Today, January 28th, is global Data Privacy Day (Data Protection Day in Europe). The goal of Data Privacy day is to raise awareness and promote privacy and to share data protection best practices. You are constantly sharing your personal information, even if you aren’t aware of doing it! Smart phones, filing your taxes online and wearable smart technology like fitness trackers all analyze your personal information. Protecting this information is becoming more and more complicated as our lives become more integrated with technology and artificial intelligence.
Defining Data Privacy and Data Protection
Data privacy, or information privacy, is the ability of an organization or individual to determine what data in a computer system can be shared with third parties. Data Protection is the process of safeguarding important information from corruption, compromise or loss. Data protection in most countries is regulated by legislation, though the standards maintained differ greatly.
The importance of data protection increases as more data is created and stored. Technology is tracking and storing your personal information at an unprecedented rate.
Europe and the United Kingdom
The General Data Protection Regulation 2016/679 (GDPR) is the data protection act for the European Union. The legislation – which took effect on May 25, 2018 – requires companies to ask an individual to “opt in” to the collection of their personal data. Prior to this legislation, companies were able to collect information like gender, ethnicity, sexual orientation and political affiliations without your knowledge or consent. The GDPR does not only apply to countries in the European Union, but all companies that might obtain information about citizens of the European Union. GDPR goes one step further and allows you the right to request the deletion of any and all Data from the company’s servers. Prior to this legislation, companies like Facebook, Google and Amazon were able to store your personal information indefinitely. The European Union is very serious about this legislation and is planning on enacting serious fines for each breach. Companies who fail to comply could face a fine of up to 4% of their global earnings. There is a lot of discussion about the GDPR in the UK post Brexit, but most experts agree that Britain will likely enact the same, or similar legislation for the protection of its citizens.
In Canada, there are two major pieces of legislation that govern Data Protection and Privacy. The Privacy Act covers the personal information handling practices of federal government departments and agencies. The Personal Information Protection and Electronic Documents Act (PIPEDA) covers the personal information handling practices of many businesses. PIPEDA outlines that a customer must consent to the collection, use or disclosure of their personal information. PIPEDA also states that when an organization is using information, it must only be used for the purpose to which the individual has consented. As a consumer, you also have the right to access the information provided to the company and make changes or correct mistakes. PIPEDA does not apply to Alberta, British Columbia and Quebec as these provinces have general private sector laws that are substantially similar to PIPEDA.
As of right now, there is no single and comprehensive national law for data protection, however, there are many state and federal laws that, combined, protect the personal data of American Citizens. The Federal Trade Commission Act prohibits deceptive or unfair practices and is applied to online as well as offline privacy and data security policies.
Why is it Important to Protect Your Data?
The news is full of issues of Data Protection, every day we are “provided” with new data leaks, where hackers are accessing our personal information through websites we use every day. 2018 saw breaches for 20 different global companies, including Facebook, Google Plus, Medicare and the Bank of Montreal.
Facebook had a major issue with the illicit harvesting of the personal data of 87 million users. A UK based data scientist named Aleksander Kogan developed a popular app called “This is your Digital Life” that compiled data about its users, including location, age, gender, sexual orientation, political affiliations and schooling. Kogan sold this information to Cambridge Analytica who used it to collect the personal data of millions of users, without their consent. This data was used to try to influence political campaigns and the Brexit vote through targeted campaign advertisements. This scandal, nicknamed the Cambridge Analytica Data Scandal led to companies like Facebook and Amazon to significantly change the way they handle and protect their user’s data.
In late 2018, Facebook was under the microscope once more when it was revealed in an investigation by the New York Times that the social media giant had shared private user messages with their major clients, including Amazon, Spotify, Netflix and Sony (who had their own issues with data breaches). Facebook not only provided these messages to their clients, they also allowed them the ability to delete user’s messages.
These breaches of public trust and private information have stressed the increased need for improved protection of your privacy. New smart devices, watches, toothbrushes, robotic vacuums and connected cars provide users with a better, more integrated and simpler experience. But at what cost, if the companies you are trusting your information with do not do everything in their power to safeguard and protect that information.
How Does Data Privacy Relate to Our Business
As the contact center and major outsourcing vendor for many of our Clients, they trust us with their customer’s information. Our expertise lies in compliance and data protection. Compliance is more than just a buzzword within the Business Process Outsourcing (BPO) industry, it’s a constant companion of every decision we make.
A common trend in the BPO space is device free spaces: employees are not permitted to have their devices with them at their desk, or in any location with access to private data. The goal is to protect our Client’s valuable information. Our office has a zero tolerance policy for cellphones on the call center floors and all of our technology is built to protect against any information being copied, downloaded or shared. Wearable tech has made these restrictions much more complicated and BPOs must be prepared to address concerns stemming from these new challenges. How can a BPO protect customers’ data when everyone is wearing miniature computers on their wrists? Compliance to international standards such as ISO 27001:2013 and the ISO 9001:2015 certifications as well as the Payment Card Industry Data Security Standards are a great start to ensuring that you are working with a business that cares about your customers’ data.
BPOs proactively monitors the call center industry to stay ahead of any changes in regulation. Our media monitoring process keeps all stakeholders aware of industry updates. As technology continues to grow and expand, BPOs must be prepared with strict guidelines, zero-tolerance policies and education, which all play a part in the future of data protection.
Do you want to work with a company with a proven track record of protecting your customer’s privacy and your data? Talk to us today to see how Bill Gosling Outsourcing can work for you.