One of the most critical considerations while building consumer facing chatbots is ensuring privacy and security. This is even more important for industries like retail, CPG, banking, healthcare, travel etc. where chatbots capture sensitive user information.
Lack of a robust security and privacy framework in chatbots can result in:
Recently Delta Airlines sued their chatbot technology provider for millions of dollars for a 2017 data breach. The airline stated that credit-card details and other personal information from up to 825,000 customers were exposed. Hackers accessed the vendor’s systems, modified the source code and scraped Delta customer’s data from the airlines’ website chatbot.
With the global average cost of a data breach having grown to $3.92 million and with chatbots becoming a must-have tool in customer service operations, organizations need to ensure there are standardized security procedures and protocols while building and deploying chatbots.
Having helped with several medium and large organizations in deploying consumer facing chatbots, we share some of our experiences and security best practices to follow while building a chatbot.
There are different phases involved in building an enterprise chatbot. Right from capturing requirements, creating CUX, building Natural Language (NL) models to User Acceptance Testing (UAT) and Go-Live, each phase involves different activities.
And in each phase, you need to perform the right security-related activities and collaborate with relevant stakeholders. This streamlined approach ensures you’re getting the needed approvals from the right people at the right stage of the development cycle and nobody throws a spanner when you’re about to go live.
For instance, here’s a story we recently heard of. The marketing team at a multinational CPG company which offers health and beauty products built a super powerful consumer chatbot and invested heavily in it. The chatbot asks consumers to upload their headshots and analyzes their skin quality. Upon the analysis, it generates a score which rates their skin out of 10.
Just when the chatbot was about to be deployed, their legal team intervened, determined that the conversations were not in line with the company’s privacy policies and asked marketing to scrape the project.
All the efforts and resources that the company invested in building the chatbot went wasted.
Now that we’ve understood the importance of a phased approach to ensuring privacy and security, let’s deep dive and understand the different phases and related activities involved in each of them.
Once you’ve identified and formalized the business requirements, you need to create the chatbot’s base data. At this stage, you need to address important data security and privacy aspects like:
Collaborate with your Data Protection Officer (DPO) to
Some related security best practices you can follow include:
Once you’ve converted your base content into conversational templates, collaborate with your Public Relations (PR) and External Affairs teams for a thorough review of these templates. Ask them to do an in-depth PR risk analysis and discrimination assessment.
After your PR team’s approval, you can proceed to building conversation mockups and powerful Conversational User Experience (CUX). At this stage, you need to address key user consent and privacy aspects related to your chatbot. Below are some must-follow practices:
In addition, you also need to take your legal team’s feedback at this point. Ask them to review:
Before you’re able to go-live with the chatbot, collaborate with the relevant stakeholders who can analyze if the chatbot is accessible to people with special needs. Ex: People with visual impairments, seizures, and mobility, cognitive and auditory disabilities.
Chatbot security considerations should be taken into account throughout the entire bot building life cycle. Instead of partnering with creative digital agencies which may not completely understand the potential risks involved in deploying a chatbot, consider partnering with an experienced chatbot implementation vendor who understands the technological nitty gritties.
The right partner can guide you throughout the entire process and advise you on collaborating with the right stakeholder at the right time and ensures your chatbot is fully secure.
If you’d like to learn about this topic, please feel free to get in touch with one of our enterprise chatbot consultants for a personalized consultation. You may also be interested in exploring our chatbot builder platform (BotCore) for further insights.
Abhishek is the AI & Automation Practice Head at Acuvate and brings with him 17+ years of strong expertise across the Microsoft stack. He has consulted with clients globally to provide solutions on technologies such as Cognitive Services, Azure, RPA, SharePoint & Office 365. He has worked with clients across multiple industry domains including Retail & FMCG, Government, BFSI, Manufacturing and Telecom.
Abhishek Shanbhag