This is a request to look at implementing additional security on agent accounts. Specifically, preventing them from updating details like email addresses and phone numbers for their own accounts.
We had an issue where an agent changed the email associated on their account to the email address of what should have been a new end user. There were no repercussions from this thankfully, but this opened up the potential to allow someone external to our organisation to have access to all of our customer data.
I would propose making these fields editable for administrators only to prevent potential occurrences of this issue again.