Data Policies

Data Policies is an AI-driven application that makes contact center compliance and risk management more efficient. The application supports audio interactions from CXone Recording, , CXone AppLink, CXone ACD, and migrated calls.

The application serves two main functions:

  • It proactively identifies risks that are unique to the customer. These risks are found in their interactions and related data.

  • It suggests steps to either mitigate these risks or to create data policies that match the company’s needs.

Identifying and Managing Risks

On the Risk Detection board, the system uses data analysis and analytics to identify potential risks. The risks identified are actionable.

The weekly date range displayed on the risk detection page for the widget is in local time and always from Monday to Sunday.

Unmasked Sensitive Information Widget

The Unmasked Sensitive Information widget identifies calls where sensitive data failed to be masked by the Mask API. This widget covers audio and screen interactions.

Custom Widgets

Create custom widgets and configure which categories to monitor on the dashboard. This enables tracking of interactions flagged by risk categories on a weekly basis. The widget provides the ability to drill down into these interactions, review metadata, and play back recordings.

You can choose include one CXone Interaction Analytics (AI) category in each widget to proactively identify and manage potential risks within the CXone repository. This requires the Interaction Analytics license.

To take action from the Risk Detection board:

  1. Click on the widget to view the list of identified interactions.

  2. After viewing the list of interactions, if you want to proceed, there are two options:

    1. Click an option to take action immediately.

      Data Policies starts the process of applying the action to the interactions. Follow the progress on the Activity Tracking board, as you would for a policy.

    2. Click Save as Policy to create a policy and to refine the criteria. Continue to Automated Data Policies and Approval Workflow.

Policy Types

Media Deletion: This policy allows you to delete on-demand media to eliminate violations (such as PCI or privacy) and reduce risks. For example, if a call recording contains sensitive customer information, this policy could be used to delete it. The Media Deletion policy deletes audio and screen recordings and Analytics transcripts.

This policy type operates at the contact level. As a result, when this policy is applied, it will delete all recorded files and transcripts associated with that particular contact.

If any files are being retrieved for long-term storage, they won’t be deleted. You should make sure to run a Deletion policy to delete these files once the retrieval is done.

Litigation Hold: This policy places interactions under litigation hold (recording files with their respective metadata) for audio and screen recording. This is to make sure that information isn’t removed by a deletion action, policy or LCM rule. It ensures adherence to legal requests or other business requirements. This policy is not applied to Interaction Analytics transcripts.

This policy type operates at the segment level. As a result, when this policy is applied, only the specified segments in the search results will be placed in litigation hold.

If the media associated with an interaction is not found, only the data will be subject to the litigation hold. In this case, the policy status for the action will be Partial Success. This lets you know that the media was already purged beforehand.

Litigation Release: This policy releases interactions placed under litigation hold by a Litigation Hold policy. For instance, when a legal issue is solved. In this case a policy can remove the hold from the relevant interactions, so they can be deleted by any other policy or LCM rule.

This policy type operates at the segment level. As a result, when this policy is applied, only the specified segments in the results will be released from litigation hold.

Data Erasure: This policy deletes or anonymizes all customer information in CXone for the past 15 years. It reduces risks by ensuring no private customer data is stored, in compliance with rules and regulations.

The Data Erasure policy deletes all of the customer's recorded files and Personal Identifiable Information (PII) associated with the customer's phone number or email address. This includes audio recording, screen recording, and IA transcripts.

If any files are being retrieved for long-term storage, they won’t be deleted. You should make sure to run a Data Erasure policy to delete these files once the retrieval is done.

After the data is erased, you can later search in the Search application using the #DataErasure hashtag. Alternatively, in the Contact History report, search by entering nic_anonymize.com in the DNIS/To Address or ANI/From address field. ​

Automated Data Policies and Approval Workflow

Create a policy to begin searching for interactions that match the policy criteria you define.

Interactions will be included in a policy’s search results up to 30 minutes after the call ends.

To create a policy:

  1. Click New Policy and then select Policy Type.

  2. Under Policy Name, enter a name.

    • Use a consistent format with recognizable and consistent names that are recognizable and consistent throughout your organization.

    • Use meaningful prefixes and suffixes.

    Examples:

    • Complaint – Service – John Doe

    • Complaint – Technical – John Doe

    • Legal Case – John Doe

    • Legal Case – Campaign A

    • Class action – Campaign X

  3. Complete all mandatory fields and add policy criteria as needed.

    The criteria you can select depends on the policy type.

    Criteria

    Description

    Agent Name

    The name of the agent as specified in the CXone employee account. When there are multiple agents for a segment, this field has multiple values. The agents are listed in respective order in the Agent ID, Agent Name, and Team Name fields.

    ANI/From, DNIS/To

    A telephone number or email address.

    Values must be separated by commas (no spaces) for multiple telephone numbers or email addresses.

    When entering a telephone number, you must include the + symbol (for ANI/From), or the ++ symbol (for DNIS/To) and the country code prefix to each telephone number you enter.

    ANI/From example: +11234567890 (for a number in the United States)

    DNIS/To example: ++11234567890 (for a number in the United States)

    Category

    The path to the CXone Interaction Analytics category. When this category is selected, the policy is applied to the last 90 days (regardless of the dates selected for the policy).

    Selecting this allows targeting specific Interactions for compliance actions such as Media Deletion, Litigation Hold, and Litigation Release.

    This category is available for selection if you have View permissions and an Interaction Analytics license.

    Channel

    Specifies the medium through which calls take place between parties. This includes social media, phone calls, digital chat, and so on.

    When creating policies, selecting this criteria allows you to filter calls based on these communication mediums. If multiple channels are selected (e.g., phone call or chat), the policy will search for calls that match any of the selected channels.

    For Data Erasure policies, email and chat channels are related to InContact (legacy).

    Customer Info

    This is the customer's phone number or email address. This includes incoming or outgoing calls.

    Values must be separated by commas (no spaces) for multiple telephone numbers or email addresses.

    When entering a telephone number you must include the + symbol (for ANI/From), or the ++ symbol (for DNIS/To) and the country code prefix to each telephone number you enter.

    ANI/From example: +11234567890 (for a number in the United States)

    DNIS/To example: ++11234567890 (for a number in the United States)

    Duration

     The length of the segment.

    Direction

    The direction of the call. Supported values are:

    • Incoming: A call received by the agent from an external source.

    • Outgoing: The call was initiated by an agent.

    Litigation Hold

    Indicates whether an interaction is under litigation hold. When an interaction is under litigation hold, its metadata and media cannot be deleted by any deletion or erasure action. However, business data values can be edited and changed.

    Master Contact

    The master or parent ID of the contact. The contact can contain one or more related segments.

    When you create a policy to include this criteria, Data Policies search only for the first master contact of an interaction.

    Recording Alert

    A Recording Alert is a notification indicating an issue during the recording process. It informs users about specific problems such as screen recording errors, connection issues, or incomplete audio data.  

    Segment ID

    Unique identifier of the segment. A segment is an interaction with two parties, such as a customer and an agent.

    Team

    The name of the team to which an agent belongs.

  4. (Optional) If you want the policy to repeat on an ongoing basis, select Recurring and then complete the details in the Recurrence Settings window that appears.

    When creating a monthly recurring policy, be mindful of the dates you choose. If you select the 29th, 30th, or 31st of the month, the policy may skip a policy instance for some months. This is because not all months have these dates (e.g., February only has 28 or 29 days).

  5. Click Create. The application begins searching for interactions that match the policy criteria. At this stage, no actions are performed. Any actions will only be taken after the policy is reviewed and approved.

    After creating policies to take action according to your needs, use Activity Tracking to see real-time updates on policies pending approval, in progress, and completed.

When a policy is in progress, it means that the application is still collecting data for interactions that match the policy criteria.

To view a policy in progress:

  1. On the Highlights tab, go to the In Progress tile.

  2. Locate the policy. The status of the policy will be Searching.

    If no interactions are found in the search process, the status changes to Succeeded with zero results and no further action can be taken.

  3. Click to open and view details of the search in progress. Here you can see details such as how many interactions were located as of the date shown.

When a policy is pending approval, it means that the application has gathered all the interaction data according to the criteria set in the policy and is now ready to take an action.

If no interactions are found in the search process, the status changes to Succeeded with zero results and no further action can be taken.

To approve or decline a policy:

  1. Make sure you have the appropriate permissions to approve a policy.

  2. On the Highlights tab, go to the Pending Approval tile.

  3. Before making your decision, you can open the policy to view the Search Results page. Here you can view the list of interactions located that match the policy criteria. You can also playback interactions.

  4. Depending on your decision, click Approve or Decline.

    Once a policy is approved, you can view the progress details on the Highlights tab, including information such as the number of interactions found as of the displayed date.

When a policy is completed, it appears on the Activity Tracking Completed tile.

The possible statuses are:

  • Succeeded: The policy completed running as expected.

  • Partially Succeeded: The policy completed running, but there is further information available about possible further action to be taken by the user. Download the report for details.

  • Failed: The policy failed to run.

  • Declined: The policy was declined by a user.

  • Succeeded with zero results: The policy finished running, but no interactions matched the policy criteria.

Click on the policy to view statistics and audit information about the completed policy on the Completed page.

Download a report that can serve as evidence for internal or external audit. This report includes the following information for each segment:

  • The Results from (Multiple Sources) column displays the aggregated results for applying a policy action to segments that exist in multiple locations. This column consolidates the results collected from each location where the segment resides, providing a comprehensive view of the policy action's impact across all sources.

  • The reason for failure (as previously described).

Completed policies can be viewed on the Highlights tab and Policies tab for 30 days. After this period, these policies, along with their entire history, will be available on the Policies tab.

Configuring Data Policies for Use

Data Policies is available if you have the Data Policies feature license. What you can do in the Data Policies application depends on the Data Policies permissions assigned.

FAQs for Data Policies

If you find the default monthly view of the date picker difficult to use, you can switch to an alternative view. Simply click on the month and year displayed at the top center of the date picker. This will allow you to change to an annual overview, where you can more easily select your desired year, month, and days.

Calls appear in the Interactions Search application faster than in the policy section. This is because the Interactions Search updates more quickly, usually within 15 minutes, while the policy section may take about 15-30 minutes to update.

An Interaction is the entire customer experience from start to finish. A Contact is a specific instance of engagement within an interaction, and a Segment is an individual step or part within a contact. Each segment can represent different communication channels or events.

When entering the value use the syntax as follows:

  • For ANI/From calls enter +(country code)(number)

  • For DNIS/To enter ++(country code)(number)

Audit Messages

See the Activity Audit report to view activities that take place in the Data Policies application.