No Jitter is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Privacy & Your Contact Center: Keeping Track State by State


Photo illustrating data protection
Image: Thomas -
We have CCPA in California, and GDPR in Europe. If you’re in the contact center business, you need to keep up with the growing number of passed and pending privacy bills in various geographic areas. They vary on coverage, requirements, and penalties. This is a fluid environment, and can change at any time.
I scanned multiple websites to locate and summarize the status of the privacy laws. I’m not a lawyer; my comments are meant to stimulate your investigations into the changing state privacy laws. Some of these laws may end up conflicting with federal legislation, but as that doesn’t appear to be forthcoming any time soon, concerns about that can wait.
The State of the States
Based on a privacy law comparison table compiled by the International Association of Privacy Professionals, three states have passed privacy regulations at the time of this writing: California, Nevada, and Maine. Meantime, about 300 other state privacy and security regulations are under consideration.
Here’s a sampling of state privacy law initiatives.
Vermont — Title 9 Commerce and Trade Chapter 62 statuteThis statute has four subchapters:
  • Security Breach Notifications Act
  • Social Security Number Protection Act
  • Document Safe Destruction Act
  • Data Brokers – This would require data brokers that collect and license consumer personal information to register annually with the Secretary of State. Data brokers would need to provide consumers with specified information, including their names, emails, and Internet addresses
Delaware — Online Privacy and Protection ActThis act would prohibit website operators, online and cloud computing service providers, and developers with applications directed at children, from marketing or advertising about specified products or services inappropriate for children’s viewing.
The act has three parts:
  • Prohibitions on online marketing or advertising to a child
  • Posting of privacy policy by operators of commercial online sites and services
  • Privacy of information regarding book service users
Connecticut — Chapter 743dd Protection of Social Security Numbers and Personal InformationThis law stipulates that if an organization collects Social Security Numbers (SSNs), it would need to create a privacy protection policy for public display on its website. The policy would need to protect the confidentiality of SSNs, prevent unlawful disclosure, and limit access.
Oregon — Chapter 646 Trade Practices and Antitrust Regulation 2019 EditionAccording to the National Conference of State Legislatures, this regulation makes it “unlawful trade practice if a person publishes on a website related to the person’s business, or in a consumer agreement related to a consumer transaction, a statement or representation of fact in which the person asserts that the person, in a particular manner or for particular purposes, will use, disclose, collect, maintain, delete or dispose of information that the person requests, requires or receives from a consumer and the person uses, discloses, collects, maintains, deletes or disposes of the information in a manner that is materially inconsistent with the person’s statement or representation.”
Nebraska — Statute 87-302 (deceptive trade practices; enumerated)This statute would prohibit making false or misleading statements regarding the use of personal information submitted by members of the public in a privacy policy, wherever it might be published or distributed.
New Jersey — Privacy Bill S2834This bill would require operators of websites or online services to notify customers of the collection and disclosure of their personally identifiable information. The bill would apply to any individual within the state, regardless of residency.
What You Should Do!
Keeping up with proposed and passed privacy regulations won’t be easy. As can be seen by the above examples, not all possible privacy regulations are apparent in their titles. You should bring together a team from the contact center, IT, legal, marketing, and sales departments to monitor and respond to the regulations. You don’t want to be blind-sided by a missed regulation.
In addition, reach out to your contact center provider and request information about how it plans to deal with the regulations. And, have the corporate legal team investigate the liabilities that the software vendor or cloud service will and will not accept. You need to know the possibilities of your organization not complying properly with privacy regulations.
Don’t overlook the training your contact center agents will need to deal with the variety of regulations. They’re the first responders. As each regulation is passed, your staff might require new training.