PRIVACY DO’S AND DON’TS FOR CUSTOMER SERVICE REPRESENTATIVES
PRIVACY DO’S AND DON’TS FOR CUSTOMER SERVICE REPRESENTATIVES
Last month a major telecommunications company was hit with a $25 million fine for data protection violations that occurred in 2013 and 2014 in several of its outsourced contact centers in Mexico, Colombia, and the Philippines
The fine was part of a settlement that the telecommunication’s company reached with the Federal Communications Commission (FCC)
Several incidences where employees at the company’s contact centers reportedly passed the names, full or partial Social Security numbers, and other account information of about 280,000 U.S customers of the telecommunication company to illegal third parties who then used the information to unlock stolen cell phone
The $25 million fine is the largest data security enforcement action to date for consumer privacy breach
2
3
CONSUMER PRIVACY – EXTERNAL THEMATIC ISSUES
Safeguarding customer information is everyone's responsibility
Failure to safeguard customer information is expensive for companies
Civil, criminal, legal and regulatory costs are rising for companies
Social Security numbers, especially when paired with other personal information, such as names, addresses, email addresses, employment records and birth dates, a hacker can make between $250 and $400 each
Keeping valuable customer data out of the hands of cyber-thieves is a constant battle
4
THE TOTAL NUMBER OF DATA BREACHES HIT A RECORD HIGH OF 783 IN 2014
2010 2013 20140
100
200
300
400
500
600
700
800
Reported Data Breaches in the United States Since 2010
Years
Num
ber o
f Da
ta B
reac
hes
Source: Identity Theft Resource Center (ITRC)
5
CONSUMER DATA PROTECTION LAWS HAVE EVOLVED IN RECENT YEARS RESULTING IN HEIGHTENED COMPLIANCE AND RISK MANAGEMENT ISSUES
1. Health Insurance Portability and Accountability Act (HIPAA) applicable to the health care industry
2. Gramm-Leach Bliley Act (GLBA) "safeguards" regulations for financial institutions
3. State insurance law analogs to GLBA Safeguard Rule applicable for financial institutions
4. State laws governing businesses that maintain personal information of residents e.g. Massachusetts, Nevada and California)
5. Massachusetts "Written Information Security Program (WISP) is required if a company has personal information of Massachusetts residents even if the company itself is not present in the state.
1
2
3
4
5
6
DESPITE THE GROWING NUMBER OF ATTACKS COMPANIES ARE STILL NOT DOING ENOUGH TO PROTECT PERSONALLY IDENTIFIABLE INFORMATION (PII)
Data security
Downgrade risks - not assigning it the appropriate level of importance
Lack of resources and a critical disconnect" between chief information officers and senior leadership
Key Question - Is there a lack of resources and a critical disconnect between heads of customer service organizations and the people employed to serve customers across different channels like phone, email and chat?
7
COMPANIES MUST ADOPT REASONABLE DATA SECURITY MEASURES
SEC
ON
D L
INE
FIR
ST L
INE
THIR
D L
INEOperations and
Business Units (design and operation of
controls)
Management Assurance (ongoing
controls and monitoring)
Independent Assurance
(External Audit)
8
COMPANIES MUST ADOPT REASONABLE DATA SECURITY MEASURES
SEC
ON
D L
INE
FIR
ST L
INE
THIR
D L
INEOperations and
Business Units (design and operation of
controls)
Management Assurance (ongoing
controls and monitoring)
Independent Assurance
(External Audit)
9
COMPANIES MUST ADOPT REASONABLE DATA SECURITY MEASURES
SEC
ON
D L
INE
FIR
ST L
INE
THIR
D L
INEOperations and
Business Units (design and operation of
controls)
Management Assurance (ongoing
controls and monitoring)
Independent Assurance
(External Audit)
10
QUALITY ASSURANCE AND INTERNAL CONTROL REVIEWS ARE PROGRAMS TO ENSURE PROTECTION OF CONSUMER PRIVACY
SEC
ON
D L
INE
FIR
ST L
INE
THIR
D L
INEOperations and
Business Units (design and operation of
controls)
Management Assurance (ongoing
controls and monitoring)
Independent Assurance
(External Audit)
11
SO WHAT ARE THE PRIVACY DO’S AND DON’TS FOR CUSTOMER SERVICE REPRESENTATIVES?
Do’s Don’ts
• Routinely conduct quality assurance monitors across all of your channels e.g. voice, email and chat placing as much emphasis on internal conformance measures as you would on customer experience
• While your quality assurance program is robust and mature, don’t assume all of your customer service representatives are adhering to your internal conformance measures
• Establish an internal control review process to supplement your quality assurance program to ensure your customer service representatives are following policies and procedures
• No process in place to routinely sample end-to-end customer transactions to ensure your policies and procedures are being followed by your customer service representatives
• Create and enforce a clean desk policy • You don’t have a clean desk policy
• Ensure agents press ‘Ctrl-Alt-Delete’ on their desktop computers when they step away from their desks
• Allow customer service representatives to walk away from their cubes without properly securing sensitive customer informaion
12
BUILD A CULTURE OF PRIVACY WITHIN YOUR CUSTOMER SERVICE ORGANIZATION
Education
Compliance
Risk-based approach to customer transactions
Independent investigative regimes
Program for resolving issues that arise
13
LET’S KEEP IN TOUCH
Art HallAlvarez and Marsal3424 Peachtree Road Suite 1500Atlanta, Georgia 30326(404) [email protected]: Art_Hall4LinkedIn: https://www.linkedin.com/in/arthall
14
Recommended