WavebreakmediaMicro - Fotolia

What is the role of contact center compliance?

Expert Scott Sachs offers tips for contact centers looking to improve customer data protection and meet data security regulations. Learn how a clean desk fits into the equation.

As data breaches and consumer identity fraud cases have increased, so have new requirements from regulatory organizations.

As a result, concerns surrounding contact center compliance and customer data protection have moved front and center in the customer service industry. Companies have had to recognize the risks of not protecting the security and trust of customers and the detrimental impact if this security or trust is breached. Some examples of the changes that contact centers are making include the following:

A clean-desk policy. Contact centers must focus on the physical environment, ensuring that customer information cannot leave the four walls of the contact center. Clean-desk policies require that all writing instruments and other key items are not available at an agent's workstation, where customer's personal information may be accessible.

Document destruction. Contact centers must ensure that documents that contain personal customer information are properly controlled. Policies must be implemented to ensure that these documents aren't left idle where they can be copied, stolen or abused by those with malicious intent. Contact centers should also have a data retention and destruction policy that stipulates how long documents should be retained, and when they should be destroyed.

Additionally, companies need to consider who should have access to different types of data and information. While contact center agents may be privy to certain articles in a knowledge base or customer account records in a CRM, they might not have access to other pieces of sensitive information. It's critical to have a clear identity and access management policy in place and carried through at every level of the organization as part of a contact center compliance strategy.  

Automation. Contact centers must refine processes so that agents don't have access to critical pieces of customer information. If possible, customers should be transferred to an interactive voice response system when they are required to provide credit card information.

Vendor products. Companies are responsible for not only their own handling of data, but also their partners' handling of that data. Contact centers must ensure that the third-party products they use adequately protect customers. In organizations where agents still take credit card information, it's critical that call recording software does not capture the credit card information either verbally or during screen capture.

Making changes to comply with the new regulatory environment allows organizations to "check the box" to indicate that they are adhering to contact center compliance guidelines. Even more critical is for contact centers to realize that they are making changes to keep customers safe. Any breach of customer confidence and security will likely have a negative impact on business results.

Next Steps

Don't forget about how third parties interact with your data

Providing a quality customer experience requires data management

Get expert tips for protecting customer data

Dig Deeper on Customer data privacy and security