Compliance and Complexity: Data Privacy in the Contact Centre

Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn

Data privacy and security remain critical touchpoints in building a secure contact centre posture and framework

There are three words that should define how the contact centre approaches data and privacy in 2021 – ethical, compliant, and secure. According to McKinsey, companies need transparent guidelines and standards that define their use of data, ensuring that it remains ethical and compliant, and that it is used responsibly. This approach is, of course, defined by legislation such as the GDPR in Europe and POPIA in South Africa, and it has become a critical for the long-term success of any contact centre operation. According to Francois du Plessis, CEO of Callbi Speech Analytics, contact centres need to build POPIA into their core foundation in order to remain secure, compliant and ensure longevity.

“Acts like POPIA set the ground rules for processing personal data and information and outline the organisation’s requirement to respect people’s right to privacy,’ he explains. “Data processing has to now abide by rigorous rules and protocols that come with hefty fines if ignored. So, how can these contact centres dig deep into insights hidden within millions of calls every day, without risking their POPIA compliance?”

The answer is simply to choose vendors that have become obsessed with cybersecurity. The type of cybersecurity that goes beyond the firewalls and the systems and into the very fibre of the organisation, ensuring that every drop of data is processed, analysed and managed strictly according to legislation and best practises. This is security that takes the requirements of POPIA and embeds them deep into systems and processes so that contact centres can be assured that their customers’ personal information remains protected, and they themselves remain compliant.

“The contact centre vendors of this day and age need to be constantly challenging themselves by endeavouring third party security audits,” says du Plessis. “These audits should involve periodic deep dives into multiple areas of the business, ensuring that absolutely no serious gaps or vulnerabilities remain undetected. Apart from conducting frequent penetration tests and internal audits, Callbi concluded more than 20 external security reviews in the past year, ranging from high-level POPIA compliance checks to in-depth security audits from some of South Africa’s top financial institutions. We were tested on various aspects from a data security perspective and successfully passed every single one of these assessments”. Security audits should be part of contact centre best practice and are designed to unpack any potential holes that may exist. Audits are the eagle eye that catch that unexpected worm.

From malware to weak credentials to phishing to technical vulnerabilities, every organisation is constantly at risk, no matter how robust the security system or investments made into employee training. There will always be that constant need to patch previous versions of software, or the risk of the untrained person who clicks on a phishing email and gives out important corporate credentials.

Du Plessis says that the contact centre vendors should undergo regular penetration testing so that risks are rapidly uncovered. This, alongside other more in-depth technical audits, can go a long way towards revealing any potential security shortcomings that can be addressed and mitigated upon early detection.

Your contact centre technology has to be trusted and it has to be compliant. These are non-negotiable. Selecting a platform that provides you with the necessary list of security measures in place goes a long way to ensuring peace of mind. Solutions should encrypt data in transit and at rest, store it only for as long as necessary before deleting it permanently, require strict and appropriate authentication before access is granted to the data, and store tamper proof access logs for real-time auditing, for swift detection of unauthorised access and to determine the extent for remediation purposes.

“At Callbi Speech Analytics, we have embedded security into every, single part of the business and the service we provide,” concludes du Plessis. “Data remains safely encrypted at rest in AWS while only two people at Callbi have global access to this data. The limited internal access to data by Callbi is bolstered by requiring multi-factor authentication, use of strong passwords, and ongoing employee training. We also do regular security audits. Contact centres have full visibility and control in terms of who else has access to their data through the Callbi web application and API. This typically includes the contact centre’s own employees, training and support staff on a temporary basis, and any other third party they choose to involve.”

The contact centre has become increasingly relevant to the globally distributed organisation. With hybrid and remote workforces and geographically dispersed customer bases, companies are relying on the contact centre’s human touch to engage with customers and build long-term relationships in a disconnected world. By assuring customers of ethical, secure and compliant management of personal data, contact centres go a long way to retaining customer loyalty, building trusted reputations, and mitigating risk.

By Francois du Plessis, CEO of Callbi Speech Analytics.

We've helped thousands, now let's help you.

We are committed to helping you to make an educated buying decision, and finding the best telecoms partner for your business.

Compare VoIP Providers in South Africa