Are you responsible for ensuring a contact center’s security and privacy compliance? Are you concerned about the safety of having consumers verbalize information? Is it safe for them to give their password, PIN, or credit card information, especially today when you likely have many of them working from home?

Many customers feel nervous about sharing personal information, in general. It’s time-consuming, irritating and potentially a huge hole in your security posture and your compliance with financial, privacy and security regulations.

Today, new technology is increasing security for the consumer and the business. Keep reading to learn more.


Privacy Compliance in 2020 and Beyond

The regulatory environment is constantly evolving, and more and more consumers are getting concerned about how their data is handled. Do you know who, inside and outside your company, has access to your data? Does your consumer information cross international borders? Do your agents handle payments over the phone, making you responsible for PCI compliance? Are you able to quickly respond to new privacy laws like GDPR and CCPA? The penalties and loss of reputation for being out of sync with these regulations can destroy a company, so it’s crucial that you’re covered now and into the future as more and more regulations and customer expectations will enter the picture.

Corporations benefit from developing integrated databases to expedite processes and examine business analytics. Yet, refining the data so you only collect essential information offers more security.

The protection of personal information became a concern at the end of the last century. With physical distancing required by the COVID pandemic, more business takes place remotely, which increases the attack surface for the bad guys and makes most companies more vulnerable to a breach.

Cyberattacks have increased exponentially since the start of the pandemic. The World Health Organization has experienced a 500% increase in attacks. This highlights the importance of strengthening data security now and in the future.


Regulatory Acts that Impact Call Centers

The focus of privacy acts is to protect Personal Identifiable Information (PII). This includes any direct identifiers such as name, address, social security numbers, and more. It can also include indirect data such as gender, birth date, and geographic location, for example.

Any piece of data that allows physical or online contact with a specific person qualifies as PII. This information may come from paper, digital, or other media.

The following is an overview of some of the security compliance privacy acts.



On December 20, 1992, the Telephone Consumer Protection Act went into effect. The purpose of this act was to stop unsolicited telemarketer calls to customers.

This includes live phone calls, pre-recorded calls, and text messages. These companies must have “prior expressed consent” before contacting the consumer. Unfortunately, this continues to be a persistent problem.



The Health Insurance Portability and Accountability Act (HIPAA) became effective in 1996. The HIPAA Privacy Rule established regulations addressing the disclosure of protected health information (PHI).

Healthcare providers, organizations, and their business associates must establish procedures ensuring PHI security. This involves protection during use, transfer, and storage.



The California Consumer Privacy Act (CCPA) became effective on January 1, 2020. It establishes rules for businesses worldwide that handle California resident’s personal information (PI). Companies and their associates must comply if they collect, store, handle, or transfer PI.

The General Data Protection Regulation (GDPR) Is the European Union’s digital privacy law. Organizations must provide strict security for all personal data gathered about European citizens. It forbids the misuse or exploitations of the data owner’s rights to privacy.

Both laws have strict mandates and steep fines for violations.



Payment Card Industry (PCI) regulations address credit card companies’ responsibility to secure credit card transactions. This includes technical and operational standards that businesses must meet. Its purpose is to protect credit card data provided by the cardholder and then transmitted.

These rules apply to all merchants who process credit card sales. They’re required to encrypt all internet transactions.


Call Center Compliance Issues

Call centers must verify who they’re speaking with before continuing the conversation. This is key to guarding against unauthorized access or use of personal data. Most commonly, the caller is asked several PII questions.

This leads to many issues. Is the phone line, internet, or email system blocked to bad players? Did a hacker gain access to this “I Am” information?

How can businesses protect themselves and their customers from security leaks?


Enhanced Security Solutions

IT security companies are working to develop more robust protection solutions. One approach is asymmetric encryption. This solution encrypts PII using symmetric keys. This means that the data is neither input nor visible with every interaction.

Data transfer occurs between the two parties without being seen. The call center personnel receive a message verifying the caller’s credentials.

Zero knowledge proof” establishes proof of accuracy without showing verification information. In this type of exchange, no sensitive information exchanges hands. It’s also individually encrypted.

This type of network uses the Zero Knowledge Proof cryptography that proves a fact as true. The system doesn’t ask the consumer to provide passwords or other information. Thus, the PII can’t become compromised from either the sender or receiver’s end.

So, how does this work? A user enters their PII into their secure web browser or smartphone. The information is then encrypted and verified by a Trusted Identity Platform.

The call center agent works on a Trusted Identity Platform dashboard. They receive a notification that the identity passed or failed, but cannot see the actual data. This has obvious implications for agents working from home where awkward protocols like requiring employees to leave phones and writing utensils in a locker. With nothing sensitive on their screens, the company’s scope of compliance for privacy and security regulations is dramatically reduced.


Are You Looking for a More Secure Data Privacy Solution?

Consumers don’t like keeping up with 100s of passwords, security question answers, and PINs. They know that cyberattacks have become more prevalent, which makes them feel less secure about sharing personal information.

Companies also face a myriad of privacy compliance regulations. This requires frequent monitoring and upgrades to stay ahead of the hackers.

Journey has developed a new way of verifying identity in the digital world. We offer military-grade security, drastically reducing targeted and insider attacks, and an elegant, fast and easy customer experience.

The customer’s data is kept secure on their smartphone. Journey secures all inbound calls in less than 2 seconds with 99.9999% veracity. Contact center agents only see if the customer’s identity is verified or not. No sensitive data is ever shared.

Visit or send us an email at for more information.