08 Jan New Year, New Rules: Consumer Trust, Data Privacy And Compliance In Contact Centers
It was destined to happen. The Wild West of digital media, with its international reach, enticing freedoms and little regulation, could not last without standards of regulation. Applying such significant updates to entrenched systems is cumbersome and costly. Privacy compliance in contact centers poses unique challenges. However, protecting consumer data is an important and positive change toward building consumer trust. Like the western frontier grew from a few tumbleweeds to a vibrant part of the nation, business is evolving. We must evolve with it or be left in the dust.
Products are tested prior to release, but not all glitches are revealed. The product needs to be used “in the wild” by its intended audience to get a real picture of where improvements are needed.
Just like a new product, it took the repeated use of digital platforms before privacy issues became clear. How can there be legislation without the information to understand what needs legislating? Now, with years of data on the use of consumer information, it’s understandable that laws are being drafted based on the problems that have been identified. This is for good reason:
“Until now, corporations have been allowed to collect vast troves of personal consumer data, while tap-dancing around what’s precisely being collected and who it’s sold to. Penalties for violating consumer trust and privacy are often either non-existent, or—as the FTC’s Equifax settlement made clear last year—surreal in their meaninglessness.”
– “What California’s New Privacy Law Means for You”, Karl Bode, VICE
From GDPR to CCPA
Europe’s General Data Protection Regulation (GDPR) was just the beginning of attempts to bring more privacy and compliance protection to consumers. California’s California Consumer Protection Act (CCPA) was inspired by the GDPR. Though California’s law is the strictest, numerous US states have consumer privacy laws, and more are being drafted.
The CCPA was voted in on June 29, 2018, went into effect January 1, 2020 and the date of enforcement is July 1, 2020. There have been numerous amendments and more are expected.
CA defines Personal Information as anything that can be used to connect to/identify an individual. This includes things like: numbers – phone, Social Security, credit card, etc.; addresses – physical or digital; location; and preferences/search history. Specific businesses that fit parameters detailed in the law are required to comply. It isn’t super simple, but Orrick’s blog has outlined which businesses are covered, penalties and an overview of the timeline of CCPA here.
Contact Centers, Privacy and Compliance
This is still the beginning of digitally focused legislation. It is better to get on board with changes now and not get buried under a mountain of them. This webinar at Brighttalk hosted by Aaron Lumnah (Senior Manager, Demand Generation, Semafone) with guest Thomas Chisena (Associate, Foley & Lardner LLP),covers legal parameters and how they affect the contact center.
Aaron brings up the point that the new privacy laws are particularly important for contact centers because they process so much personal information just by the nature of the work they have to do.
Also mentioned is the conundrum contact centers face when required to follow two laws that oppose each other. Example: the Payment Card Industry Data Security Standard (PCI DSS) “Bars the recording and storing of Sensitive Authentication Data for credit and debit cards” but the Electronic Funds Transfer Act (EFTA) “Requires the recording and retention of telephone conversations that authorize electronic funds transfers”.
There is a lot for contact centers to think about when putting systems in place to remain compliant.
Items for contact centers to address include:
- Who can use/see data and when (availability)
- Storage, security, encryption
- Method of handling issues once identified (like breaches)
- Policy accuracy – updating privacy and other policies when needed
- Training on compliance
- Have a department/service that tracks the constantly evolving laws
Compliance and Consumer Trust
With all of the new changes on top of other previously enacted laws and industry specific regulations (like HIPAA) it seems overwhelming to adjust. However, the protection of consumer data isn’t just a legal issue it’s a trust issue.
There are professionals who believe companies are giving the impression of creating privacy and compliance, but aren’t putting effective protection of consumer data in place. There are others who feel too much is being expected of companies. This Axios article “The Privacy Smokescreen” by Kaveh Waddell includes arguments by law professors and lawyers on both sides of the debate.
Change isn’t easy, but change that improves transparency has benefits. In an industry plagued with negative stories , trust is an asset to build long-term customer relationships that benefit both sides.
A More Civilized Frontier
Transparency in consumer data use and best efforts to address protecting it isn’t only respecting the law, it’s respecting the consumer. Everyone is a consumer. There is the potential for all to benefit. The laying of the railroads connecting the east coast of the US with the west coast didn’t happen overnight, but it happened.
Growing pains are common with new laws when they are being amended and adapted. 2020 is expected to be filled with more state laws and changes. It’s not the Happy New Year the industry wanted, but it’s not surprising to see the wild digital frontier pushed to be civilized.
(Note: this is not a legal blog or advice. Make sure to do your due diligence when complying with applicable laws.)