Companies collect and monitor information in their contact centers more than ever before. Almost everything gets recorded, and tools that access customer data, such as text mining, speech analytics, and live chat, are growing in popularity. During their conversations with agents, customers may reveal sensitive information, which could make them vulnerable. Data security and privacy strategy, once the domain of IT, must extend to the customer service organization.
Contact centers have unique challenges when it comes to data security. Customer service representatives now have access to customer data from every part of the organization through unified desktop tools and CRM programs. At the same time, turnover is high, which opens up the potential for an accidental or malicious data breach as people come and go.
For most companies data security is left to the IT department as a compliance issue. Financial services, retail, and other industries that take customer payment information are required to comply with Payment Card Industry (PCI) standards, which include encrypting and storing payment data securely. But for customer service professionals, data strategy should be a business concern, as well.
"Security of data isn't an intuitive, top-of-mind issue [for call center managers]," says Jim Shulkin, director of marketing at Envision. But as the focus on customer satisfaction grows, it's a natural extension. "Part of customer satisfaction is being able to look people in the eye and say, 'We can protect your data.' Customer service is about delivering an exceptional customer experience."
Both technology and training are keys to a proactive data security strategy. Many call center solutions offer data encryption, as well as tools that pause call recording when agents collect credit card numbers or discuss other sensitive information. But technology can't do it all.
"There tends to be a great deal of turnover among call center employees, which amplifies the problem of poor identity and access management, as well as the likelihood of an employee mishandling information because they simply aren't aware of how they should act in certain situations," says privacy expert Larry Ponemon, Ph.D., founder and lead researcher of the Ponemon Institute. He recommends that companies train their agents on compliance issues, as well as on the potential negative impact of a breach.
In addition, call center management should consider the risks in the physical center itself. "Contact centers by nature are chaotic, high-traffic areas," says Envision's Shulkin. He says that one retailer decided that its main risk was exposed data on an agent's screen as people constantly walk by. Management invested in shade screens for all monitors to neutralize the risk.
In the end a strategic approach to call center security is a combination of people, process, and technology.
"Invest in good technology, good employees, and make sure there is someone responsible for establishing and enforcing policy across the operation, as well as making certain that education and training is an ongoing initiative," Ponemon says. "Security is not a static endeavor."