This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
Sophisticated Data Collection Means Sophisticated Data Dilemmas
To me, one of the great takeaways from Enterprise Connect 2022 was the discussion of increasing levels of sophistication in data collection—some might call it “strip mining”—and repackaging that data for other uses, i.e., revenue generation. From the contact center perspective, the use of increasingly personalized information when speaking with customers makes a great deal of sense—since most of the time, when people dial in, they are not happy about something. (Having worked in a contact center early in my career, I fully recognize that no one ever calls and says, “Hey, my bill looks terrific this month. Thanks a lot!”)
So while it's certainly possible that a well-informed agent who can readily see the customer’s history may provide a whole new level of customer service. (The keyword here is may) Those same customers may also find that way too much of their personal information is no longer remotely confidential.
Consider this the first of a four-sided pyramid. However, there are the other sides. How did the contact center’s management get access to the information in the first place; what is the entity that has the information doing with the information, and finally, how does the entity that has the data protect the information it has collected? Additional considerations include whether or not the data protection scheme is GDPR compliant. If you ask, “why should I care about GDPR compliance when doing business in North America?” think again.
The first question is how the contact center got access to the personal data in the first place. The answer, most logically, is that the data was freely provided by its original owner. That is, when the user was queried for some personal information, it was provided. A second method of collecting personal information is the result of cookies that have been planted on a device. And when, for whatever reason, the device user did not opt out of them—particularly the ones defined as “marketing”—the user gave away what would otherwise have been considered private information. Think sites visited, topics of interest, and potentially things like credit card numbers.
Another way the once-private information gets taken away is when a user inputs private data “out there” over public Wi-Fi. Once again, convenience often outweighs good sense. And once data is “out there,” it’s essentially impossible to get it back.
The next consideration is once the data has been retrieved, how does the entity use it? In some cases, it can certainly be argued that it enables entities to provide a more personalized and sophisticated “customer experience.” If you see more things that you like based on how some algorithm has determined your preferences, perhaps you’ll be more likely to buy more. This personalization can result in an improved bottom line to the entity that’s harvested the data in terms of plain sales revenue. However, a second revenue generating opportunity for the holder of this once-personal data is its value to third parties. Often, such personal data is sold, creating another revenue stream for the original data collector . It’s also important to consider that most consumers are clueless that the data they provide could well be sold off, and even fewer of them have given permission for such information to be shared at all, let alone sold.
The best old-world analog I can think of could be when you’ve purchased from a catalog, then begin to receive catalogs from companies that sell related or comparable merchandise. The original vendor has likely sold its mailing list to another entity, thus resulting in more catalogs from unfamiliar companies coming straight to your mailbox and then your recycling bin, whether in print or by email. In any case, the information you provided so that your package could be delivered is likely to end up in someone else’s database and will then be used to target mail to you based on your original purchase.
Regardless of how an entity gets its hands-on personal data, perhaps the most important question is how it protects that data. This is one of the areas where GDPR (the European Union’s ever-evolving data protection rules) compliance becomes important, particularly for entities that intentionally or not may find themselves with personal information belonging to citizens of the European Union . This is an issue where complexity grows daily, particularly as sophisticated technology enables all sorts of data access and manipulation.
As of this moment, there is no governing federal privacy law in the U.S., and only four states—California, Colorado, Utah and Virginia—have passed comprehensive privacy laws . As of this moment, the California law is the only one currently in effect, with others coming into play in the next two years. As more states come up with slight variations of their own rules and regulations, those who must be compliant will find themselves in the challenging—and often unpleasant—position of having to make small tweaks to existing data collection and storage systems in order to remain appropriately compliant as they conduct business in various states. The word “nightmare” comes to mind, but it is to be hoped that as more legislators and enterprise operators become aware of the challenges posed by increasingly sophisticated bad guys who are trying to access personal data in new and creative (not to mention illegal—at least by some standards), the need for federal legislation with teeth (think fangs ) that can create a federal standard that can easily be updated to manage new cyberthreats.
This will require not only the drafting of complex legislation, driven by the need to protect data that’s held, but also the need to include provisions for timely revisions within that legislation.
I am constantly reminded that many of us have exchanged the convenience—or sometimes necessity—of over-sharing private data without considering the consequences. But the fact is, the data is “out there,” and as enterprises to their best to protect it, there’s a very important role here for the federal government as well as individual states. A crazy-quilt of well-intentioned but slightly different state regulations creates many opportunities for unauthorized access and data theft. Without some sort of sweeping federal legislation that creates consistent standards, this nightmare may continue for many days, nights and Halloweens to come.