With New Consumer Privacy and Protection Regulations Advancing, Contact Centers Must Adapt: Comply, or Die
By: Brad Richards
Most companies that operate contact centers, or contract for contact center services have appropriately been paying careful attention to the TCPA (Telephone Consumer Protection Act) and Federal/State Do-Not-Call regulations.
Many also are careful to observe industry-level federal regulation, like fair debt collection practice regulations (FDPCA) and, most recently the EU’s GDPR (General Data Protection Regulation), a set of rules which impact any business doing business in the EU, regardless of the country they operate from.
States like California are following suit, with the Consumer Privacy Act, which impacts companies both inside and outside of California. Thus, 2019 is the year to think even more deeply about the definition of compliance and how contact centers must respond or risk massive fines.
There are myriad of state laws in the US that directly regulate contact center practices or operations, and there are many others that under certain conditions, are applicable. These include but are not limited to:
- Call monitoring and recording requirements
- Do-not-call registries
- PCI related regulations (credit card related)
- HIPAA regulations (personal health information disclosure and protection)
Something as seemingly straightforward as call monitoring and recording is regulated at the federal and state level. California is very explicit about requiring consent of both agent and caller for “barge in/whisper” by supervisors who many be monitoring calls. Many other states have followed suit.
Truth-in-lending laws and the Equal Credit Opportunity Act prohibit certain agent/company behaviors but also may require disclosures or opportunities for callers to opt-out.
The impact to contact centers is not insignificant. Portions of certain interactions may be mandated and scripted. There may be permissions requested of certain callers. Additionally, while not rigidly scripted, agents usually must demonstrate enough diligence in identifying callers to prevent unauthorized information disclosure or fraud. Companies are rarely exempted from responsibility even if their contact centers are outsourced.
It should also be recognized that as contact center management has become more sophisticated, so have regulators. Practically speaking, this means that per-incident enforcement is easier, and regulator expectations have risen and will continue to rise. Whether a regulatory inquiry, escalation, or customer complaint, response time expectations are getting tighter.
A myriad and growing regulatory regime with prescribed behavior or outcome, increased scrutiny, and stricter response times is not all.
What happens after an incident?
Nearly all companies establish considerable safeguards, practices and technologies to prevent incidents. Unfortunately, they do happen. If a company is found to be non-compliant, specific actions and responses are almost always required.
Sometimes fines and penalties can be avoided. However, certain conditions also apply. Processes may require improvement, regulators might be allowed to validate. Periodic information may be required. What’s at stake is not always just the penalty threat but the right to do business in a particular jurisdiction. States may apply different penalties, independent of any federal action. Those actions may come from business regulators or the attorney general.
If there are additional reporting, monitoring, recording or informational requirements, they are typically mandatory. The challenge is two-fold. First, demonstrating compliance may require more than just improved response, or fewer complaints. Regulators often want to verify processes, policies and practices have changed to avoid future occurrences. Second, the solution must be effective but not cause significant adverse impact. In other words, companies must resolve the issue without going out of business.
So how will the contact center industry address these already onerous and growing challenges? Volume is only going up as consumers buy more sophisticated consumer electronics devices, set up smart home technologies, use food delivery services, ride sharing services, and generally transform their own digital lives.
Here’s our take on what businesses should do:
- Automate as much as possible. Why? Because without automation it will become literally impossible to manage omnichannel inbound voice calls, text messages, embedded chat services, and more in a cost-efficient way.
- After ensuring a sturdy and sustainable data architecture, leverage AI to run analytics against every “conversation” which not only helps with insights for many departments within the business but comes in handy should a regulator request an audit.
- Implement a “multipurpose” digital platform so that the investment made to address compliance requirements and dramatically reduce the risks of failures which lead to fines can also lead to better performance by agents and others interacting with consumers
- Ask your service providers what they are doing by way of compliance, including voice call recording, transcription, storage and above all the use of AI and NLP; what do the have in place today, what are they building for the future, how interoperable their solutions are, how scalable they are, and how expensive they are today and will be in the future based on the contract and your growth forecasts.
- Collaborate across the business, bringing in leaders from sales and marketing, finance, legal, operations, customer success and more; educate all, and get creative when it comes to the opportunity to turn the burden of compliance into a bounty of new ways to improve every interaction in the process.
We’re passionate about the combination of technologies and platform integrations that are changing the CX landscape, and about respectful conversations that comply 100% with appropriately protective laws, that are also friendly, helpful and exciting conversations building happiness, loyalty and continued business.
When customers feel their privacy is being protected and their personal information respected, why wouldn’t they love the brands who are leaders in compliance?
Let’s connect – I’d love to learn more about your plans for “Compliance 2019” and the insights you’ve come across.
When we layer in stricter privacy laws (for example GDPR established in 2018 and growing in 2019), the complexity of delivering great experiences across channels while respecting private information integrity can be mitigated by software – and measured by the same software when the right platforms are selected.read more
The hype surrounding chatbots and voice activated, virtual personal assistants has been off the charts over the last few years, and for good reason.read more
Many Happy Returns: How CX Sentiment Analytics and Applications Reduce Cost While Improving Outcomes – Measuring the ROI
When arguing advanced contact center and customer experience technologies do more than just reduce the cost of labor, the business case outcomes requires a new math.read more