Where customer feedback and security collide
Collecting customer feedback has become a bigger imperative than ever before for federal government agencies. New guidance to high-impact agencies from the Office of Management and Budget (OMB), new legislation like the 21st Century Integrated Digital Experience Act (IDEA), and emerging pressures from the Government Accountability Office (GAO) and Inspectors General (IG), for example, all point to the necessity of collecting and considering customer feedback on everything from websites to service and policy design.
You might think that with all the ways there are to collect customer feedback nowadays, it would be simple for every company or organization to do it, right? Unfortunately, for federal government agencies, even with Congress, OMB, and the GAO and IGs all calling for agencies to collect more feedback, it’s not necessarily that simple.
One of the biggest roadblocks to collecting customer feedback for federal agencies is the Paperwork Reduction Act (PRA). Years ago, the PRA put into place a mandatory, complex, inter-agency process that agencies have to go through before they could survey customers. That process was, and still is, a roadblock for many agencies when considering collecting feedback that can lead to improved customer and citizen experiences.
But PRA isn’t the only big concern for agency leaders anymore.
Navigating security risks
Data security, as well, is a reality. If your survey collects personally identifiable information (PII) or protected health information (PHI) like an email address, phone number, a customer’s social security number, or even an IP address in some instances, then you’re responsible for keeping that data safe. Even if you didn’t ask for the PII or PHI in your survey, you’re still responsible for protecting that data if a respondent provides it.
Most commercial survey tools don’t have the physical security or operational governance required to keep that sensitive data safe.
But that’s not the only security risk to think about.
Can your data walk away?
Almost every government program fields customer research or surveys of some kind.
For example, you may be part of a team within an agency that shares login credentials for one survey account. Sure, the cost may be lower and that may seem like a quick way to get stuff done. But suppose one person on your team gets upset, decides to download the customer data collected in that shared account, change the password, resign, and take the data with them. That’s a security risk.
Compounding this issue is the fact that, according to Qualtrics’ research, one in three IT leaders doesn’t know how many survey accounts and platforms are being used inside their agencies. It’s probably not on purpose. End-users typically don’t understand the data security implications of a “freemium” software license for collecting customer data, and therefore may see no obvious need to consult with their IT leaders.
That’s known as “shadow IT,” when employees use survey platforms that haven’t been screened by a company’s IT team. Shadow IT makes it easier for hackers to steal your agency’s data, as explained by Qualtrics’ head of security operations in this blog post.
Governance: get control, improve data quality
Qualtrics is designed to help you take control of the security implications of collecting customer feedback. Sophisticated governance settings embedded within the platform allow a chosen administrator to control all of your agency’s survey accounts, thereby reducing the risk of data misuse or access, while eliminating data silos that prevent holistic data from making its way to your agency’s leadership and stakeholders. Every agency wants to have higher quality data. Every agency wants to do a better job of being data-informed. Qualtrics helps you get there.
FedRAMP: adds security and trust
The Qualtrics Experience Management Platform™ is also FedRAMP certified, meaning it has been assessed and authorized under one of the most stringent cloud security standards in government.
Qualtrics is the only customer experience management platform available that is FedRamp certified. Similarly, the Qualtrics platform is ISO 27001 and HITRUST 3rd party certified. Those credentials, as well, mean you’re choosing technology that will help you actively manage the security of customer information. Learn more about Qualtrics Experience Management Platform™ security features here.
Customer and employee experience professionals know how important it is to collect feedback, and they’re under more pressure than ever before to do it. In today’s world, where security is central to customer trust, the tools you choose to collect customer data are an important part of maintaining that trust.
For more on data security and customer experience, watch this webinar presented by Adam Marré, Head of SecOps at Qualtrics and former FBI Cyber Specialist.
Watch the data security webinar