Verizon Wireless: No Excuse For Data Security Issue
Image via Wikipedia
I’ve been thinking about the compromise of President-Elect Barack Obama’s mobile phone records at Verizon Wireless. Verizon Wireless recently fired the guilty parties, as they should. However, this is not the end of the problem. In fact, it’s only the beginning.
As I work in a customer service organization, I understand the business need for customer service agents to have access to customer records. In order to provide quality service to a customer, access to their relevant data is vital.
How much access to that data is needed? Does every rep need access to all that data 24×7, anytime? The CISSP in me says absolutely not. Do companies properly control access to this data? Not in my opinion.
There are always going to be people who need access to all customer data, e.g. management or management designates. However, the number of people who have that level of access should be relatively small. All access to that data should be heavily audited.
For the lowly customer service rep–the people who typically answer the phone when a customer calls in–they should have access to the customer’s records unless the customer provides a PIN of some sort. Without a valid phone number and the appropriate PIN, the customer service reps should not be able to pull up the records at all.
Of course, there are going to be exceptions to this rule, for example if a specific rep is working with a specific customer on a specific issue, but as a rule, only people with a valid business reason to have access to the customer data right now should have that access. This needs to be enforced by business process as well as the tools themselves.
Really, though, it’s a simple matter. If you don’t have a legitimate business reason for looking at customer data, don’t do it. This has always been my policy back from when I was a systems administrator. Reputable customer service agents follow this rule, the good ones don’t even have to be told.
Back to Verizon Wireless for a moment. While I know it is a matter of a few rogue employees and I feel they responded to the situation appropriately, it shouldn’t have happened in the first place. A large telecom like Verizon Wireless should have systems in place to prevent this kind of “data leakage” already. Clearly, whatever measures they employ either weren’t followed or were ineffective.
I hope that all telecommunications carriers learn from this experience.
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=830b1295-2e88-4be8-85ea-d7b38cb8beac)
Bookmark with: del.icio.us Digg it Furl iFeedReaders ma.gnolia Maple.nu RawSugar reddit Simpy StumbleUpon
Tags: Business process, customer service, verizon wireless Fnord
Comment by spg
i have dealt with some pretty bad customer services situation where there was total contradiction between one rep and another or they even flat out told me a different policy the second time. since these were billing issues that had a very direct impact on my finances(even is only to a small degree) i take them very seriously. in these cases i really wish there would have been some way to play back the conversation when the story changed and the CS rep denied what they told me the first time. this of course being handled on verizon’s end not me(the customer) having to be the one to record the call when it is already being recorded.
spg
Comment by PhoneBoy
I wonder if we can record the calls with Customer Service ourselves for exactly this kind of problem?
Comment by Kent
I agree.. is should always be a standard operating procedure to every telecomm company..