their data and can request that the organization delete their personal information.
Compliance failures can result in fines of up to $7,500 per violation, which can add up quickly when you consider that data breaches in 2019 involved an average of 25,575 unique records. Beyond the fines, breaches can also result in civil lawsuits, damaged reputations and lost customers. Given the consequences of a potential breach, it is essential that organizations adopt best-practice tools, training and processes to ensure CCPA compliance.
The CCPA applies to any business that collects data from California residents — regardless of where the business is physically located. Even if the CCPA doesn’t directly apply to your company, compliance will prepare you for what is likely to come. Similar regulations are working their way through legislatures in just about every state, and a new Senate bill would create a U.S. federal data protection agency if passed.
Research shows few contact centers are adequately prepared to ensure regulatory compliance on an ongoing basis. According to a 2019 Vanson Bourne survey of contact center compliance professionals, 99 percent said their compliance tools and software needed improvement and nearly 96 percent said compliance is a challenge for their IT teams.
Here are three key areas in which organizations should focus their compliance efforts:
CCPA Training. Contact center agents must understand how to handle customer data safely. The CCPA also requires agents who handle customer inquiries about privacy practices and data usage to be trained in the act’s regulations. They must be able to clearly explain how consumers can exercise their rights under the act. To accomplish this, businesses are required to develop, document and comply with a CCPA training policy.
Record-Keeping. Agents must document all CCPA-related consumer requests as well as the company’s responses. Records must include the date of the request, the type of request (such as a record change or deletion), how the request was made, when the response was delivered and the nature of the response. If the request is denied, the reason must also be documented. These records must be retained for a minimum of two years.
Fraud Awareness. Fraudsters often rely on social engineering tricks to get account information and other sensitive data — a practice known as “vishing” or “voice phishing.” They prey on the fact that agents are often dealing with high call volumes and are under pressure to resolve issues quickly while maintaining a pleasant and helpful attitude. Training programs should be designed to ensure employees are aware of the latest social engineering techniques and how to handle suspicious callers.
How IPC Can Help
The experts at IPC have extensive experience in the design, configuration, implementation and support of industry-leading contact center solutions. Our consultants can also sit down with you to discuss your data collection workflows and how they might be impacted by the latest privacy regulations. Let us help you implement the tools and processes needed to maintain data privacy and comply with the CCPA.