“Cyber” Monday 3rd December was allegedly the busiest on line day of the year so far as panic set in and those of us who had just woken up to the fact that Christmas isn’t far away went internet shopping. Many of us will have registered for the first time on new sites ticking that we’ve read terms and conditions (when we plainly haven’t) and ticking opt in boxes for special offers and deals. On occasions we will have called companies to purchase rather than pursue the on line route. At this point I’d just offer a few words of data security advice to companies who have staffed up their call centres and increased their head count to cope with the mad rush.
If you record you calls “for training purposes” ensure you have a proper process for removing recordings where consumers have to leave credit card or bank details and don’t keep that information longer than is necessary. Check that there isn’t an opportunity for call centre agents to jot down financial information which can then be used elsewhere. Data protection law requires you to get rid of any information which you no longer need and that applies just as much to audio information as it does to other data.
Make sure you’ve got a solid joiners (and leavers) policy so new temporary staff are made aware of their obligations under the data protection act and are given some (even basic) training about the level of fines you, as their employer, might receive if they cross the line.
Only collect information (either on line) or over the phone that you need to complete the transaction in question. Gathering lots of additional data, which the marketing department may view as desirable, may not be such a good idea in the long run as you should be clear what the purpose is for collecting data.
A visit from the ICO, such as that experienced by the Prudential for not looking after data properly, is not quite as enjoyable as a visit from Santa. In the case of the Pru it was the first time the ICO raised a fine of £50k for poor data quality rather than data security. Errors in just 2 records which related to 2 customers with the same name born on the same day meant that the Pru kept amalgamating their pension pots - despite being warned several times by the customers concerned. A costly mistake and one which, given the profile, will no doubt have a number of other ramifications such as brand and reputational damage.
So as the phone calls queue up and the web site brims over with new sales please spare a thought for your data protection and ensure your New Year isn’t spoilt by an unwelcome visit from the ICO.