Data Policies

Data Policies is an AI-driven application that makes contact center compliance and risk management more efficient. The application supports audio interactions from CXone Recording, CXone AppLink, CXone Multi-ACD (CXone Open), and migrated calls.

The application serves two main functions:

  • It proactively identifies risks that are unique to the customer. These risks are found in their interactions and related data.

  • It suggests steps to either mitigate these risks or to create data policies that match the company’s needs.

Identifying and Managing Risks

On the Risk Detection board, the system uses data analysis and analytics to identify potential risks. The risks identified are actionable.

The weekly date range displayed on the risk detection page for the widget is in local time and always from Monday to Sunday.

Unmasked Sensitive Information Widget

The Unmasked Sensitive Information widget identifies calls where sensitive data failed to be masked by the Mask API. This widget covers audio and screen interactions.

Custom Widgets

Create custom widgets and configure which categories to monitor on the dashboard. This enables tracking of interactions flagged by risk categories on a weekly basis. The widget provides the ability to drill down into these interactions, review metadata, and play back recordings.

You can choose include one CXone Interaction Analytics (AI) category in each widget to proactively identify and manage potential risks within the CXone repository. This requires the Interaction Analytics license.

To take action from the Risk Detection board:

  1. Click on the widget to view the list of identified interactions.

  2. After viewing the list of interactions, if you want to proceed, there are two options:

    1. Click an option to take action immediately.

      Data Policies starts the process of applying the action to the interactions. Follow the progress on the Activity Tracking board, as you would for a policy.

    2. Click Save as Policy to create a policy and to refine the criteria. Continue to Automated Data Policies and Approval Workflow.

Policy Types

Media Deletion: This policy allows you to delete on-demand media to eliminate violations (such as PCI or privacy) and reduce risks. For example, if a call recording contains sensitive customer information, this policy could be used to delete it. The Media Deletion policy deletes audio and screen recordings and Analytics transcripts.

This policy type operates at the contact level. As a result, when this policy is applied, it will delete all recorded files and transcripts associated with that particular contact.

If any files are being retrieved for long-term storage, they won’t be deleted. You should make sure to run a Deletion policy to delete these files once the retrieval is done.

Litigation Hold: This policy places interactions under litigation hold (recording files with their respective metadata) for audio and screen recording. This is to make sure that information isn’t removed by a deletion action, policy or LCM rule. It ensures adherence to legal requests or other business requirements. This policy is not applied to Interaction Analytics transcripts.

This policy type operates at the segment level. As a result, when this policy is applied, only the specified segments in the search results will be placed in litigation hold.

If the media associated with an interaction is not found, only the data will be subject to the litigation hold. In this case, the policy status for the action will be Partial Success. This lets you know that the media was already purged beforehand.

Litigation Release: This policy releases interactions placed under litigation hold by a Litigation Hold policy. For instance, when a legal issue is solved. In this case a policy can remove the hold from the relevant interactions, so they can be deleted by any other policy or LCM rule.

This policy type operates at the segment level. As a result, when this policy is applied, only the specified segments in the results will be released from litigation hold.

Data Erasure: This policy deletes or anonymizes all customer information in CXone for the past 15 years. It reduces risks by ensuring no private customer data is stored, in compliance with rules and regulations.

The Data Erasure policy deletes all of the customer's recorded files and Personal Identifiable Information (PII) associated with the customer's phone number or email address. This includes audio recording, screen recording, and IA transcripts.

If any files are being retrieved for long-term storage, they won’t be deleted. You should make sure to run a Data Erasure policy to delete these files once the retrieval is done.

After the data is erased, you can later search in the Search application using the #DataErasure hashtag. Alternatively, in the Contact History report, search by entering nic_anonymize.com in the DNIS/To Address or ANI/From address field. ​

Automated Data Policies and Approval Workflow

Configuring Data Policies for Use

Data Policies is available if you have the Data Policies feature license. What you can do in the Data Policies application depends on the Data Policies permissions assigned.

FAQs for Data Policies

Audit Messages

See the Activity Audit report to view activities that take place in the Data Policies application.