Understanding CCPA And Its Impact On Customer Support Centers

The California Consumer Privacy Act (CCPA) went into effect earlier this year, compelling organizations with operations or customers in the state to comply with certain data privacy and security mandates. For contact centers, however, CCPA compliance might not be optional, as California accounts for nearly 12% of the U.S. population. So, there IS a good chance your customer service team processes California citizen data.

Understanding the role of CCPA in customer service

Before we look at how the CCPA impacts contact centers, here is a quick summary of the scope of the act.

Who does it apply to? The CCPA applies to any of the following:

1. Any Californian business entity that works for profit with a gross annual revenue exceeding $25 million.
2. Any organization that is involved in the collection of personal information of more than 50,000+ Californian consumers annually.
3. For enterprises that derive more than 50% of their annual revenue by selling consumers' personal information.

The gist of the CCPA ruling can be summed up as: The directive gives consumers the right to know what information is being collected about them and how it is used. In most cases, they are also empowered with the right to delete their personal information collected by companies and to opt out of the sale of their info. The most critical provision, however, is the right to non-discrimination for exercising the CCPA. So, companies cannot penalize consumers who wish to utilize their CCPA rights.

Customer service agents typically deal with verifiable consumer requests (VCRs) daily, where they must be able to verify the identity of their consumers. Under the provisions of CCPA, this falls under the definition of personally identifiable information (PII), which needs to comply with the data processing practices set out in the Act.

VCRs pose a significant compliance challenge for customer support teams that do not have a robust, secure, and flexible contact center solution that offers identity verification (IDV). At a time when the customer experience is critical for businesses and customers alike, the lack of seamless, fast experiences can be a serious obstacle to customer satisfaction. This is compounded by the fact that customers today use a combination of channels to interact with brands and expect minimum friction throughout the process.

So, how can contact centers continue to deliver superior customer experiences (CX) while complying with new-age data privacy laws like the CCPA?

Delivering better customer experiences in the age of CCPA

Effective and well-designed identity verification practices, in combination with the right technology, can help brands effectively preserve the customer experience while complying with the CCPA. Strong IDV practices could include something as simple as a human firewall or a dedicated CCPA compliance training workshop. Either way, it is vital that agents understand what kind of information they need to disclose to customers and how they can obtain clear consent. Gartner predicts that by 2021, the negative financial impact of CCPA will come from failure to implement a scalable subject rights workflow, as opposed to regulatory fines and litigation. Now, coming to the technology that can support these practices and streamline the workflow needed to retain CX competitiveness, let us look at some of the must-haves:

1. Encrypted personal information: The International Association of Privacy Professionals (IAPP) notes that there is more to CCPA call compliance than just knowing where your data came from. It suggests that in case of a data breach due to non-encryption or non-redacted personal information stemming from the business’s failure to take reasonable security measures, consumers can sue the company for damages up to $750 per incident. This figure could quickly increase if courts deem it appropriate to award more damages.
   Using a call-recording system or inbox that leverages AI to automatically perform PCI DSS masking of PII is the first step to CCPA compliance. Intelligent customer service platforms can also encrypt all customer call data to mitigate security lapses. Cloud-based solutions that are built on encryption practices can help you secure your data from threats and security incidents.
2. Multi-factor authentication: An important part of CCPA compliance is multi-factor authentication and matching criteria. Even though you may use a registered password-protected online account, data requesters (customers) will need to reauthenticate themselves using a two-factor authentication process, such as a one-time mobile password. Some cases could also require the business to verify three forms of identity depending on the sensitivity of the data and the channel through which the request was submitted.
   Businesses can use additional verification methods if the customer’s identity cannot be confirmed on the first submission. However, any additional information collected can only be used for identity authentication, security, or fraud prevention and must be deleted immediately after the customer’s identity has been verified.
3. Authentication app: Given the diversity of consumer preferences today, organizations need access to a range of identity verification touchpoints. A single app that allows customers to authenticate themselves provides for a faster and more accurate verification experience. Regardless of the solutions you choose to comply with CCPA, a complicated and hastily implemented process can alienate customers and derail your compliance efforts. An approach that shifts too much of the compliance burden on customers can also hamper your CX competitiveness. Using an AI-powered solution to fulfill customer requests and uphold your service level commitments will help you balance compliance with CX.

With that said, CCPA compliance is time-consuming and complex, especially if you run a contact center. That is why we recommend seeking professional help and advice from your contact center solution vendor or data privacy experts to deploy multiple channels to address CCPA compliance. This lets your customers know that you take their privacy, data, and relationship with your brand more seriously.