Its 3 AM - Do You Know Where Your Data Is?

By Peter DeHaan

August 27, 2008

It doesn't matter what type of call center you run, your operation has amassed a great deal of valuable data.  If you're an in-house center, you have a treasure trove of customer information, including phone numbers, mailing addresses, email addresses, billing histories, demographic profiles, social security numbers, bank account numbers, and credit card numbers.  The outsource call center not only has all this information for their clients, but also for their clients' customers.  If you do outbound work, you also have scrubbed lists and appended information.  Some of this data was purchased, while you garnered the rest the old-fashioned way, from hours of calling and meticulous recording keeping.

Even the smallest of call centers possess an extraordinary amount of priceless information, while the larger operations store millions of data points - all nicely organized, painstakingly verified, carefully stored, and dutifully backed up.

You have all that information, but what are you doing with it?  No, I'm not talking about harnessing it to produce a competitive advantage or turning it into a core distinctive (think of how Google is astutely exploiting the vast minutia of data they have accumulated).  I'm sure you know you must do these things and are diligently working on them.  What I am referring to is protecting your immense information stash from the nefarious reach of notorious hackers, cyberspace's criminal elite -- hard to catch and harder still to prosecute.  

With the theft of personal information steadily increasing - due to an insatiable demand and relatively low risk - there is a greater likelihood that your call center could soon be a victim.  Data security, which is best left for the security experts, will not be delineated in this short article, but you are being implored to steadfastly protect your call center's second most valuable asset (in case you're wondering, I deem your staff to be your most valuable asset).

First, you need someone with the requisite knowledge and experience to be in charge of securing your computers, network, intranet, and Internet access points.  Next, you need to give them the resources needed to do the job.  I'm not suggesting that you provide an unlimited budget or give them a blank check, but when they say it will cost X dollars to do the job, don't provide half that amount and expect optimum results.  If you cut the funds, some items will remain insecure or be only partially secured.  That would be akin to locking the doors of your office, but leaving the windows open - or installing a building security system, but never connecting it to the monitoring station.  Don't handcuff the crime stoppers.

Next, realize that many security breaches are inside jobs.  Yes, I know you carefully screen new hires and trust your staff not to steal from you - I'd be disappointed if you didn't hold your staff in high esteem.  However, the reality is that, many cases of data theft involve a complicit insider.  To address the people side of the equation, you need your human resources department involved, along with IT and your security officer.  Together they can put safeguards in place that will restrict access, limit the scope of information available, and provide an electronic log of activity.

Your data - and your center's future - is on the line.  Make sure it's secure.