Under Redaction! Why Companies Can’t Seem To Get It Right When It Comes To Recorded Data
Having sensitive customer data be improperly monitored or used without consent with outside contractors is a compliance no. Better call recording with...
CallMiner's 2024 CX Landscape Report is here! |Download today
Solutions
Products
Customers
Resources
Company
Accommodating regulatory guidelines and remaining compliant with strict mandates can be tough for any call center organization to do.
As communication technologies continue to evolve, so too do the various threats that target them. Call centers are at the bullseye in terms of their strategic attractiveness for malicious actors. Such organizations regularly intercept and process important, sensitive data pertaining to customers and clients across a large variety of industries. This makes them veritable treasure troves of highly valuable information if left improperly guarded against attacks.
Unfortunately, threats to consumer safety and privacy during dealings with call centers come in many forms, warranting a more encompassing approach to protection than other organizations might have use for. Read on to learn more about a few relevant regulations call centers must abide by to ensure the information they process remains secure.
Of particular importance to call center companies are regulations involving data privacy and protection.
The most widely applicable regulatory rule set is that of the PCI-DSS. However, both the HIPAA in the US and the GDPR in the EU are of importance to organizations outside of their respective territories.
This first set of rules and regulations is designed and enforced by leaders of the Payment Card Industry.
PCI-DSS stands for “Payment Card Industry Data Security Standards” and although it is not necessarily enforced at a governmental level in many jurisdictions, the PCI Security Standards Council holds companies accountable for failing to abide by established standards. In the event of failure to follow the rules put forth in this group of standards, companies may be fined by the council.
The Six Goals of the PCI-DSS
The PCI-DSS classifies the rules it contains under a series of six major goals. These goals are as follows:
Compliance with PCI-DSS involves understanding the above goals and documenting specific efforts outlined within the set of standards to meet them. Modern call centers that handle consumer payment card information should adopt the best practices the council’s official documents specify, such as following appropriate methods for ensuring PCI call recording and transcription compliance.
The “Health Insurance and Portability Act” or HIPAA governs key aspects of handling private health information within the US.
Since being passed in 1996, this act has been amended with additional information pertaining to the handling of electronic health records and more. The act’s Privacy Rule details these important regulations, delineating the processes that must be followed to access, edit and share electronic protected health information securely.
The bulk of the act’s requirements pertain to in-house administrative protocols and technological requirements for proper compliance.
Safeguarding Health Information
Protected health information must be kept completely secure at all stages of use, storage and transfer to be compliant with the HIPAAs many regulations. However, there are numerous specifics defined within the HIPAAs Privacy Rule that detail exact measures that must be taken on the part of organizations that deal with such information regularly.
An important facet of the HIPAA’s rules pertaining to staff training is as follows:
“Entities must show that an appropriate ongoing training program regarding the handling of PHI is provided to employees performing health plan administrative functions.”
Without proper training on data security policies having been implemented within an organization, a business could be subject to significant fines or worse.
Requests for Privacy Protection
In addition to implementing specific safety measures for handling electronic protected health records, health care call centers within the US must take appropriate measures to safeguard such information extensively if requested to do so by the individual such records belong to.
Organizations in this position should ensure that their systems permit such functions to be carried out safely in order to remain compliant.
GDPR stands for the “General Data Protection Regulation” – a group of laws designed to improve the handling of consumer information of all kinds as pertains to tracking, monitoring and more.
Most call centers monitor conversations constantly as a rule and are likely to find guidelines in the GDPR particularly applicable to their daily operations. Specifically, the rules in the GDPR apply to companies dealing with consumer information originating in the European Economic Area.
Storing Outreach Information
Keeping potential leads on file, though a particularly common practice for many outbound call centers, is no longer recommended due to GDPR privacy mandates. Retiring lists of contacts over time and safely disposing of data is now required to meet the exacting rules of this multifaceted body of regulations.
Preserving Anonymity
Data collection techniques of all kinds that involve persons who reside in or are from the EEA must make reasonable attempts to preserve said persons’ anonymity in addition to obtaining consent prior to collection of said data.
Download our white paper, Sitel + CallMiner Survey: Preventing Fraud and Preserving CX with AI, to learn more about the importance of data security for compliance within the call center environment.
Collections agencies must comply with the Fair Debt Collection Practices Act (FDCPA), a federal law that places restrictions on what debt collectors can do and say when collecting certain debts. A related regulation, the Fair Credit Reporting Act (FCRA), sets requirements for how debts are reported to credit bureaus and disclosed on consumers’ credit reports.
The FDCPA applies to debt collectors who collect on the following types of debts:
Restrictions under the FDCPA include:
Interaction analytics solutions can help collections and accounts receivables management (ARM) firms eliminate contact center compliance risk and ensure agent compliance by analyzing every interaction.
Download our white paper, 10 Ways Speech Analytics Empowers the Entire Enterprise, to learn more about how speech analytics can benefit every facet of your organization.
The various regulatory provisions described above concern most major call centers in the Western hemisphere and should be studied in detail to ensure the standards they mandate are met.
What tools and strategies does your company use to ensure compliance?
CallMiner is the global leader in conversation analytics to drive business performance improvement. Powered by artificial intelligence and machine learning, CallMiner delivers the industry’s most comprehensive platform to analyze omnichannel customer interactions at scale, allowing organizations to interpret sentiment and identify patterns to reveal deep understanding from every conversation. By connecting the dots between insights and action, CallMiner enables companies to identify areas of opportunity to drive business improvement, growth and transformational change more effectively than ever before. CallMiner is trusted by the world’s leading organizations across retail, financial services, healthcare and insurance, travel and hospitality, and more.