We’re two and a half years year and half into CCPA (the California Consumer Privacy Act), an extensive regulation that kicked off in January of 2020, and it has had an effect on the way contact centers communicate with customers. Let’s take a few minutes and talk about how CCPA changes the way your agents work and what it takes to be CCPA-compliant.
What is CCPA?
Some call CCPA the American GDPR, but that’s an incomplete way of stating what it is. However, both laws boil down to a data protection regulation that is customer-forward in a big way. Where they differ is in how they define personal data. CCPA defines personal information as information that identifies, relates to, describes, is capable of being associated with, or is reasonably linked, directly or indirectly, with a particular consumer or household.
Also, GDPR is effective across the whole EU while CCPA is a California state regulation. However, CCPA’s scope of effect is actually enormous because it can be in effect for companies simply doing business with California businesses or customers. That means even if your operation is a brick and mortar in New York, the fact that someone from California can call and order from you means you’ll most likely need to be CCPA-compliant (there are some preconditions listed below). Because California has a population larger than many countries (around 39.5 million), Californians are almost certainly doing business with you, wherever you are. The bottom line is that CCPA impacts millions of phone interactions.
Long story short, California does business with the world. That’s not to say CCPA is a global law, but it has a long reach. Oh, and it has already given birth to a new regulation, CPRA (the California Privacy Rights Act) which makes its debut in 2023. We’ll stick to CCPA for our article because CPRA essentially builds on CCPA’s prime functions.
How Do I Know If I’m Affected By CCPA?
Here’s a primary checklist that will tell you if CCPA affects you. Any one of these bullets means it applies to you.
Does your gross revenue exceed $25 million annually?
Does your organization share, and/or sell any of the customer data you collect at a rate above 50,000 individuals?
Do at least 50% of your yearly company earnings come from the sale of customer data?
First, CCPA impacts consent
Your contact center compliance almost surely relies on something called ‘bundled consent’, a method of acquiring customer consent for all activity on a call. CCPA puts its regulatory foot squarely down in front of that practice and declares that you’ll need to ask for customer permission multiple times depending on the actions the call requires. Won’t that be awkward you ask? Yes, yes it will be, at least until we’re all used to it.
This law wants the informed consent of the customer to be well-documented and for the customer to have the chance to opt out when asked for personal data. Since so much business is still conducted over the phone, what you will want is clear audio and accurate transcriptions that prove you stopped to get permission every time it was called for. Your agents will also need CCPA training, so they know exactly what requests require a separate permission which can vary depending on what your business does.
Above all you’ll want a way to rapidly access your conversation recordings and to sort them in the event you need to prove consent or if your customer wants to see what data you’ve collected because a big part of CCPA comes down to what the customer can demand of you. We’ll talk about that next.
Second, CCPA impacts data collection and retention
Consumer confidence in the way organizations handle their data is at a staggeringly low 21%, and this regulation is the result of a slew of consequences from corporate data sharing and breaches. CCPA may be a Californian law, but California law is often a signal of where things are going. However, to be clear, CCPA currently gives Californian consumers the following rights:
To know whether and what personal data your business has collected on them;
To know if your company has shared with or sold anyone their data, and if so, to whom it was revealed or sold;
To access the data your business has collected on them;
To demand your company discontinue sharing all collected personal data;
To receive the equal treatment regarding service and price whether they have or haven’t exercised any CCPA rights (essentially you cannot penalize a customer for exercising their rights)
What Happens When You Fail CCPA?
It’s painful. When your organization fails to comply with CCPA, both the state and the consumer can launch civil actions against you with fines that fall between $100 and $750 (or greater depending on the damage done to the consumer) per incident. These incidents tend to stack up, but the real pain begins here: California can directly charge your organization $7,500 per every incident not addressed within a 30-day period.
How To Not Fail CCPA Compliance
Here’s a 3-point CCPA success plan: Transcribe, Analyze, Train
Your call interactions are where so many of the events that drive CCPA occur. Consent and consumer data are part of your customer conversations and so having a clear transcription of each event not only allows you to point to your compliance if you should unfortunately ever have to go to court, but it also gives your a constantly updated metric of how your agents are performing with regards to CCPA and a bunch of other regulations.
Your transcripts are the basis of one of the most powerful technologies driving the modern customer experience which is our next point.
2. Use Speech Analytics
There are unending benefits to using speech analytics to re-angle and study our transcripts. When used correctly (a topic for another blog), analytics show us how agents perform. Are agents compliant, polite, efficient, and well informed? Well-tuned analytics will wick accurate answers to these and many other questions right out of your transcripts.
Speech analytics help you identify what data might have been collected on a customer if this information is demanded of you. Additionally, the same tech that drives the recognition engine in your transcript can also help you automatically redact data you don’t want to retain, like payment card numbers. Speech analytics technology isis the light at the end of the tunnel for so many compliance practices that used to overwhelm us.
3. Train Your Call Staff
Your agents can’t comply with laws they’re not in-tune with. It needs to be reflexive for your agents to know when to re-acquire consent from the customer, and when they are collecting sensitive information that could be subject to a consumer request later. A call platform that helps you automate agent training and scoring is a powerful answer to the daunting tasks of keeping a contact center well trained. No staff is perfect, but speech technology allows us to put an unlimited number of virtual eyes and ears on our recordings so we detect problems before they’re lawsuits.