Policies

Types

Data Erasure: This policy deletes or anonymizes all customer information in CXone Mpower for the past 15 years. It reduces risks by ensuring no private customer data is stored, in compliance with rules and regulations.

The Data Erasure policy deletes all of the customer's recorded files and Personal Identifiable Information (PII) associated with the customer's phone number, email address. This includes audio recording, screen recording, IA transcripts, and business data.

After the data is erased, you can later search in the Search application using the #DataErasure hashtag. Alternatively, in the Contact History report, search by entering nic_anonymize.com in the DNIS/To Address or ANI/From address field.

Litigation Hold: This policy places interactions under litigation hold (recording files with their respective metadata) for audio and screen recording. This is to make sure that information isn’t removed by a deletion action, policy or LCM rule. It ensures adherence to legal requests or other business requirements. This policy is not applied to Interaction Analytics transcripts.

This policy type operates at the segment level. As a result, when this policy is applied, only the specified segments in the search results will be placed in litigation hold.

If the media associated with an interaction is not found, only the data will be subject to the litigation hold. In this case, the policy status for the action will be Partial Success. This lets you know that the media was already purged beforehand.

Litigation Release: This policy releases interactions placed under litigation hold by a Litigation Hold policy. For instance, when a legal issue is solved. In this case a policy can remove the hold from the relevant interactions, so they can be deleted by any other policy or LCM rule.

This policy type operates at the segment level. As a result, when this policy is applied, only the specified segments in the results will be released from litigation hold.

Media Deletion: This policy allows you to delete on-demand media to eliminate violations (such as PCI or privacy) and reduce risks. For example, if a call recording contains sensitive customer information, this policy could be used to delete it. The Media Deletion policy deletes audio and screen recordings and Analytics transcripts.

You can choose to apply the policy at either the Contact or Segment level. When the policy is applied at the contact level, it deletes all recorded files and transcripts associated with the entire contact. When the policy is applied at the segment level, it deletes recorded files and transcripts for specific segments within a contact.

If the deletion policy begins to run while files are being retrieved from long-term storage, those files will not be deleted. To ensure these files are deleted after retrieval, you should run the deletion policy again once the retrieval process is complete.

Playback Lock: This policy is designed to address privacy concerns and ensure the protection of callers' information. It locks interactions to prevent playback by users across all CXone Mpower. Only users assigned the Override Playback Lock privilege can playback these interactions.

If the user has the Override Playback Lock permission, the locked interactions can be downloaded and will behave like normal interactions (i.e., not restricted).
If the user does not have the Override Playback Lock permission, downloading locked interactions is not allowed.

The Playback lock action does not impact redaction.

Playback Unlock: This policy provides the ability to unlock interactions previously locked by the Playback Lock policy.

Redaction: This policy type is a Controlled Release feature. Contact your Account Representative if you're interested in knowing more.

The Redaction policy is available only for customers who have Data Policies and Interaction Analytics or Data Policies Advanced license.

This policy automatically removes sensitive information from recorded audio and screen interactions, aligning the recorded files with the masking of the transcripts. It helps comply with privacy laws and protects customer data. By using redaction policies, we maintain customer trust and meet regulatory requirements.

The policy uses Sensitive Data criteria to find and remove sensitive information from recorded interactions.

The policy can be applied to recordings up to 90 days old (based on Interaction Analytics configuration). When a user downloads recordings through the Playback API or Player, these recordings are redacted and do not include sensitive information. Original unredacted files remain available through Secure External Access (SEA).

If a segment is locked for playback, redaction still applies. However, if a segment is in Litigation Hold, it will not be redacted. Redaction will be applied only after the hold is removed.

Users with the Override Redaction permission can view and listen to the full, unredacted recordings in the CXone Player. This includes all audio and screen content. It gives authorized users access to sensitive information when needed, while maintaining compliance and control. See Interactions Hub Permissions.

Retention Change: This policy type let's you change how long interactions The full conversation with an agent through a channel. For example, an interaction can be a voice call, email, chat, or social media conversation. are stored. Based on business or legal needs, you can shorten or extend the retention period or even keep it forever. This policy modifies the original retention date that was initially set in the Lifecycle Management app and updates the custom expiry date accordingly.

When a Retention Change policy is applied, it affects files deleted across storage tiers.

More Information

The table below summarizes expected behaviors based on different LCM actions and custom expiry dates:

LCM Action	LCM Action Date	Updated Expiry Date	Expected Behavior
Copy to Secure External Access (SEA)	January 1, 2026	March 1, 2026	The file is copied to SEA on January 1, 2026, and deleted from Active storage on March 1, 2026.
Archive (Move to Long Term)	January 1, 2026	March 1, 2026	The file is moved to Long Term on January 1, 2026, and deleted from Long Term on March 1, 2026.
Move to SEA	January 1, 2026	March 1, 2026	The file is moved to SEA on January 1, 2026, and will not be found in Active/Long Term storage on March 1, 2026.
Faster (Zero-Day) SEA	Creation date	March 1, 2026	The file is moved to SEA on the day it was created and will not be found in Active/Long Term storage on March 1, 2026.

Policy Workflow

Create a Policy

Create a policy to begin searching for interactions that match the policy criteria you define.

Interactions will be included in a policy’s search results up to 30 minutes after the call ends.

To create a policy:

Click New Policy and then select Policy Type.
Under Policy Name, enter a name.
Naming Conventions for Policies
- Use a consistent format with recognizable and consistent names that are recognizable and consistent throughout your organization.
- Use meaningful prefixes and suffixes.
Examples:
- Complaint – Service – John Doe
- Complaint – Technical – John Doe
- Legal Case – John Doe
- Legal Case – Campaign A
- Class action – Campaign X
Complete all mandatory fields and add policy criteria filters as needed.
(Optional) If you want the policy to repeat on an ongoing basis, select Recurring and then complete the details in the Recurrence Settings window that appears.

When creating a monthly recurring policy, be mindful of the dates you choose. If you select the 29th, 30th, or 31st of the month, the policy may skip a policy instance for some months. This is because not all months have these dates (e.g., February only has 28 or 29 days).
(Optional) If you want to allow policies to be approved automatically without manual intervention:
1. Under Approval select Automatic.
2. Select a value under Manual approval needed if search results exceed. This setting is designed to safeguard the policy, ensuring that necessary approvals are in place when search results exceed a certain threshold. Note that there is a default limit per policy type.
Click Create. The application begins searching for interactions that match the policy criteria. At this stage, no actions are performed. Any actions will only be taken after the policy is reviewed and approved.

After creating policies to take action according to your needs, use Activity Tracking to see real-time updates on policies pending approval, in progress, and completed.

The creator of the policy will also receive proactive in-app and email notifications for policies pending approval and completed.

Approving or Declining a Policy

When a policy is pending approval, it means that the application has gathered all the interaction data according to the criteria set in the policy and is now ready to take an action.

If no interactions are found in the search process, the status changes to Succeeded with zero results and no further action can be taken.

To approve or decline a policy:

Make sure you have the appropriate permissions to approve a policy.
On the Highlights tab, go to the Pending Approval tile.
Before making your decision, you can open the policy to view the Search Results page. Here you can view the list of interactions located that match the policy criteria. You can also playback interactions.

In the search results, the status of an interaction in Litigation Hold and Playback Lock policies reflects its state at the time the search is completed, even if the status changes later.
Depending on your decision, click Approve or Decline.

Once a policy is approved, you can view the progress details on the Highlights tab, including information such as the number of interactions found as of the displayed date.

Reviewing the Completed Policy

When a policy is completed, it appears on the Activity Tracking Completed tile.

The possible statuses are:

Succeeded: The policy completed running as expected.
Partially Succeeded: The policy completed running, but there is further information available about possible further action to be taken by the user. Download the report for details.
Failed: The policy failed to run.
Declined: The policy was declined by a user.
Succeeded with zero results: The policy finished running, but no interactions matched the policy criteria.

Click on the policy to view statistics and audit information about the completed policy on the Completed page.

Download a report that can serve as evidence for internal or external audit. This report includes the following information for each segment:

Results from Multiple Sources: This column displays the aggregated results across different NICE CXone products where the data resides. It consolidates the outcomes from each product to provide a comprehensive view of the policy action's impact across all relevant sources.
Reason for failure: If a policy action fails, this column provides the reason. Common failure reasons may include unsupported data types, insufficient permissions, or system errors.

Completed policies can be viewed on the Highlights tab and Policies tab for 30 days. After this period, these policies, along with their entire history, will be available on the Policies tab.

Criteria Filters

The criteria you can select when creating a policy depends on the policy type, the interaction level, and the licenses that you have.

Criteria	Description
Agent Name	The name of the agent as specified in the CXone Mpower employee account. When there are multiple agents for a segment, this field has multiple values. The agents are listed in respective order in the Agent ID, Agent Name, and Team Name fields.
ANI/From, DNIS/To	A telephone number or email address. When entering a telephone number, you must include the + symbol and the country code prefix to each telephone number you enter. Example of a number in the United States: +11234567890
Business Data	The Business Data fields you define will appear in the Criteria dropdown field. The Business Data fields originate from Studio actions or from the Business Data API. Using this criteria will help match policies to specific business elements.
Category	When the analytics category is selected, the policy is applied to the last 90 days (regardless of the dates selected for the policy). Selecting this allows targeting specific interactions for compliance actions such as Media Deletion, Redaction, Litigation Hold, and Litigation Release. This category is available for selection if you have View permissions and an Interaction Analytics license.
Channel	Specifies the medium through which calls take place between parties. This includes social media, phone calls, digital chat, and so on. When creating policies, selecting this criteria allows you to filter calls based on these communication mediums. If multiple channels are selected (e.g., phone call or chat), the policy will search for calls that match any of the selected channels.
Customer Info	This criteria type is mandatory for Data Erasure policies. This is the customer's phone number or email address. This includes incoming or outgoing calls. When entering a telephone number, you must include the + symbol and the country code prefix to each telephone number you enter. Example of a number in the United States: +11234567890
Disposition	Disposition refers to the classification of the outcome of a customer interaction. It allows you to filter data based on specific labels or codes that agents use to document the nature and result of each contact. For example, you could create a policy that applies only to interactions marked with dispositions like resolved or follow-up needed. Dispositions are created in the CXone Mpower ACD application.
Duration	The length of the segment.
Direction	The direction of the call. Supported values are: Incoming: A call received by the agent from an external source. Outgoing: The call was initiated by an agent.
Litigation Hold	Indicates whether a segment is under litigation hold. When a segment is under litigation hold, its metadata and media cannot be deleted by any deletion or erasure action. However, business data values can be edited and changed.
Master Contact	The master or parent ID of the contact. The contact can contain one or more related segments. When you create a policy to include this criteria, Data Policies search only for the first master contact of an interaction.
Media Exists	Filters interactions based on the presence of associated media files. Select Yes to include only interactions with existing media, or No to include interactions without media. Media includes: Recorded audio or screen files in active storage or long-term file storage. This refers to the presence in cloud storage, not in the SEA. This criteria helps identify interactions that have available audio or screen recordings for playback or other operations.
Playback Lock	Determines if a policy will include interactions based on whether a Playback Lock was applied. This criteria type determines whether to include interactions that were locked for playback by a Playback Lock policy. Select Yes to include only interactions with a playback lock, or No to exclude them. This helps refine the policy based on playback restrictions.
Recording Alert	A Recording Alert is a notification indicating an issue during the recording process. It informs users about specific problems such as screen recording errors, connection issues, or incomplete audio data.
Recording Quality	This criteria type is used to filter segment-level interactions where either the agent's or the customer's voice recording quality score falls below a defined threshold (on a scale of 0–100). You can define what constitutes poor recording quality based on your specific needs. Here are the ranges based on the industry standard for recording quality: High: 80–100 Moderate: 60–79 Low: 0–59
Recordings Masked	Use this criteria to include calls in the policy based on their masking success. Available values are: Success, Partial, Failure, and NA. This refers to the masking action performed by an agent or API during the call. Example: If a recording fails to mask, it may contain sensitive data. To remove media with sensitive data, filter for cases where masking has failed.
Segment ID	Unique identifier of the segment. A segment is an interaction with two parties, such as a customer and an agent.
Start Time	Select the date range to be included in the policy. The start date can be up to 21 years before the current date, and the total range selected should not exceed 5 years.
Team	The name of the team to which an agent belongs.

Global Settings

Administrators can set up a redaction rule that automatically applies to all analyzed interactions, eliminating the need to run a policy manually. They can also prevent playback of interactions until redaction is complete.

In the Global Settings page:

Select Redact all interactions to make sure that sensitive data will be automatically redacted from every analyzed call after it ends.
Select Disable playback until the interaction is redacted, to restrict playback until redaction is complete.

Audit Messages

See the Activity Audit report to view activities that take place in the Data Policies application.

API Integration

Use Public API calls to create and manage Media Deletion policies automatically without using the Data Policies user interface. This assists in integrating your internal business systems with CXone operations to automate your compliance management. Policies created via the API are fully visible and trackable in the Data Policies user interface.