Data Policies

Data Policies is an AI-driven application that makes contact center compliance and risk management more efficient. The application supports audio interactions from Recording, AppLink, Multi-ACD (Open), and migrated calls.

The application serves two main functions:

  • It proactively identifies risks that are unique to the customer. These risks are found in their interactions and related data.

  • It suggests steps to either mitigate these risks or to create data policies that match the company’s needs.

Before getting started with Data Policies, you may want to check out the CXone Mpower - Interactions Hub Data Policies: Getting Started training through the NICE Dojo platform.

Identifying and Managing Risks

On the Risk Detection board, the system uses data analysis and analytics to identify potential risks. The risks identified are actionable.

The weekly date range displayed on the risk detection page for the widget is in local time and always from Monday to Sunday.

Unmasked Sensitive Information Widget

The Unmasked Sensitive Information widget identifies calls where sensitive data failed to be masked by the Mask API. This widget covers audio and screen interactions.

Custom Widgets

Create custom widgets and configure which categories to monitor on the dashboard. This enables tracking of interactions flagged by risk categories on a weekly basis. The widget provides the ability to drill down into these interactions, review metadata, and play back recordings.

You can choose to include one CXone Mpower Interaction Analytics (IA) category in each widget to proactively identify and manage potential risks within the CXone Mpower repository. This requires the Interaction Analytics license.

To take action from the Risk Detection board:

  1. Click on the widget to view the list of identified interactions.

  2. After viewing the list of interactions, if you want to proceed, there are two options:

    1. Click Actions and select an option to take action immediately.

      Data Policies starts the process of applying the action to the interactions. Follow the progress on the Activity Tracking board, as you would for a policy.

    2. In the left-hand pane, click Save as Policy to create a policy and to refine the criteria. Continue to Automated Data Policies and Approval Workflow.

Policy Types

Data Erasure: This policy deletes or anonymizes all customer information in CXone Mpower for the past 15 years. It reduces risks by ensuring no private customer data is stored, in compliance with rules and regulations.

The Data Erasure policy deletes all of the customer's recorded files and Personal Identifiable Information (PII) associated with the customer's phone number, email address. This includes audio recording, screen recording, IA transcripts, and business data.

After the data is erased, you can later search in the Search application using the #DataErasure hashtag. Alternatively, in the Contact History report, search by entering nic_anonymize.com in the DNIS/To Address or ANI/From address field.

Litigation Hold: This policy places interactions under litigation hold (recording files with their respective metadata) for audio and screen recording. This is to make sure that information isn’t removed by a deletion action, policy or LCM rule. It ensures adherence to legal requests or other business requirements. This policy is not applied to Interaction Analytics transcripts.

This policy type operates at the segment level. As a result, when this policy is applied, only the specified segments in the search results will be placed in litigation hold.

If the media associated with an interaction is not found, only the data will be subject to the litigation hold. In this case, the policy status for the action will be Partial Success. This lets you know that the media was already purged beforehand.

Litigation Release: This policy releases interactions placed under litigation hold by a Litigation Hold policy. For instance, when a legal issue is solved. In this case a policy can remove the hold from the relevant interactions, so they can be deleted by any other policy or LCM rule.

This policy type operates at the segment level. As a result, when this policy is applied, only the specified segments in the results will be released from litigation hold.

Media Deletion: This policy allows you to delete on-demand media to eliminate violations (such as PCI or privacy) and reduce risks. For example, if a call recording contains sensitive customer information, this policy could be used to delete it. The Media Deletion policy deletes audio and screen recordings and Analytics transcripts.

You can choose to apply the policy at either the Contact or Segment level. When the policy is applied at the contact level, it deletes all recorded files and transcripts associated with the entire contact. When the policy is applied at the segment level, it deletes recorded files and transcripts for specific segments within a contact.

If the deletion policy begins to run while files are being retrieved from long-term storage, those files will not be deleted. To ensure these files are deleted after retrieval, you should run the deletion policy again once the retrieval process is complete.

Playback Lock: This policy is designed to address privacy concerns and ensure the protection of callers' information. It locks interactions to prevent playback by users across all CXone Mpower. Only users assigned the Override Playback Lock privilege can playback these interactions.

Playback Unlock: This policy provides the ability to unlock interactions previously locked by the Playback Lock policy.

Redaction: This policy type is a Controlled Release feature. Contact your Account Representative if you're interested in knowing more.

The Redaction policy is available only for customers who have Data Policies and Interaction Analytics or Data Policies Advanced license.

This policy automatically removes sensitive information from recorded audio and screen interactions, aligning the recorded files with the masking of the transcripts. It helps comply with privacy laws and protects customer data. By using redaction policies, we maintain customer trust and meet regulatory requirements.

The policy uses Sensitive Data criteria to find and remove sensitive information from recorded interactions.

The policy can be applied to recordings up to 90 days old (based on Interaction Analytics configuration). When a user downloads recordings through the Playback API or Player, these recordings are redacted and do not include sensitive information. Original unredacted files remain available through Secure External Access (SEA).

If a segment is locked for playback, redaction still applies. However, if a segment is in Litigation Hold, it will not be redacted. Redaction will be applied only after the hold is removed.

Automated Data Policies and Approval Workflow

Create a policy to begin searching for interactions that match the policy criteria you define.

Interactions will be included in a policy’s search results up to 30 minutes after the call ends.

To create a policy:

  1. Click New Policy and then select Policy Type.

  2. Under Policy Name, enter a name.

    • Use a consistent format with recognizable and consistent names that are recognizable and consistent throughout your organization.

    • Use meaningful prefixes and suffixes.

    Examples:

    • Complaint – Service – John Doe

    • Complaint – Technical – John Doe

    • Legal Case – John Doe

    • Legal Case – Campaign A

    • Class action – Campaign X

  3. Complete all mandatory fields and add policy criteria filters as needed.

  4. (Optional) If you want the policy to repeat on an ongoing basis, select Recurring and then complete the details in the Recurrence Settings window that appears.

    When creating a monthly recurring policy, be mindful of the dates you choose. If you select the 29th, 30th, or 31st of the month, the policy may skip a policy instance for some months. This is because not all months have these dates (e.g., February only has 28 or 29 days).

  5. (Optional) If you want to allow policies to be approved automatically without manual intervention:

    1. Under Approval select Automatic.

    2. Select a value under Manual approval needed if search results exceed. This setting is designed to safeguard the policy, ensuring that necessary approvals are in place when search results exceed a certain threshold. Note that there is a default limit per policy type.

  6. Click Create. The application begins searching for interactions that match the policy criteria. At this stage, no actions are performed. Any actions will only be taken after the policy is reviewed and approved.

    After creating policies to take action according to your needs, use Activity Tracking to see real-time updates on policies pending approval, in progress, and completed.

    The creator of the policy will also receive proactive in-app and email notifications for policies pending approval and completed.

When a policy is in progress, it means that the application is still collecting data for interactions that match the policy criteria.

To view a policy in progress:

  1. On the Highlights tab, go to the In Progress tile.

  2. Locate the policy. The status of the policy will be Searching.

    If no interactions are found in the search process, the status changes to Succeeded with zero results and no further action can be taken.

  3. Click to open and view details of the search in progress. Here you can see details such as how many interactions were located as of the date shown.

When a policy is pending approval, it means that the application has gathered all the interaction data according to the criteria set in the policy and is now ready to take an action.

If no interactions are found in the search process, the status changes to Succeeded with zero results and no further action can be taken.

To approve or decline a policy:

  1. Make sure you have the appropriate permissions to approve a policy.

  2. On the Highlights tab, go to the Pending Approval tile.

  3. Before making your decision, you can open the policy to view the Search Results page. Here you can view the list of interactions located that match the policy criteria. You can also playback interactions.

    In the search results, the status of an interaction in Litigation Hold and Playback Lock policies reflects its state at the time the search is completed, even if the status changes later.

  4. Depending on your decision, click Approve or Decline.

    Once a policy is approved, you can view the progress details on the Highlights tab, including information such as the number of interactions found as of the displayed date.

When a policy is completed, it appears on the Activity Tracking Completed tile.

The possible statuses are:

  • Succeeded: The policy completed running as expected.

  • Partially Succeeded: The policy completed running, but there is further information available about possible further action to be taken by the user. Download the report for details.

  • Failed: The policy failed to run.

  • Declined: The policy was declined by a user.

  • Succeeded with zero results: The policy finished running, but no interactions matched the policy criteria.

Click on the policy to view statistics and audit information about the completed policy on the Completed page.

Download a report that can serve as evidence for internal or external audit. This report includes the following information for each segment:

  • The Results from (Multiple Sources) column displays the aggregated results for applying a policy action to segments that exist in multiple locations. This column consolidates the results collected from each location where the segment resides, providing a comprehensive view of the policy action's impact across all sources.

  • The reason for failure (as previously described).

Completed policies can be viewed on the Highlights tab and Policies tab for 30 days. After this period, these policies, along with their entire history, will be available on the Policies tab.

Configuring Data Policies for Use

Data Policies is available if you have the Data Policies feature license. What you can do in the Data Policies application depends on the Data Policies permissions assigned.

FAQs for Data Policies

If you find the default monthly view of the date picker difficult to use, you can switch to an alternative view. Simply click on the month and year displayed at the top center of the date picker. This will allow you to change to an annual overview, where you can more easily select your desired year, month, and days.

Calls appear in the Interactions Search application faster than in the policy section. This is because the Interactions Search updates more quickly, usually within 15 minutes, while the policy section may take about 15-30 minutes to update.

An Interaction is the entire customer experience from start to finish. A Contact is a specific instance of engagement within an interaction, and a Segment is an individual step or part within a contact. Each segment can represent different communication channels or events.

If any files are being retrieved from long-term storage, they won’t be deleted during the retrieval process. You should run a Media Deletion policy to delete these files once the retrieval is done.

Audit Messages

See the Activity Audit report to view activities that take place in the Data Policies application.

Criteria Filter Descriptions

The criteria you can select depends on the policy type, the interaction level, and the licenses that you have.

Criteria

Description

Agent Name

The name of the agent as specified in the CXone Mpower employee account. When there are multiple agents for a segment, this field has multiple values. The agents are listed in respective order in the Agent ID, Agent Name, and Team Name fields.

ANI/From, DNIS/To

A telephone number or email address.

When entering a telephone number, you must include the + symbol and the country code prefix to each telephone number you enter.

Example of a number in the United States:

+11234567890
Business Data

The Business Data fields you define will appear in the Criteria dropdown field. The Business Data fields originate from Studio actions or from the Business Data API.

Using this criteria will help match policies to specific business elements.

Category

When the analytics category is selected, the policy is applied to the last 90 days (regardless of the dates selected for the policy). Selecting this allows targeting specific interactions for compliance actions such as Media Deletion, Redaction, Litigation Hold, and Litigation Release. This category is available for selection if you have View permissions and an Interaction Analytics license.

Channel

Specifies the medium through which calls take place between parties. This includes social media, phone calls, digital chat, and so on.

When creating policies, selecting this criteria allows you to filter calls based on these communication mediums. If multiple channels are selected (e.g., phone call or chat), the policy will search for calls that match any of the selected channels.

Customer Info

This criteria type is mandatory for Data Erasure policies.

This is the customer's phone number or email address. This includes incoming or outgoing calls.

When entering a telephone number, you must include the + symbol and the country code prefix to each telephone number you enter.

Example of a number in the United States:

+11234567890
Disposition

Disposition refers to the classification of the outcome of a customer interaction. It allows you to filter data based on specific labels or codes that agents use to document the nature and result of each contact. For example, you could create a policy that applies only to interactions marked with dispositions like resolved or follow-up needed.

Dispositions are created in the CXone Mpower ACD application.

Duration

 The length of the segment.

Direction

The direction of the call. Supported values are:

  • Incoming: A call received by the agent from an external source.

  • Outgoing: The call was initiated by an agent.

Litigation Hold

Indicates whether a segment is under litigation hold. When a segment is under litigation hold, its metadata and media cannot be deleted by any deletion or erasure action. However, business data values can be edited and changed.

Master Contact

The master or parent ID of the contact. The contact can contain one or more related segments.

When you create a policy to include this criteria, Data Policies search only for the first master contact of an interaction.
Media Exists

Filters interactions based on the presence of associated media files. Select Yes to include only interactions with existing media, or No to include interactions without media.

Media includes: Recorded audio or screen files in active storage or long-term file storage. This refers to the presence in cloud storage, not in the SEA.

This criteria helps identify interactions that have available audio or screen recordings for playback or other operations.

Recording Alert

A Recording Alert is a notification indicating an issue during the recording process. It informs users about specific problems such as screen recording errors, connection issues, or incomplete audio data.
Recordings Masked

Use this criteria to include calls in the policy based on their masking success. Available values are: Success, Partial, Failure, and NA. This refers to the masking action performed by an agent or API during the call.

Example: If a recording fails to mask, it may contain sensitive data. To remove media with sensitive data, filter for cases where masking has failed.

Segment ID

Unique identifier of the segment. A segment is an interaction with two parties, such as a customer and an agent.

Start Time Select the date range to be included in the policy. The start date can be up to 21 years before the current date, and the total range selected should not exceed 5 years.

Team

The name of the team to which an agent belongs.