The majority of companies will do business over the phone, but what happens when you are discussing sensitive information? How your business operates can go a long way towards protecting your customers and your business from potential data losses or breaches.
A Customer Relationship Management System allows you to record information about your customers, meaning that when they call again, you know exactly who they are, what they have ordered, who they have spoken to previously etc. Entering a client’s sensitive information directly into a CRM eliminates the need to write it down. By writing details down, you risk the information not being disposed of properly or being picked up by someone else.
Secure Your CRM System
Using a CRM system is all well and good, but if it’s not secure, then you are just wasting your time. Make sure that your system is secure and that only necessary personnel have access to minimise the risk of data breaches. Back-up your system regularly, this should go without saying. Having a recent back-up of your system will cut out any problems caused by data loss.
Rules and regulations control pretty much every aspect of our businesses, and sensitive data is no different. If you take a payment over the phone, then you are handing very sensitive information. It is vital that you are compliant with PCI DSS (Payment Card Industry Data Security Standard). It can be a complicated process, and so it is worth asking for some expert assistance as there are certain criteria that your business needs to be made to be considered as compliant.
Only Take What You Need
You should only be asking for information that you actually need, make sure that all of your employees understand what information they need to get the job done. Storing sensitive information is a major concern so don’t make it harder by taking the information you don’t even need!
If you record conversations, then it should be obvious that they are a potential risk when it comes to data protection. You should always make the customer aware that they are being recorded and that the call may be used for training purposes. If you are going to use the recordings for training, then consider editing/cutting out the sensitive information and always delete the calls when they are no longer needed.
Policy and Procedures
Using a company policy or procedure is always a sure-fire way to clarify how to do something. Implement a policy for all members of staff regarding sensitive information, detail guidelines for entering, storing and securing sensitive data and the proper handling and disposal as well as dealing with payments. Make it readily available to all personnel and make sure that the policy is understood. Consider carrying out “spot-checks” to ensure that the policy is being followed with every call.
The responsibility of data security lies with you, your business and your staff. If you would like to discuss the options available to you, then contact our team on 0845 652 0450 or email firstname.lastname@example.org.