Contact centers have been using call recording for years, and consumers have come to accept and expect to hear the words “ this call is being recorded for quality and training purposes” when calling in.
But in some industries, recording has morphed from a “nice-to-have” feature for quality purposes to a must-have requirement for contact center compliance purposes, with specific rules and regulations around how and when calls are recorded, how customers are made aware of call recording, and the way that those call recordings are stored.
Meanwhile, the level of scrutiny from the general public has increased as well, as greater sensitivity related individual privacy rights. News about high-profile data security breaches have put many organizations in the hot seat – and call centers find themselves at the center of attention.
The complexity and risk surrounding call recording has increased so much over the years that many organizations now consult with their trust and legal departments related to their recording policies-- and for good reason. Failure to comply with some of the major regulations can result in hundreds to millions of dollars of fines.
Adding to the complexity is that in many industries, there are often different federal, state, local, and industry specific regulations that organizations must comply with. Looking ahead, we can anticipate continued expansion in both the laws and regulations, particularly in the matter of consumer privacy rights.
Contact centers can be unwitting offenders of relevant telemarketing laws and call recording regulations, most notably the Telephone Consumer Protection Act (TCPA) - since they are often the primary point of contact for most customers, and without the right training and technology in place, agents and supervisors don’t know that some seemingly innocuous recording behaviors might actually put the organization at risk.
Few in contact center management are experts on specific legalities, but, given the high-risk factor, it is important that anyone interacting with customers over the phone have a basic understanding of the requirements that impact their specific operations.
Luckily today, the best call recording software can act as an almost fail-safe to reduce organizational risk. While technology providers can deliver the tools and mechanisms organizations need to ensure their call recording practices are compliant, it is still up to the organization to ensure that the call recording software is configured in accordance with the rules to which they must adhere, and that their agents are utilizing the call recording software in the manner intended on an ongoing basis.
Working with a provider or vendor that is compliant in call recording practices does not inherently make the user compliant – there are still steps that need to be taken.
For example, you can purchase and implement call recording software that is Payment Card Industry (PCI) Level 1 certified, but if your agents ask the customer to read their credit card number over the phone while they are on the line, you are still not acting in a PCI compliant manner. Many organizations automate as much of the interaction that deals with a customer’s personal information as possible to remove the agent and reduce the risk of them unintentionally breaking rules. This includes solutions like:
- transferring the customer into a self-service IVR for the payment processing component of the interaction, and transferring them back to the agent when the payment portion is completed
- auto-masking the call recording based on specific triggers
- auto-masking the screen recording based on specific clicks the agent executes on their screen
- employing background noise-reduction technology that prevents callers from eavesdropping on the agent side of other conversations
Again, contact center leaders cannot be experts in all the recording regulations out there, but they must have a high-level understanding. Maybe even more importantly, though, is that leaders and agents alike know where they can go within the organization if they have any questions or doubts regarding their processes, as well as a mechanism to report any potential risk they have been made aware of.
The two best sources of information related to call recording rules and regulations are your compliance officer or trust department, and the regulatory agency itself – for example, reading the actual regulation or accessing their website.
But in an attempt to try and streamline the information gathering process for those leaders looking for the thousand-foot view, NICE has published the whitepaper Call Recording Regulations in the Contact Center. This resource guide details the prominent rules and regulations applicable to contact centers today, as well as specific recommendations on how you can comply with each. (This is a very handy resource guide, but it should be noted this is not a legal document.)
There are literally hundreds of laws, regulations, rulings, and industry standards that can affect contact center practices. This call recording whitepaper specifically discusses the statutes and standards that most directly impact the broadest range of centers, with a specific geographic scope of the United States (US), European Union (EU), and Australia. The regulations detailed include:
- Payment Card Industry (PCI) Data Security Standards
- General Data Protection Regulation (GDPR)
- Markets in Financial Instruments Directive II (MiFID II)
- Health Insurance Portability and Accountability Act
- Telemarketing Sales Rule (TSR)
- Consent to Record
- Telephone Consumer Protection Act (TCPA)
- Information Security Registered Assessors Program (IRAP)
NICE understands how to best leverage these certifications and authorizations by following industry best practice. Learn more about how CXone call recording software can play an integral role in your contact center call recording compliance strategy.