By Cindy Graham
We have heard a lot about personal information getting into the hands of identity thieves. More and more people are taking steps to minimize their exposure to such theft by reducing information on personal checks, refusing to share their social security numbers, being prudent in their use of credit cards, and shredding “junk” mail that might allow another person to pose as them. However, we can do little to protect ourselves against lackadaisical security methods or unscrupulous business practices.
Because recent reports confirm that personal information continues to fall into the wrong hands, consumers have become increasingly concerned about how call centers handle their personal information. But callers can only do so much; then it’s up to businesses to provide their customers with privacy policies that will ensure their information is handled properly and kept out of the hands of crooks.
How can call centers help ensure this security? The first thing is to own up to the responsibility. Business owners, managers, and supervisors need to establish and enforce effective company privacy policies. These polices should outline the handling, reviewing, storage, and destruction of callers’ personal information, as well as that of employees. Once privacy polices are drawn up, they must be carried out. All employees should be trained in the handling of sensitive information.
When call center agents obtain personal information from callers, several questions need to be asked. Who is allowed to handle it? How long will the information be unsecured? Can information viewed on computer screens be seen by others? How will the information be secured? Who will have access to it? How long will it be kept, and when will it be destroyed?
Establishing strict information handling procedures can be cumbersome. However, they are necessary if we are to gain and keep the confidence of callers and agents. Review the following privacy policies that should be established and practiced by every business.
- Computer Screens: Adjust computer screens so customer information is not visible by anyone standing in close proximity. If the screen cannot be moved, place something in the line of sight to block unwanted viewers. Hanging plants, room dividers or frosted glass can block the view.
- Passwords: Computers should be password protected. When an employee leaves his/her computer, it should always be secured and protected by a password. Even if you leave your computer for just a few minutes, unsecured information could be accessed by anyone passing by.
- File Security: Customer files should never remain unattended on a desk that can be accessed by unauthorized employees (including cleaning or maintenance staff). Files left unattended can be quickly viewed and documents stolen or copied. Files should always be in a secured drawer or locked room when not in use.
- Customer information should be secured as quickly as possible. Once information is obtained from a caller, the document or program should not be left unattended. Secure all information before moving on to the next call.
- File Accessibility: When caller information is secured, assign specific employees who will have access to it. The more employees who have access to information, the more chances exist for misappropriation. Don’t tempt employees with the access if they don’t really need it.
- Mail Security: Don’t leave outgoing mail out over night or over the weekend. Mail or any other documents that are waiting in an “out box” can be easily access by cleaning, maintenance, or service staff, as well as by children or friends of employees. Keep outgoing items secured until pick up time. A central location should be designated for such items during the week. Often items placed with other outgoing mail or documents are quickly forgotten, that is, until the recipient notifies you that the document has not been received. The more time that has lapsed between sending and receiving the mail or documents, the less likely you will be to locate them.
- Shredded Documents: Documents waiting to be shredded should be in a secure place. Many offices use a box under each desk, where documents are thrown until the end of the week. This system provides easy access to documents that are seldom noticed if they go missing. Shred bins should be locked or kept in a locked room. Larger bins are often used to store documents until a document disposal company takes them. These bins should also be locked or kept in a secured area.
- Receipts: The Fair and Accurate Credit Transaction Act (FACTA) says that receipts for credit and debit card transactions can include no more than the last five digits of the card number or expiration date. That means, if you’re using a merchant processing machine setup before July 1, 2005, you have three years to comply. If the machine you are using was set up after January 1, 2005, you have one year to comply. Take steps now to ensure that your program will not print the entire credit/debit card number.
What all this boils down to is that we, as employers, business owners, managers, and supervisors, need to make a greater effort to provide our customers with the peace of mind that their identities and information are safe with us. Agents must handle caller information with care and respect that is apparent to callers. Without our help in the secure handling of the personal information, the fight to stop identity theft and fraud will continue to rage. We need to be smarter than the crooks by eliminating their access to this information. After all, the next person to have their identity stolen could be you.
Cindy Graham is an author and identity theft expert for consumers and businesses. Her corporate privacy policies as well as individual identity theft information are available through her book, seminars and consulting. Cindy’s book, “Who Else is You?” outlines preventative measures to help ensure the privacy of your personal information. To find out more, call 970-285-1581.
[From Connection Magazine – April 2007]