Mandating blurred backgrounds for video conferences. Not allowing high-level conferences to be recorded. Enforcing the highest global standards for data privacy. These are some of the ways enterprises are navigating the challenges of data security, compliance and privacy, according to Sorell Slaymaker, principal consulting analyst, TechVision Research.
“Today, you have to balance user convenience with data compliance,” said Slaymaker at an Enterprise Connect session, “Top Collaboration Compliance and Privacy Issues, and How to Address Them.” A good starting point is to understand where confidential and private data is stored and processed. You should also look at your organization’s environment to see whether data requires a consumer, enterprise or military grade security framework, he said.
Along with addressing national data privacy laws and regulations, many organizations also take a proactive internal approach to be sure they are not violating employee rights or union contracts. “One suggestion is to carry two phones to keep your professional and personal data separate,” Slaymaker said.
Navigating regulations
IT leaders should work closely with attorneys and vendors to understand and comply with the laws and regulations in regions where they do business. For instance, China has different cybersecurity rules for companies with majority Chinese ownership versus those owned by international corporations.
“National regulations can affect data storage, data process and viewability,” Slaymaker said, noting that the European GPDR rules apply to their citizens anywhere in the world. Therefore, a North American company might want to adopt those rules for consistency.
“Don’t assume your UCaaS provider meets all data compliance standards,” Slaymaker added. “When you choose a UCaaS solution, you may want to consider owning your encryption keys for an additional level of security.”
Adding AI to the mix
Data compliance is also an issue when implementing AI tools such as ChatGPT. For instance, should you use AI to track contact center agents interactions and give them coaching tips or would that violate their privacy.
With AI, you may want to import all customer interactions to train the models to better understand those interactions in different geographies. But you need to know where that training takes place and whether that data will stay within the organization, Slaymaker said. “AI can also give you nice transcriptions and summaries of meetings, but you don’t want that solution provider to have confidential data about your organization.”
Use cases for compliance
If you consider compliance to be unimportant when implementing new solutions, think again. There are many reasons for setting and upholding data security and privacy rules, Slaymaker said, citing several use cases.
• Protecting intellectual property. Delays on a major project, for instance, could affect the company’s stock prices if it leaked out. “You also want to project your organization’s R&D work, to avoid it being stolen and replicated in another geography,” Slaymaker said.
• Ensuring company communications remain private. Mergers, acquisitions and divestitures impact lives, jobs and financial returns, so those conversations need to be protected. Be sure your UCaaS providers protect the meta data, as well as live conversations, as knowing who is talking to whom could provide clues to upcoming actions, even if the words are encrypted.
• Shielding sensitive customer interactions. If you work for a healthcare organization or insurance company, for instance, patient privacy is paramount. A leak involving a famous person with a medical condition could have a damaging reputational and financial impact on your organizations.
• Complying with labor laws. A multinational organization may need to geofence employee data to manage cross-border data transfers. Even when an employee goes elsewhere on vacation, that data may need to stay within his or her country.
A complex issue
Today, data is replicated and spread around the world, making it difficult to know where information is located and it is being used, Slaymaker said. “The only way to truly secure data is not to create it in the first place,” he added. “Once it’s created it’s out in the either, and the issue becomes how much time and effort is involved to get into that data.”