Why outsourcing your call center comes with privacy risks

Waltzer has recently completed an engagement where a client asked us to privacy audit their call centers in the Philippines. These audits have given us some eye-opening experiences about the data breach risks that are involved in so-called business process outsourcing (BPO) third parties.

Many companies are tempted to use HR or call center services in cheap English speaking locations like the Philippines and India as a way to significantly cut costs. But while the savings might be too good to pass up, there are reasons to exercise some caution when offshoring.

First we should say that breaches can occur in call centers anywhere including in rich world countries. And the plus side of outsourcing is that in places like the Philippines and India call center jobs are considered attractive careers to have and the staff are generally motivated and hard-working.

Data Security Risks

Out of sight for many companies unfortunately means out of mind.

But sending sensitive customer data overseas to be handled every day by faraway staff opens up vulnerabilities. You simply don’t have the easy oversight, the capacity to easily do background checks, nor the confidence in an efficient legal system if things go wrong.

So as we tell all clients, share only the minimum that you need to with third-party partners. That applies no matter where they are located.

In our experience it is not the contracts with BPO partners that is the problem. Contracts are usually watertight, committing the overseas to all the data protection requirements of the client. It is rather that on the ground reality falls short – often on basic technical controls.

Being hands-on can reduce data breach risks

Companies outsourcing their operations to offshore call centers should prioritize regular audits to check the small details like how staff login, are they working from home and if so, under what conditions and with what kind of network and application security.

You should be directly involved in setting up clear ways of working for the frontline staff and protocols for handling sensitive customer information to minimize the risk of data breaches. Dos and donts of emailing with customer data, awareness of phishing and all the aspects of a privacy and cybersecurity program for your own staff should be considered.

Then be directly involved in implementing. Train, drill, test and do it again and again.

Working conditions make a difference

Call center jobs in the Philippines and India often have less than ideal working conditions. Employees are expected to work long, odd hours to align with overseas time zones and they deal for long hours with sometimes unhappy customers. The repetitive, high-stress work leads to physical and mental stress and that can affect motivation and quality.

We have found issues with late payment of wages and mandatory overtime are common. The difference between centers where staff are treated well and the sweatshops are noticeable in levels of staff motivation and sense of being part of a team that has a stake in doing things according to the rules.

Waltzer has made employee screening, privacy audits and privacy training in call centers a bit of a specialty. Training especially can and should be done in a fun way with local cultural sensitivities in mind. We have proven to clients who were alarmed by our initial findings, that practices can be turned around and improved quickly.

Previous
Previous

What do I need to be GDPR compliant?

Next
Next

Using ‘Trust Layers’ to make Responsible AI