|
"As
privacy regulations have become more complex, contact centers have had to evolve
and adapt to changing regulatory requirements while continuing to meet customer
preferences and provide the highest level of customer service possible in order
to operate their centers with confidence. Companies need to be compliant, yet
flexible enough to respond immediately to new regulatory changes. Superior technologies
allow companies to mitigate risk by ensuring cost-effective compliance without
adding complexity." Roger Sumner, Chief Technology Officer, Concerto Software
For years, companies around the world
have had the luxury of investing in new technology at a pace that met their strategic
or business objectives. They have been able to keep legacy systems in place while
still serving their customer bases with efficiency and at a reasonable cost. In
recent years however, legislative rulings have created a rampantly competitive
market and companies are recognizing that new technology investments are critical
to ensuring customer satisfaction and, in turn, company viability. Many technology
investments, particularly in contact center environments, are being driven by
government mandates and compliance requirements. One
of the specific driving forces behind the legislative rulings has been the public
clamor for appropriate business communications and privacy regulations. Companies
are finding themselves having to walk an increasingly fine line between proactive
customer outreach and harassment, between leveraging consumer information for
customer service and risking access to that information for wrong-doing; while
the public has demanded regulations for telemarketing calls and have appealed
for restrictions on spam in email boxes. In addition, consumers are very aware
of identity theft and have called for sensitive personal information to be kept
private. As a result, governments around the globe
have stepped in to enact legislation to satisfy legitimate outreach, while protecting
public privacy. That legislation has had a significant impact on the way contact
centers focus their businesses. Companies are being forced to take compliance
seriously - as fines can do damage from both a monetary and brand image perspective.
In fact, government compliance is the issue most likely to influence IT investments
in the next year.1 Privacy issues and
legislation affects all of us both as consumers and as members of the contact
center industry. As consumers, we feel the effects of regulations on a daily personal
basis. For example, in the United States, when going to the doctor, patients have
to sign a mandated privacy statement or when sitting down to dinner, there are
fewer telemarketing calls coming in. As contact center professionals, we see these
changes and apply them to our daily business lives. We determine the best avenues
for contact centers to adhere to regulations while still keeping customer service
and convenience a top priority. Being aware of new and pending regulations, feeling
their effects personally and applying them professionally in an effective manner
helps contact centers stay ahead of the customer privacy curve. The Growing
Landscape of Legislation Affecting Contact Centers Corporate Regulations Designed
to oversee the financial reporting landscape, the U.S. Public Company Accounting
Reform and Investor Protection Act of 2002 (Sarbanes-Oxley) and the international
Basel II Framework provides legislative audit requirements and protects investors
by improving the accuracy and reliability of corporate disclosures. Sarbanes-Oxley
mandates compliance on everything from establishing a public company accounting
oversight board and auditor independence, to corporate responsibility and enhanced
financial disclosure. The act also has built in measures to significantly tighten
accountability standards for directors and officers, auditors, securities analysts
and legal counsel. Since its official start date on November 15, 2004, Sarbanes-Oxley
has forced companies to invest in technology to make compliance repeatable, sustainable
and cost-effective. Similarly, in 2004, the Group
of Ten (G10), a coalition of eleven industrial countries, which consult and co-operate
on economic, monetary and financial matters and consists of central bank governors
from Belgium, Canada, France, Germany, Italy, Japan, Luxembourg, the Netherlands,
Spain, Sweden, Switzerland, United Kingdom and the United States, created the
Basel II Framework. This new framework sets out the details for more risk sensitive
minimum capital requirements for banking organizations. Scheduled
to take effect in 2007, Basel II not only involves reporting the correct financial
numbers to regulators, but also requires organizations to ensure the robustness
and stability of their operating environment within which risk and capital are
managed. Under Basel II, banks must hold capital for operational risk, which refers
to the possibility of loss from banks' exposures to problems such as internal
reporting or control breakdowns, employee fraud, computer crashes or natural disasters.2
Technology will continue to play a substantial
role in the integration of Sarbanes-Oxley compliance initiatives moving forward.
Eighty-one percent of companies that have operational Sarbanes-Oxley systems in
place plan to enhance them in 2005.3 As a result, companies that provide
the architectural and management components will see a rise in profits from the
increase in Sarbanes-Oxley focus and compliance and the same is expected once
Basel II has been fully implemented in 2007. Consumer
Privacy Legislation Legislation that regulates
consumer data protection, such as the Data Protection Act (DPA) in the United
Kingdom and its next iteration, the Freedom of Information Act (FoIA), has increased
the pressure on contact center agents who deal extensively with customers' personal
details. The DPA was enacted in 1998 to give individuals
certain rights regarding information held about them. The DPA placed obligations
on those who process information while giving rights to those who are the subject
of that data.4 The UK took this one step further beginning in 2000
with a 5-year phased rollout of the FoIA. The FoIA, which gives the right to access
information held by public authorities, has companies looking to technology to
provide electronic document and records management, enhanced security and access
rights, record and document cleansing capabilities and audit trails. Another
issue of paramount importance is related to customer data compiled by the healthcare
industry. The United States' Health Insurance
Portability and Accountability Act (HIPAA) was originally intended to develop
patient privacy protections, reduce fraudulent activity, reduce costs and streamline
industry inefficiencies. HIPAA guidelines for handling patient information must
be adhered to by healthcare providers, business partners and associates in order
to avoid stiff penalties, which can cost an organization a minimum of $25,000
per violation. To date, compliance has been so poorly defined that the government
has had difficulty enforcing it. In addition, studies have shown that compliance
has been slowed by: - Technology integration issues,
- Time and
budget constraints, and
- A lack of understanding of how to implement the
rules.5
Until the compliance
and privacy issues are more clearly defined, it is likely that the only complaints,
that will be investigated and, enforced are those filed by private consumers. Telemarketing
and Email Compliance One of the biggest areas
that affects almost every contact center regardless of industry is telemarketing
and email as tools to reach out to customers and prospects. Because of the noise
created by consumers around these two topics, there has been quite a bit of legislation
enacted as a result. In the United States, as well
as around the globe, Do Not Call (DNC) legislation has had a lot of visibility.
The U.S. National DNC Registry gives consumers the ability to opt out of receiving
telemarketing calls at home. Under the DNC law, it is illegal for most telemarketers
to call numbers once they have been on the registry for 31 days. Unlike
many of the other privacy protection laws, the DNC list has been widely publicized,
is hugely popular with consumers, and has been actively enforced by the Federal
Trade Commission (FTC) (see "The Power of the Do Not Call Movement, What
is Ahead for Year 2"). International Implications Hong
Kong has just announced it will enact an anti-spam law that not only cracks down
on companies that send unsolicited emails, but also companies that make automated
telemarketing calls to consumers. The government of Hong Kong has consulted with
industry groups to construct a law that they believe would combat junk faxes,
emails, text messages and telemarketing calls. The law is expected to take effect
in 2006. Some countries have created legislation
that will make it easier for consumers to dictate which companies are allowed
to send them legitimate emails. In 2002, Japan
passed two laws that allow users of the Internet and text-enabled mobile phones
to opt-out of spammer's contact lists and require that all unsolicited commercial
email be clearly identified. Similarly, the European Union's Privacy and Electronic
Communications Directive prohibits unsolicited commercial marketing by email without
"opt-in" consent.6 With the
average 3,000-person corporation losing an estimated $2 million to $7 million
per year on labor for dealing with spam7, the United States government
heeded to public and corporate demand by introducing the Controlling the Assault
of Non-Solicited Pornography And Marketing Act (CAN-SPAM) in 2003. CAN-SPAM
applies to almost all businesses in the U.S. that use and provides recipients
of spam with the right to opt-out of these messages. While permission of the email
recipient is not required prior to sending out emails, once a recipient requests
to unsubscribe or opt-out of the mailings then the business must stop sending
the emails as per the request or face severe penalties. Fines
range from $250 per illegal email message up to a maximum of $2 million or more
if the offense includes certain aggravating violations.8 In situations
involving email deception, the penalty could be a prison sentence. The
effects of all of this anti-spam legislation is also being felt in Australia,
Argentina, Brazil, Canada, the Czech Republic, India, Russia, South Korea, New
Zealand, Yugoslavia. In each of these countries
there is some form of anti-spam legislation enacted or under review. In particular,
in Australia, the Australian Spam Act has netted more than 60,000 complaints with
just 900 of those being about spam that originated in Australia.9 The
Australian government is working to issue advisories, warnings, infringement notices
with penalties and court actions. Will email legislation
wipe out spam, or will it simply force spammers to become more creative? Analyst
data suggests the latter, with everything from increased phishing, where individuals
receive legitimate-looking emails appearing to come from some of the Web's biggest
sites in an effort to fish for personal and financial information from the recipient;
a rise in frequency of spam from non-profit and political sources and increasing
growth in distributed zombie spam networks.10 What
does this mean for you? As a result of this increased
focus on legislation and regulations service providers will face increased pressure
to keep networks free from spam, and vendors will be tapped to provide telemarketers
with advanced technology, which is compliant, yet simple and automated enough
to enable agents to do their jobs without reporting complexity and fear of violations. Beyond
all of this mandated compliance, companies are recognizing that the majority of
the legislation was created out of consumer demand and sensitivity regarding customer
relationships with companies.11 As a result, many companies are proactively
initiating compliance. By managing and controlling the frequency of interactions,
improving the relevance of offers, and focusing on appropriate timing, companies
are demonstrating the value that they place on successful customer relationships
and the importance of customer satisfaction. Even
beyond the borders of where the legislation is being enacted, countries around
the globe, particularly where outsourcing is prevalent, such as India and the
Philippines must also pay close attention to the different nuances of the regulations.
As representatives of companies headquartered in countries with stringent legislation
regulations, they must too abide by the rules or risk losing valuable business. "When
faced with compliance mandates, the important thing for companies to remember
is that there is powerful technology available to help keep them from incurring
any costly violation fees, damaging brand and jeopardizing customer relationships,
said Roger Sumner, chief technology officer for Concerto Software. "This
technology can turn compliance into an advantage, differentiating the companies
who can guarantee 100 percent compliance to their customers. The contact centers
who take the time to evaluate technology options and invest in the most complete
solutions will have a distinct advantage over their counterparts who try to take
short cuts and do not use technology to its fullest advantage."
1"Quarterly Tech Trends Survey,"
AMR Research, September 2004 | 
