Information classification is the first step toward managing information compliance. CXone manages a wide variety of information. Determining the specific compliance requirements for this information can get complex. To simplify the problem, NICE CXone defines classifications for information. These classifications are supersets of other types of information, as indicated.
These are the definitive classifications for CXone. It is very common for individual customers to define their own terminology and classifications for their data, often as part of their contract negotiation. Contract approval needs to ensure that the individual customer's definitions match the CXone definitions.
Content
Legal documents use content as a catch-all term for information provided by the
The CXone suite classifies many types of content to better address the compliance needs of
Customer Sensitive Information Class
This class includes all information that relates to the content of an interaction
The full conversation with an agent through a channel. For example, an interaction can be a voice call, email, chat, or social media conversation.. It also includes the results of analytics of an interaction, including specific customer identifiers.
Examples: Call recordings, interaction transcripts for all channels, voiceprints, and the results of customer profiling.
Compliance Terms: Personally Identifiable Information (PII), Cardholder Data (CHD), Protected Health Information (PHI), Federal Tax Information (FTI), Customer Complaints or Investment Advice (FINRA).
Compliance Regulations: GDPR, CCPA, General Privacy, PCI, DSS, AWS BAA, IRS 1075, and FINRA.
Sensitivity: High.
Storage: Regional.
Encryption: Required.
Backup: Optional.
Life cycle: Advanced.
Access Control: Permission and Data Visibility.
Customer Usage Information Class
This class includes all information about an interaction The full conversation with an agent through a channel. For example, an interaction can be a voice call, email, chat, or social media conversation. that isn't the content of an interaction.
Examples: Call detail records, customer identifiers like phone numbers, email, and social media identifiers, billing detail records, address book entry, or outbound campaign data.
Compliance Terms: Personally Identifiable Information (PII).
Compliance Regulations: GDPR, CCPA, Workers Council.
Sensitivity: Moderate.
Storage: Global.
Encryption: Optional.
Backup: Required.
Life Cycle: Hybrid/Advanced.
Access Control: Permission.
Tenant User Information Class
This class includes all information that relates to users of the CXone platform. Typically, this refers to the employees of CXone
Examples: Call detail records, customer identifiers like phone numbers, email, and social media identifiers, billing detail records, address book entry, or outbound campaign data.
Compliance Terms: Personally Identifiable Information (PII), Country-specific compliance around performance information.
Compliance Regulations: GDPR, CCPA, and Workers Council.
Sensitivity: Moderate.
Storage: Global.
Encryption: Optional.
Backup: Required.
Life Cycle: Hybrid.
Access Control: Permission and Data Visibility.
Tenant Information Class
This class includes all information that relates to
-
Groups
-
Teams
-
Scheduling units
This class includes aggregate information from the other classes.
Example: Contact information, billing records, contract information, aggregated performance, and other metrics.
Compliance Terms: Limited Personally Identifiable Information (PII).
Sensitivity: Low.
Storage: Global.
Encryption: Optional.
Backup: Required.
Life Cycle: System-driven.
Access Control: None.
CXone Information Class
In legal documents, this class is called "Resulting Information."
This class includes all information held by CXone that doesn't fit into another class. Customer, employee, and
Examples: Usage metrics, usage patterns, trends.
Compliance Terms: None.
Sensitivity: N/A.
Storage: Global.
Encryption: Optional.
Backup: Optional.
Life Cycle: System-driven.
Access Control: N/A.