By Mark Atterby
In the wake of headline-making attacks and data breaches of Sony Pictures, JP Morgan, Snapchat and others, information security is becoming one of the highest priorities in BPO engagements. Organisations are sensitive about their data and want to know that it’s protected and being handled with care.
The costs to a client can be enormous both in reputation and direct financial impact. Just this month AT&T in North America was fined $25 million by the US Federal Communications Commission, for data security breaches at a call centre the company employed in Mexico to handle Spanish language services.
Employees working for the call centre stole private information belonging to thousands of US customers, including names, full and partial social security numbers, and account-related data. They sold this information to a 3rd party to unlock stolen mobile phones.
This is just one example. According to Gemalto’s Breach Level Index for 2014, 1,500 data breaches led to one billion data records compromised worldwide during 2014. These numbers represent a 49% increase in data breaches and a 78% increase in data records that were either stolen or lost compared to 2013.
It impacts the whole industry
Not only does a major security breach harm the client’s business – it strikes at the very heart of the industry as a whole. Security and how well a BPO provider can demonstrate their commitment to it is increasingly becoming a deal breaker.
Clients need to audit the security procedures of any prospective vendor. If the vendor will be handling information in regards to payments or credit cards then ensure their systems are PCI compliant.
One of the causes of data breaches is from internal employees or former possibly disgruntled employees. Centres with high turnover have a more significant challenge in maintaining control and security.
There are various measures contact centres are deploying to ensure BPO staff do not breach client’s confidentiality and mis-appropriately use their data. Some of these measures include[i]:
- Creating a paperless environment, preventing employees from writing down and removing information by ensuring that all work processes are done on the computer, without having to record anything on forms or notes.
- Prohibiting the use of mobile phones and cameras on the floor.
- Prohibiting paper, pens and digital recording devices from being brought onto the floor.
- Preventing internet access for employees on the floor.
- Limiting functionality and access of personal computers or terminals used by call centre agents (for example, disabling USB ports). Companies may also use data loss prevention software to block attempts to download, copy, or transmit sensitive electronic data.
A provider that can’t keep its clients’ customers’ information secure is exposing their client to considerable risk. An organisation can outsource an activity but not its responsibility to the secure handling of private information.
Originally Published in the Sauce eNewsletter – theOutsourcing-Guide.com
theOutsourcing-guide.com is the ultimate reference guide for the BPO and outsourcing industries and it will become the most comprehensive resource for organisations looking to engage BPO and outsourcing providers. As well as providing a range of eBooks, articles and whitepapers explaining the various aspects of BPO, theOutsourcing-guide.com provides an online directory of providers segmented by category and location.
theOutsourcing-guide.com is a vehicle for vendors and service providers to showcase their organisations and the outsourcing services they provide. Visit theOutsourcing-guide.com for more information.