Month: December 2019

Release Notes December 23rd: CSV export for all users, Hub Logout and Syncing Improvements

Posted on by Niki Finegan

Hello SnapEngagers,

Here are the latest changes that applied to the system in the last weeks:

Updates:

  • A new CSV export of all agents and sub-admins: An account owner now has the option to download a “Full User Report” of all users across all widgets as a CSV file in the My Account > My Info section.
  • Admin Dashboard:
    • Proactive Chat: We have improved the UI for the proactive configuration modal in preparation for an upcoming feature release. Stay tuned for updates!
    • We have increased the audit log events for changes to the Design Studio tab to include the selection of a different design.
    • We have updated and improved the UI of the subscription and payment page.
  • Bot API:
    • Improved the performance of the initial message query to the bot to speed up the first bot response.
  • Chat Box:
    • Moved the call-me button to the input menu (This option was temporarily in the old position at the bottom of the box outside of the menu).
  •  Hub:
    • Improved the login speed for accounts set up on a very high number of widgets.

Resolved Issues:

  • Hub:
    • Fixed an issue where the system did not immediately register when an agent logged out of the Hub. The “logout” option will now log the agent out of all Hub sessions they were logged in to, across windows and tabs.
    • To avoid missing visitor chat messages we have improved the syncing behaviour of Hub when an agent intermittently loses their connection.
    • Also improved the team chat message syncing.
    • Fixed an issue where agent links were not resolved correctly in the right side column.
    • Fixed the infinite scroll on team chats.
    • Fixed an UI issue with the Knowledge Base search box and file upload request modal.
    • Fixed an UI issue with the Survey Score modal.
  • Microsoft Dynamics integration: Fixed an issue where the ‘Topic’ field in Dynamics was not updated by the custom data mapping selection
  • Proactive Chat: Improved the admin dashboard performance when a high number of proactive chat rules are configured
  • Auto Translate: Fixed an issue where auto-translated messages were missing for a transferred chat.
  • Analytics:
    • Fixed Agent Performance – Transfers Report – drill down by agent not displaying chats.
    • Fixed two issues with Visitor Experience – Queue Report:
      Chats in Queue vs Total Count report drill down showing the wrong selection of chats.
      (Notice: The Hourly Average Time in Queue and Visitor Queue Time Binned Report are currently not yet updated and remain to be fixed.)
      Queue report graph was showing the queued chats outside the top of the report.

Four Steps to Data Governance C-level Sponsorship

Posted on by suzanneleigh

Privacy laws such as the CCPA are being enacted all over the country at a rapid pace. Some firms are still struggling with how to get executive levels on board. Successful data governance plans need a C-level sponsor who understands the business value of adopting a thorough data governance strategy as well as the risks of kicking the can down the road. It may be up to you to convince them why. 

Four Steps to Data Governance C-level Sponsorship

Getting executive support starts with educating your internal team on data privacy laws. You’ll need to be able to communicate the benefits to the bottom line while illustrating the urgency of preparing for the rapidly developing regulatory environment. 

Nothing speaks truth to power as quickly as fact. The implementation of the GDPR in May of 2018 caught many companies unprepared. Your proposal should give your internal team a glimpse of what happened to those firms who were not GDPR ready and highlight critical data risks firms are experiencing. The goal is to align data privacy with leadership’s priorities and be able to respond to their questions. 

Here are four steps you can take to prepare your proposal to educate your internal team on data privacy law.  

1 – Point out the effect of data privacy law compliance on revenue

As the California Consumer Privacy Act (CCPA) begins in 2020, we can look back at the implementation of the GDPR in 2018 and how those companies that set up a data governance plan immediately had a competitive edge over those that didn’t. 

The consumer climate is data privacy-aware. Customers and business associations are starting to insist that firms answer questions about data privacy. As a result, compliant companies experienced less of a sales delay due to customer privacy concerns. 

A January 2019 report by Cisco Cybersecurity mentioned that 87% of the companies reported having delays in sales because they hadn’t yet created a data governance plan or were struggling to implement one and could not respond to the client’s data privacy requests or concerns. 

Cisco also reported that GDPR-prepared companies experienced roughly one week less of a sales delay than those that weren’t yet compliant, and two weeks less of an impediment than those who knew they wouldn’t be able to reach compliance in one year.

There are both benefits of being compliant and detriments to not being compliant, and becoming compliant is not something you can do overnight. The sooner C-level and internal teams understand the potential damage to the bottom line by ignoring data privacy laws, the closer you are to being ahead of data privacy laws..  

The goal is to present the importance of a data governance plan, team, and execution as  inseparable from your firm’s vision for growth and scalability. Being GDPR and CCPA compliant is becoming a public marker of personal data safety. The more consumers demand data transparency, the more your level of competitiveness will hinge on your level of compliance. 

2- Highlight key data risk issues firms are currently experiencing

Data graveyards — Many businesses have masses of latent data stored in disparate locations which interferes with database efficiency by impeding migration, increases risk, and bleeds finances. Data assessment, data mapping, and data pruning as a part of a data governance plan are first steps in tackling data graveyards. 

To comply with data privacy laws, firms will have to be able to retrieve and delete data in a timely fashion or face the possibility of fines and lawsuits. House cleaning and streamlining data storage will enhance a firm’s ability to scale and remain agile amid rapidly evolving technology and accelerated data privacy-focused business climate.  

Fines and lawsuits — The lack of a thorough and compliant data governance program is a liability that leaves a firm’s bottom line exposed. Fines, lawsuits, and reputational damage are definitely something that C-suite management can understand. Bring in the statistics, resources, and projected outlook to build a sense of urgency. Data privacy penalties are real, and they are becoming more and more prevalent in all markets and countries. Here are some recent examples:

  • British Airways £183.39M
  • Uber £385,000
  • Equifax £500,000
  • Marriott International £99M
  • Facebook Ireland £500,000
  • Google $50M
  • YouTube $150M

Information security — Data breaches are a genuine threat. Without a robust and scalable data governance plan in place, companies will be less able to defend against the increasingly evolving technology used by malicious agents. Not only will data breaches harm your reputation and your brand, new data privacy laws such as the CCPA will also slap you with fines and open you up to civil action. Some of the data breach headlines of 2019 include:

  • Capital One — One of the most significant data breaches in history. 106M private records were hacked, including customers’ personal information, Social Security, and credit card numbers.
  • Adobe Create Cloud — 7.5M users’ emails and other details that could be used in phishing attacks against users.
  • Canva — 140M users login credentials hacked. 
  • American Medical Collection Agency —7.7M private records, including Social Security numbers and medical records resulting in the medical billing vendor filing for bankruptcy.

Third-party vendors — The GDPR requires mutual B2B compliance. This means if your vendors are not in compliance, neither are you. The CCPA requires a written contract in place with all vendors that has specific language. Privacy laws make it compulsory for companies to audit the third-party vendors in their supply chain as soon as possible. This also means that you can expect inquiries about your level of data governance from your business associates as they prepare for compliance with data privacy laws.

3 – Align data privacy with leadership priorities

What execs need to understand is that data privacy is here to stay and will only continue to develop in a future that is inextricable from the dependence on data collection for business processes. In short, tabling this issue will only make things more complicated and more expensive down the road. 

After the passage of GDPR, many US media sites had no choice but to block EU customers because they didn’t prepare soon enough. The California privacy law has a more extended reach. As the 5th largest market in the world, expect the CCPA to become a national standard. Any company doing business with any person or service provider from California will be directly affected.

Overhauling or implementing a data governance program will be an investment challenge. It will require embedding data protection throughout all processing operations and communication through all lines of business in an organization. It may even require firms to rethink their business models. Your internal team needs to understand that the quality of this investment will have a direct effect on scalability in the future. 

4 – Be prepared to respond to C-level questions

1 – Study GDPR and CCPA laws with legal to grasp a full understanding of the bar set for current data privacy laws.

2 – Review your ongoing master data management and data governance programs with IT to isolate primary weaknesses and brainstorm solutions.

3 – Research data governance plan and data governance team options considering the structure currently in place. You have choices here depending upon your current data management structure but keep agility and scalability in mind. You’ll want to be able to illustrate the benefits of the future adaptability of any data governance investment. 

4 – Beyond regulatory obligations, prepare to speak to risk mitigation, customer expectations, and ROI considerations to leverage leadership priorities.   

Depending on your organization, you may only get one shot at getting your internal team on board. Take the time to prepare thoroughly to maximize your chances of getting funding and support from senior leadership. Identifying the key decision-makers, their priorities, and what angles have persuaded them in the past will go a long way towards a smooth sale. 

 

Request a demo of our secure chat platform

How to Comply with New Data Policies

Posted on by suzanneleigh

Why You Need to Comply with New Data Policies

 

The EU’s General Data Protection Regulation (GDPR) caught many companies with European customers off guard — and started a tidal wave of data regulation legislation across the globe, including America. Organizations the world over scrambled to try to comply with new data policies.

GDPR introduced higher privacy standards, transparency, and accountability for all companies (both inside and outside the EU) that offer goods or services to —  or collect the data of — EU individuals.

Think it doesn’t apply to you? The GDPR has set precedence for a wave of similar data privacy laws… everywhere.

Tens of thousands of violations were reported within eight months after the GDPR went into effect on May 25, 2018 — one was Google. Facebook’s verdict should be revealed in the coming months. 

Sites that weren’t prepared to comply with new data policies, such as the LA Times and Chicago Tribune, went dark in Europe until they could get up to speed. The penalties under GDPR can be up to 4% of a company’s revenues.

 

Learn more about our secure customer engagement solutions

Request a call

 

The new US data privacy laws expose companies to fees and lawsuits

Even though the federal government has yet to adopt a nationwide data privacy law, the states have been taking up the slack and creating their own. To date, data privacy, data security, cybersecurity, and data breach notification laws have been passed, enacted, or are pending in 25 states creating a potpourri of regulation that can be confusing. 

The penalties of these laws are stiff, but they can also expose companies to private legal action which can be considerably more damaging to both a firm’s bottom line and brand.

Act Now

 

Firms need to be proactive and get in front of the coming onslaught of data privacy laws. On the state level, the most comprehensive law thus far is the California Consumer Privacy Act (CCPA). The CCPA went into effect on January 1, 2020. 

Coupled with the GDPR, the CCPA is a good frame of reference to gauge what changes you need to implement today. The CCPA is currently worded to apply to companies that:

  • Have more than $25M in gross annual revenue, or 
  • Handle the personal information of 50k consumers, households or devices, or
  • Receive 50% of their revenue from selling consumer personal information.

Qualifying hurdles are likely to get even more stringent as legislation continues to be enacted and amended all over the country.

 

The Gist? Consumers Own Their Own Data. You Don’t.

 

In contrast to the past, today’s data is no longer the property of the company to do with what it wants, it’s the property of the customer. Under the CCPA regulations, here’s what needs to happen when consumers visit your site for you to comply with new data policies.

  • Consumers must be informed that you collect data, what data you collect, and how that data will be used — in language they’ll understand
  • Consumers must be provided with all of their personal information if they request it
  • Consumers can request that you delete all of their personal data which means you must make sure that any third-party service providers you do business with delete it as well 
  • Consumers can’t be discriminated against for exercising their rights

Consumers can sue if there’s a breach of non-encrypted or not-redacted data.

 

5 Steps to comply with new data policies

 

1. Educate yourself on GDPR and CCPA laws

Companies will not only have to comply with new data policies — but also be able to prove what they did to ensure compliance. Learn more about these regulations, and any other regulations that are relevant to you, so you can understand how to comply with new data privacy laws that might apply to you. You’ll then have to do a bit of data soul searching and thoroughly revisit why you collect data in the first place.

2. Create a team and framework for compliance

  • Integrate IT and legal to develop a team and a plan for compliance
  • Understand the definitions of “Personal Information” under GDPR, CCPA, and any other laws that may have jurisdiction over the data you collect, how you collect it, how it is controlled, processed, managed and protected.
  • Identify similarities, overlaps, and gaps between privacy laws in different relevant jurisdictions

3. Identify and classify what data you collect

 

What lawful basis do you have for collecting data? 

There must be a lawful reason for you to collect, control, and process data to be in compliance under the GDPR. There are six categories of lawful basis for data collection:

  • Consent: The consumer has given you consent to collect their data.
  • Contractual:  The collection of data is necessary for your company to fulfill a contract with the consumer.
  • Legal Obligation:  Your company must collect and/or keep the data to comply with the law.
  • Vital Interests:  Your company must collect/keep/use a consumer’s data because it is necessary to protect the vital interest of the consumer or another party.
  • Public Task:  Your company must collect/keep/use a consumer’s data in order to perform a task that is in the public interest.
  • Legitimate Interests:  It’s in the legitimate interest of your company and the consumer to collect/keep/use their data.

 

What data is subject to GDPR, CCPA, or any other relevant data privacy regulations?

Beyond obvious identifiers such as names, social security numbers, medical records, etc, personal information can extend to many other more indirect identifiers. Both data laws specify data that could be used as an identifier ranging from cookies and IP addresses to order history and geolocation. 

While the GDPR includes all publicly available data, the CCPA makes further distinctions about which publicly available data is subject to the law. This means that even though you may collect data that is available to anyone online, once it is controlled by you, you may be subject to compliance. A careful study of what constitutes data under any relevant privacy regulation is critical.

 

What data is shared and/or managed by third parties? 

Both data controllers and processors are subject to compliance. GDPR and CCPA both say companies can only work with other companies that are also completely compliant. Anyone that processes data sourced from you must be in compliance. Your business associates need to follow suit. If they don’t, find new ones.

4. Evaluate your data management and protection systems

  • What are your current data protection systems?
  • What are your data mapping and integration processes?
  • What are your procedures and controls for internal access rights and requests?

5. Take Action

  • Overhaul vendor agreements, on both sides, for third-party compliance
  • Develop procedures for tracking and confirming the compliance of business associates and service vendors — If the’re not in compliance, get new ones
  • Develop procedures for managing opt-out and deletion requests
  • Revise customer consent, disclosure, and privacy notices with legal counsel
  • Invest in technology upgrades, security tools, and AI to mitigate risk and upgrade your cyber defense platform
  • Hire or designate staff to manage data protection, stay apprised of changes in regulation and communicate with regulators
  • Develop procedures for ongoing internal updates and security awareness staff  training to stay in compliance with evolving regulations

The benefits of complying today

 

As privacy standards become the status quo, transparency and trust will be major players in generating brand loyalty. Firms that incorporate secure and compliant customer solutions will generate consumer trust and engagement sooner than others.

SnapEngage chat solutions let you send and receive data and images in compliance with the most rigorous privacy laws emerging — both internationally and in the US. Our customizable platform and omnichannel reach allow you to engage with prospects and customers wherever they are. 

With SnapEngage, you won’t have to worry about making sure you comply with new data policies, privacy regulations, or amendments when using chat. We do that work for you.

 

Request a Demo Now