Call recording is a critical component for any VoIP or Unified Communications solution. But, it’s one of those things that can easily trip up a business. Often, businesses assume that call recording is illegal, or at least immoral. We also see instances where call recording has been turned on without thinking through the consequences. Rules and regulations are not being adhered to as much as they should. Getting your head around the various components of call recording is tough. That’s why we’ve put together a quick guide of considerations that you should think about when it comes to turning on (or off) call recording for your business.
Call recording was once seen as unethical and an invasion of the caller’s privacy. Thanks to regulations enforced to protect the customer, the caller on the end of the phone is completely used to hearing the familiar message, “calls may be recorded for monitoring and training purposes”. Callers no longer hang up when they hear this message. Customers have accepted that calls are recorded for to improve their experience next time they call, rather than for anything malicious.
Call recording does come with several laws attached that you will need to make sure you abide by:
- Regulation of Investigatory Powers Act 2000 (“RIPA”)
- Telecommunications (Lawful Business Practice)(Interception of Communications) Regulations 2000 (“LBP Regulations”)
- Human Rights Act 1998
- Telecommunications (Data Protection and Privacy) Regulations 1999
- Data Protection Act 1998
Data Protection Act
The most common concern when it comes to recording calls is the Data Protection Act. When asking for data to validate a call, it is important to adhere to the latest revision of the Data Protection Act.
The Data Protection Act 2018 controls how personal information is used by organisations, businesses or the government. This act is the UK’s implementation of the General Data Protection Regulation (GDPR). Everyone responsible for using personal data has to follow strict rules called ‘data protection principles’. They must make sure the information is:
- used fairly, lawfully and transparently
- retained for specified and explicit purposes
- used in a way that is adequate, relevant and limited to only what is necessary
- accurate and kept up to date
- kept for no longer than is necessary
- handled in a way that ensures appropriate security
Starting May 2018, all customer data recorded and retained must be done so in accordance to the GDPR. EUGDPR.org calls out the new regulation as the most important change in data privacy in 20 years. The introduction of this new regulations means that call recording must be justified in line with the following regulations:
- the people involved in the call have given consent to be recorded
- recording is necessary for the fulfilment of a contract
- recording is necessary to fulfil a legal requirement
- call recording is necessary to protect the interests of one or more participants
- recording is in the public interest, or necessary for the exercise of official authority
- recording is in the legitimate interests of the recorder, unless those interests are overridden by the interests of the participants in the call
Industry specific regulations
As well as the laws and regulations outlined in this post, you may come up against specific regulations relating to your industry or line of work. For example, taking payment over the phone is likely to be governed by PCI compliance. If you take card details today, there are strict rules for where that data is stored, if stored at all.
The financial industry has recently seen the introduction of MIFIDii. If you are a company that gives financial advice, any calls containing advice must be recorded and retained for 7 years.
Whilst the emotion surrounding call recording has been taken away by adoption and comforting messages, the governance around it makes it a challenge for businesses. To ensure your business is complaint everywhere it needs to be, talk to one of our call recording experts.