In modern business capturing data, in whatever form, is a common activity in companies large or small, in retail or hospitality, B2B or heavy industry. But whilst everyone understands and appreciates the role that captured data plays, not everyone takes data security as seriously.
Whenever someone fills out a form and gives their data there is an expectation that it will be kept secure and used discretely, working to improve the information and service they receive. The truth is that this is not always the case. In the recent Adestra Email Marketing Industry Census 2012 it was stated that of client side companies, only 56% have policies in place to guard against data breaches, and worse still, just 47% of supply-side companies have data security processes in place.
The report further evidenced the problem by stating that around a quarter of agencies failed to know what data security policies were in place and amazingly, some didn’t even know if policies existed in their company. The statistics reveal that in some sectors there is an utter lack of awareness of the issues surrounding data security and that many operators are woefully underprepared to respond to and proactively protect against security breaches.
It is not simply inadequacies in preparation and negligence of the issues however. A recent article in the Sunday Times and Marketing Week highlighted the malicious misuse of data and the burgeoning black market surrounding the personal details of UK residents in Indian contact centres. This illegal sale of data is according to one police source; “out of control” although fear of negative publicity has led to many cases being covered up.
The illegal sale of data in Indian contact centres is currently being investigated by the ICO, providing yet more impetus for UK companies to keep their contact centre operations onshore and appear more committed to protecting their customers’ data. At EWA it has been one of our objectives for some time to make sure that we make sure we promote and protect our clients and their reputations through pursuing robust data security measures.
To do this it’s critical that we keep client information secure. If we fail, then we compromise our clients’ integrity and their customers’ rights and even safety. If you are looking for a contact centre or outsourced contact solutions then from a security point of view, ISO27001 Accreditation should be seen as a priority in your selection process.
So how do you keep data secure?
We protect against internal threats by having a clearly defined barrier between contact centre agents and the data centres where raw data is stored. This prevents a member of staff from manipulating or downloading data directly and is achieved by not storing data locally, and insisting that remote servers are used to view data. This ensures that the employee can see the data, but will never have access to all of the customer’s details.
We protect against external threats such as third party hackers by ensuring all access points into the IT infrastructure, whether they are agency of client side are secure. This security is ensured by installing multiple layers of firewalls and implementing infrastructures which can be segmented to enforce traffic segregation, eliminating data traffic misrouting.
Dealing with threats is one thing; protection from the technology itself is another. With huge amounts of personal data being stored it is vital that contact centres have the ability to not only store data securely but also to return intact data on request. This requires the contact centres to not only be experts in customer contact, but also experts in the archival and retrieval of data.
Having these security measures is vital for any agency that holds customer data, it is equally important however that there are tools, processes and procedures present that will monitor and test the ongoing performance of such security measures. Only through this continued vigilance over the data being passed from the database to the right client or agent is it possible to instil confidence in customers that their data is being actively protected from risk.