How New Privacy Laws Affect Customer Support

Customer support is a prime target for hackers and considering that a hacker attacks every 39 seconds, you should take your support security seriously. Support is the weakest link for a reason. The first data collection steps happen here, yet this department is the hardest to maintain due to its size. Additionally, customers’ personal information could end up in an unsafe chat room. For example, in e-commerce businesses customers may give their credit card numbers over an email. In a medical chat or ticket, customers may disclose their social security or medical history. In a travel setting, customers may type in a chat box their passport number or even worse, scan it and send.

While the support technology keeps developing,so do hackers’ tools. Customers and organizations are becoming more aware of the security challenges because data breach damage can be catastrophic. It can cost both your and your customers’ reputation if they become victims of identity theft. Overall, it can cost you thousands of dollars and you could lose the customer base you worked for years to build!

However, there is another data problem. Many companies have been profiting from their customers’ data without giving any notice on such practices. Until recently, they weren’t required to. However, that practice would be seen as data mishandling today due to new data privacy and protection laws. A couple of legislative bodies recognized major concerns in the fields of data privacy and security and thus pioneered the new data privacy era. All of today’s data privacy laws have one goal: to protect customer data and give them more control over their digital personal information.

The EU’s General Data Privacy Regulation (GDPR) was first and it really set the foundation for data privacy and protection legislation worldwide when it was enacted in 2018. Not so long after, Californian law enforcement followed this precedent and introduced the California Consumer Privacy Act in 2019. Brazilians almost copied the whole GDPR policy in the form of their LGDP because it is that good. Euoropeans simply covered all the privacy issues that business people have been discussing since the beginning of the cyber age. And Californians agree, which is why they added new rights similar to those found in the GDPR clauses and rolled out a brand new data policy at the end of the last year, the California Privacy Rights Act (CPRA)!

Data mishandling and poor security have been making customers furious for so many years, and these law officials are trying to get a handle on it. As you can see, there are many data regulation changes and all of them have affected support significantly.

But what exactly are the impacts? Let’s find out!

A. Territory Specific Privacy Laws

1. How did the GDPR impact the privacy scene?

In 2016, EU law officials caused serious turbulence in the business world by presenting the GDPR for the first time. No one had ever talked about consumer rights to the same extent. They drew the attention of millions of customers in Europe and worldwide who wanted more privacy in cyberspace,  which is still hard to understand. The cookies that are responsible for data collection were operating automatically at that time, but not anymore. Now EU customers can exercise their right to be informed about such activity, and can submit their consent to it. Thus your customer support software must have these two basic functions.

It may be possible for a customer to notice a mistake regarding the data you collected about them and use their GDPR right to correct. Or, if they don’t want to do any business with you anymore, you are obligated to provide a transmissible copy of their data. In a worst case scenario, you may have to delete their data entirely. Data correction is beneficial for both sides; however, if you still need their data to expand your business or get a better picture of your audience, you can use Helpy to anonymize their data and make it impossible to identify them.

Anonymization is also a GDPR clause that helps you comply with this data law. When you anonymize the data, there is no longer a chance to trace specific details or purchase preferences back to the individual, which is why the EU government doesn’t see any potential harm to collecting such data.

On the other hand, that data is still very important for your marketing campaigns and the improvement of your overall service. This seems like a win-win option for everyone: you, your customers and the EU law enforcement.

To comply with the GDPR, your support software must be careful how it handles the following type of data:

  • Web data: location, IP address, cookie data and RFID tags
  • Identity information: name, address and ID numbers
  • Political stances
  • Racial and ethnic data
  • Health and genetic data
  • Biometric data
  • Sexual orientation

Transparency is demanded by both your customers and the GDPR creators. The latest RSA Data Privacy & Security Report revealed that 55% of European and US customers wouldn’t trust a company with their personal data if it had been known for data misuse incidents. To help guarantee that this unfortunate situation never occurs, make sure that you have a secure and reliable customer support software!

2. Which one is more important: CCPA or CPRA?

The California Consumer Privacy Act is the first U.S. law that tackles consumer privacy issues in a broader scope. Since the beginning of last year, law enforcement in California has had the right to punish any company that doesn’t respect their customers’ privacy. This measure was just introduced in 2019 and we have already seen the first massive penalties with Salesforce and their client. Even though the first enacted, the California Consumer Privacy Act (CCPA) wasn’t the first planned policy in California. In fact, the California Privacy Rights Act (CPRA) was created first but it was less successful during the approval process, until recently. In November 2020, the ballot system found CPRA as a winner, which is why you will need to work on getting compliant as of this year.

This regulation mandates the same consumer rights as the CCPA, such as the right to restrict the use of or access to Personal Identifiable Information (PII). However, it also makes a significant number of amendments and introduces new rules such as the right to delete one’s entire data history and to opt out from both data sale and data sharing! These two policies protect the same PII the GDPR does. However, CCPA recognizes households as data subjects too!

To run a legitimate business in California in 2021, you need to comply with both policies. However, the CPRA deserves more of your focus.

3. How is support privacy in Brazil?

Influenced by the GDPR efficiency, the Brazilian government introduced their own version of the GDPR in 2018 as well. This regulation, known as the Lei Geral de Proteção de Dados Pessoais (LGPD), is Brazil’s first comprehensive data protection law. The LGDP will begin to be enforced on Aug. 1, 2021. It is very similar to GDPR in its language and clauses, but not in the fine structure. Nonetheless, it is reshaping the way companies process Brazilians’ data regardless of their country of origin. Seeing that GDPR, CPRA, and LGDP promote the same consumer rights only tells us how important this issue is all around the globe.

A. Industry Specific Privacy Laws

1. What does HIPAA stands for?

HIPAA is the Health Insurance Portability and Accountability Act. It’s a privacy law that applies to healthcare providers within the USA. This act was developed with the goal of protecting patients’ electronic Protected Health Information (e-PHI) by defining its use, limiting the access to this kind of data, suggesting protocols for safeguarding personal information, and guaranteeing patients’ rights.

The types of e-PHI that should be on your data protection list are:

  • PII put in medical records used by doctors and nurses
  • Conversations discussing patient treatments and other clinical needs
  • Sensitive information stored in your computer system
  • Payment information

The revolutionary electronic records in the healthcare industry improved patient experiences significantly, but also brought a huge responsibility in terms of data privacy. Whenever a patient sends you an email with their social security number or payment details your obligation is to safeguard this information.

However, it is extremely difficult to protect it in an email, which is why hackers always look first there! To stop them from getting the access to your patient database, you can switch to using a private cloud-based customer support software with secure chat rooms. Now it is extremely difficult for them to break your own security wall!

2. To whom does the GLBA apply?

Financial institutions are a big part of our everyday lives. They not only enable us to purchase groceries to satisfy our basic needs, but they also allow us to enjoy luxury. Unfortunately, these insitutions also collect the most valuable data, which is incredibly appealing to hackers. In fact, the U.S. financial industry faces around 150 data breaches every year. That is why the federal government aimed to create an act that will regulate data use within the financial sector. This effort resulted in The Gramm-Leach-Bliley Act (GLBA), also known as the Financial Modernization Act of 1999.

Its task is to regulate how financial institutions handle disclosure of consumers’ nonpublic personal information (NPI).

NPI implies:

  • Sensitive data a client shares with you to get a financial product or service, such as their name, address, income, or Social Security number
  • Any information you receive about a person from a transaction involving your financial product or service, such as their payment history, account number(s), loan or deposit balance(s), and credit or debit card purchase(s)
  • PIi you get about an individual in connection with providing a financial product or service, such as the information from a consumer report or court records

Your task is to keep this valuable data far from hackers’ hands! The best move you can make is to never receive any kind of NPI over an insecure chat application! That practice can cost you a lot more than subscribing to a customer support software that focuses on data security and data law compliance.

Now consumers have the right to give consent and to opt out of an agreement if they start doubting your ability to protect their data. In addition, financial institutions need to ensure the highest standards of data security following the Safeguard Rule. However, not every financial institution falls under the GLBA rules, only the significantly engaged ones.

3. Why is FERPA relevant?

The Family Educational Rights and Privacy Act (FERPA) is the U.S. education law enacted in 1974. It regulates the way educational institutions use student records, including who has the access to data, and what PII can be disclosed for public purposes.

Education industry recognizes three types of student data:

  • Educational information: student grades, classes, selected courses and graduation year.
  • Personal identifiable information (PII): information related to their data as an individual and citizen, such as their Social Security number.
  • Directory information: student’s name, home addresses, or phone number but also ID number, which can be used to gain access to a student record.

Nowadays, students are using school laptops and wifi networks for educational purposes, leaving their data exposed to multiple security risks. In many cases, they are not aware of those risks, however, you need to be!

There are two legitimate points of access: the institution and the student (or  the parent of an underaged student). Unfortunately, educational institutions are a very attractive target to hackers as they have an incredibly large amount of personal data at their disposal. Therefore, they need to take this task seriously and not disclose student data to any third-party without student or guardian consent.