One of the toughest jobs in any company is Customer Service. I am thinking of those folks who are on the phone for their entire shift responding to customer questions and, often, complaints. These unsung heroes have to balance keeping a customer satisfied and protecting the personal information collected by their organization.
The birthday gift
Let’s take an example. Near a recent birthday I received a package containing some CDs (yes, you can still get them). Some of my favorite musical artists were included and, naturally, I wanted to thank the sender. I fervently dug through the box, but found no card or other information about the sender. I didn’t know who to thank so I decided to call customer service.
My hope was that I could provide the customer service representative the order number and obtain the name of the sender. No luck, that was personal information that according to company policy could not be revealed. Maybe the sender, I was told, wanted to remain anonymous.
Thinking to myself that I could use limited information to identify someone from the (small) universe of people that might buy me a birthday gift, I asked what city the order was placed from or he domain name of the email address. Trying to convince the customer service representative this was not identifying information and like a dissatisfied customer just did not help.
The customer service representative really tried to think of things they could share with me to help me identify the sender, but to no avail. I still do not know who sent me the gift.
As a gift recipient I was unhappy yet not dissatisfied. As a privacy professional I was extremely happy. The customer service representative did their job trying to satisfy my request, but kept personal information confidential.
Verifying information
Earlier today I called my bank to order a new debit card. While I was on the phone the customer service representative wanted to verify some information the bank had about me. Frankly, I expected questions like “can you tell me your current address?” or “can you tell me your correct email address?” or what’s the last 4 digits of your telephone number?”
Instead I heard “do you still live at 123 Mulberry Lane?” and similar information containing questions. Sure, it made the verification process quicker and less error prone (making the customer more satisfied by the process), but, if authentication of my identity was not properly done, this is essentially a data breach.
What’s a privacy pro to do?
Privacy pros should work with their customer service teams to
- review policies and procedures to understand what should be done,
- monitor some calls with customers to see what is really happening, and
- provide training using real-life examples to correct any incorrect practices.