Social Conversations: Best Practices to Protect Private Data
Amid public concerns over Cambridge Analytica’s use of Facebook data, the enforcement of new data privacy regulations under GDPR, and continuous headlines about data breaches such as the ones from Twitter and Facebook this week, we’re constantly reminded that exchanges between brands and customers sent through social networks can pose security risks.
Now is a great time to either implement or revisit best practices and SLAs with your agent team, to ensure everyone is following guidelines for protecting customer data, especially when exchanging information over third-party networks like Twitter, Facebook, or WeChat. Even if you’re using private messages or direct messages (DMs) on those networks, you’re not entirely in the clear; since mitigating security risks is the responsibility of the social networks and data is subject to their Terms of Service, brands have very little control over that data. And if you work in a regulated industry or have a customer base that may be more sensitive to data breaches, it might be time to consider adding a secure brand-owned channel into your customer care mix.
Moving from public to private:
When discussing issues without any personal data, such as providing steps to reset a password or hours of operation, public communication is ideal, especially if other customers would benefit from seeing the content. Direct Messages (DMs) or 1-on-1 messages are a great way for brands to take customer conversations to a private destination when necessary— for example, when you need more than 140 characters to resolve the issue, or when you need to share details that the brand or customer may not want the world to see.
If a customer reaches out to your brand with a public Tweet and it’s clear that personal information might be exchanged, you can ask them to send a Direct Message (DM) instead; it’s simple for an agent to add a link to a public response which will take the customer directly to where they can compose a DM. From there, your agent can interact privately with the customer to work towards a resolution.
Moving from private to secure:
For many brands, this method of moving to private social messages allows their agents to have more in depth conversations and collect more detailed information from customers, such as a product description. But if the brand or the customer needs to share more personal information, such as an email address, phone number, or birth date, the conversation should be transferred to a more secure channel to protect that data.
While this may sound simple, it’s important to get it right. Too often, brands must deflect customers from social to phone or email in order to authenticate the customer’s identity and securely discuss personal data. This raises support costs for the brand and creates a frustrating and fragmented experience for the customer. A recent study found that ‘getting passed around’ - switching channels or switching agents - was one of the top three most annoying customer service issues consumers encounter.
Here are four best practices for protecting you and your customers when engaging on social:
- Train agents on various data types
Make sure agents know when a public inquiry needs to be moved to direct messages, and make it as easy as possible for agents and customers to transfer into that channel. Better yet, equip agents with a list of the specific data types that can and cannot be exchanged, even in private, direct messages. Cross reference this list with any industry specific or local regulations like GDPR.
- Authenticate customers
If your customer hasn’t already been authenticated, confirm the customer is who they say they are via secure authentication. Ideally, authenticate customers digitally— their chosen communication style—and then either return them back to their original channel or transfer them to a secure brand owned messaging channel to resolve the issue.
- Transfer to a more secure, digital channel
Add a secure, brand-owned messaging channel to your customer care mix so you can easily move conversations into an encrypted space where your brand is in control of the data. To reduce costs, go live more quickly and and scale more effectively, make sure this channel is integrated with your existing social care platform rather than a standalone technology.
- Transfer to phone as a last resort
If for some reason you’re unable to implement a secure, brand-owned conversation channel, it’s critical you have a workflow established for transferring conversations to phone. Customer privacy should always be your top priority, but it’s important to also minimize customer frustration as much as possible.
Secure conversations without a phone call are possible
We continue to believe that social networks are an effective and preferred way for brands to engage with their customers, and recent news shouldn’t deter you from leveraging those channels. While your first instinct may be to create tighter guidelines around when to transfer conversations to your call center, it’s worth your while to consider whether brand owned messaging might be a good fit for your customer care department.
Up until recently, Sprint had a policy to deflect social inquiries involving account data to the phone in order to authenticate customers’ identity and securely discuss personal data. But this year, Sprint implemented a brand-owned, secure messaging solution through Lithium to safely engage customers in digital conversations without the inconvenience of diverting to a different channel. The implementation has resulted in a 77% reduction in calls back to a customer and a significant increase in positive customer sentiment.
If you’re a Lithium customer, adding brand-owned messaging is just like adding any other channel into your mix; all conversations continue to get routed, prioritized and analyzed in the same interface. To learn more about how you can use messaging to securely support customers the way they want to be supported, download our most recent whitepaper The Superhero of Customer Support: Messaging