The recordings of each session are available on-demand, and this blog reviews some of the key messages.
In the first webinar, Verint’s Siobhan Miller and Iain Daws discussed the current state of the global data privacy landscape with Market Tuning Group‘s principal, certified information privacy professional and EU GDPR practitioner, Madelyn Gengelbach.
Data privacy regulations exist worldwide. The UN Conference on Trade and Development estimates that 58% of countries have data privacy regulations in place, while another 10% have laws that have been proposed but not yet enacted.1
In Madelyn Gengelbach’s opinion, these changes in data privacy regulations are driven by two factors:
- Governments are reacting to consumers’ rising privacy concerns. As organizations rely on increasing levels of customer data to help them engage with clients and provide personalized experiences, individuals demand to know not only what data is collected from them, but how that data is being used.
- The EU’s 2018 General Data Privacy Regulation (GDPR) has triggered data privacy initiatives outside the EU. As Madelyn commented, “Another key driver is the desire to amend laws to get an adequacy decision from the EU — which clears the way for that country to process personal data from EU residents.”
This evolving regulatory landscape poses new challenges to businesses operating internationally — and their contact centers.
- The evolution of data privacy regulations across jurisdictions and industries
Organizations need to adhere to local regulations in territories where they collect personal data and do business. These regulations are all structured differently, meaning, there’s no single law or standard to adhere to.
- The increasing amount of data collected and viewed within contact centers
To meet customers’ demands for more personalized and efficient services, businesses need an increasing amount of consumer data, which needs to be collected, managed and protected in accordance with strict data protection rules.
- New communications channels generating even more data
21st century customers enjoy the benefits of digital communication. So, businesses are enabling contact across various channels — such as telephone, e-mail, chat, web inquiry forms, social media . . . and the list is growing. Some data from these interactions must be captured, managed and kept secure — no matter what the channel or format.
- Different definitions of “personal data”
Data privacy regulations govern the use of Personally Identifiable Information, or PII. This can be anything that makes a person identifiable, either on its own or in combination with other data. To add to the challenge, different regulations adopt different definitions of what constitutes personal data.
Candidly, navigating today’s landscape can be quite convoluted. If you’re taking the first steps toward a strong data privacy compliance strategy, watch our first webinar and find out what our hosts suggest starting with.
In the second webinar, the audience got a deeper insight into some common data privacy use cases.
Although each regulation articulates its own requirements, generally, data privacy laws share some common principles, expecting organizations to:
- Conform with requirements around customer notice and address opt-in/out requests efficiently
- Provide customers with the ability to request access to their data
- Identify personal data tied to a specific individual and “hard delete” personal data when needed
- Protect personal data at all times by encrypting and limiting the access to the data.
So . . . Your organization has to be capable of keeping track of personal data, maintaining control over it, and ensuring a consistent and compliant approach to its use.
Yet, meeting these expectations can often be compromised by a number of factors — learn more by watching the recording of the second webinar.
As shown in our recent infographic, Forrester found that compliance with privacy laws ranks in the top three challenges faced by CISOs.2
The proper tools, however, can help you better comply and mitigate risks. In the third webinar, we explored some tools we have today to support better and more efficient data privacy compliance.
Interaction Analytics Tools use speech or text analytics to find keywords or phrases indicating consent. This can be extremely helpful when you’re trying to track customer consent or understand privacy disclosures in unstructured data.
Desktop Analytics are able to automatically copy information — such as customer ID numbers — from an agent’s screen and use it to populate other systems or generate metadata. This can help you find all data tied to a specific individual, even in a huge quantity of interactions.
Deletion Tools enable you to automate “hard deletes” when you have to eliminate all traces of an individual’s information.
Access Controls and Encryption can help you keep personal data safe at all times. According to the Identity Theft Resource Center, the most common causes of data breaches are unauthorized internal access and hacking. To minimize the risk of data breaches caused by employees, you can set up granular permissions that restrict access to personal information — adding an extra layer to your data protection strategy. To protect personal data from external threats, you should use record-level encryption of data — both at rest and in transit — with sophisticated encryption key rotation, which fights back attacks by retiring an encryption key and replacing it with a new key on a regular basis.
To discover more about how today’s tools can enhance your data protection strategy, watch our third webinar.
Fines and penalties are only part of the story. Data privacy is no longer simply a compliance risk issue. It has significant customer loyalty implications as well, with negative publicity and loss of reputation quickly able to damage customer goodwill and trust.
2 Forrester, Tackle The California Consumer Privacy Act Now, 8 February 2019