The contact center is fraught with risk, due in large part to the customer data agents collect and process. This data is not only valuable to your organization; it’s also valuable to cyber attackers and criminals. To fully understand data security risk, contact center managers must understand how the concept of data privacy has evolved.

Companies have always been concerned about protecting their customers’ financial data. It’s easy to see the risk involved with storing credit card data and checking account data in plain text. Protecting other data, like names and phone numbers, is a different story. It wasn’t long ago that this information was publicly available (remember the white pages?), so it wasn’t deemed sensitive. Today, it’s a different story.

 Download this Contact Center Security White Paper

Companies collect and process a greater variety and volume of data than ever before. This burgeoning body of data and the insights that can be gleaned from it have expanded our notion of what requires protecting. A name or phone number rarely exists by itself, but can be correlated to other data that may very well be deemed sensitive.  personally identifiable information (PII).

PII is defined as “information that can be used on its own or with other information to identify, contact or locate a single person, or to identify an individual in context.”

In light of PII, companies must not only protect financial data but also any additional information that can be correlated with the individual and deemed sensitive or private. For example, if a customer’s phone number is noted in relation to a delinquency call, the phone number becomes sensitive PII and must be protected accordingly.

A few examples of sensitive PII include:

• Any information that can be used to identify an individual, such as a name
• Social Security number
• Driver’s license
• Date of birth
• Telephone numbers
• Mother’s middle and maiden names
• Spouse or child’s information

The concept of PII greatly increases the scope of your data protection efforts. What’s more, various laws and regulations require companies to protect PII. The European Union has led the way with strong privacy laws that give its citizens more control over how their data is used. As the regulatory environment matures in the U.S., American companies can expect stricter controls around more data here, too.

As we’ve said before, data is the lifeblood of the contact center. You must be able to protect data to comply with regulatory mandates, but also to protect your business and customers against data breach. Make sure your contact center technology provider can help you understand the changing laws and regulations, and implement controls to measure as well as minimize your risk.