Call Recording Laws What You Need to Know to Avoid Costly Fines and Legal Fees
Authored by Patrick Botz, Vice President of Solutions Marketing, VPI
Do you record or plan to record your calls and/or screen activity? Do your employees discuss sensitive information over the phone? If so, there are serious call recording laws and call recording regulations that you need to be aware of. To avoid costly violations and ensure customer credibility, you need to become familiar with the new and evolving call recording laws, call recording regulations, and industry standards that most profoundly impact organizations today. You should make a point of learning what you can do to avoid violating these call recording laws, and where to go when you need help. The information in this article on call recording laws and call recording regulations is not intended as legal advice. Always check with your legal counsel to learn more about how call recording regulations can affect you and your organization. Let’s discuss some of the most common call recording laws and call recording regulations impacting organizations today.
Payment Card Industry Data Security Standard [PCI-DSS]:
Established by American Express, Discovery Financial Services, MasterCard Worldwide, Visa International and JCB, PCI-DSS call recording laws are intended for organizations that accept credit cards and record those interactions. The call recording regulations forbid the insecure storage of unencrypted credit card numbers, PIN numbers, and other personal information in databases and call/data recording systems. Call recording systems should be able to identify, encrypt and restrict access to sensitive customer information from unauthorized users. According to the PELORUS Group, a leading independent market research and consultancy company in the financial services and telecommunications industries:
1. Contact centers can easily become unsuspecting violators [of PCI-DSS compliance regulations] because of the practice of recording private customer information in call and data recording systems.
2. Unless agents are specifically authorized to see this information, their unrestricted access is a violation of PCI-DSS.
3. You can avoid potential violations by investing in recording technology that blocks or encrypts recordings that contain card numbers.
Health Insurance Portability and Protection Act [HIPPA]:
The HIPAA Privacy Rule protects the privacy of individually identifiable health information. With regard to call recording laws and call recording regulations, it’s imperative that organizations have the ability to identify, restrict access to and encrypt specific interactions containing sensitive information from unauthorized users.
Fair Debt Collections Practices Act [FDCPA]:
Designed to eliminate abusive, deceptive, and unfair debt collection practices, the FDCPA mandates that collectors must identify themselves, including the name of their firm, and explain that the purpose of the call is to collect a debt. With regard to call recording laws and call recording regulations, all interactions must be day and time stamped, and all calls recorded in order to assess employee compliance.
Telemarketing Sales Rule:
The Telemarketing Sales Rule prohibits sellers and telemarketers from making false or misleading statements. The Federal Communications Commission may assess a fine of up to $11,000 per violation. Seven pieces of information must be provided by the employee during the call – such as identity of the seller, the nature of the goods or services offered for sale, the full cost of all offers, etc.
Learn more about call recording laws and call recording regulations and how to avoid costly fines and legal fees – download your complimentary copy of the white paper “Call Recording Laws, Regulations and Best Practices for Ensuring Compliance,” authored by renowned analyst Dick Bucci from The PELORUS Group at VPI-corp.
Patrick Botz serves as Corporate Vice President of Solutions Marketing for VPI (Voice Print International), the leading provider of interactions recording, contact center quality management and performance optimization solutions. Leveraging more than a decade of field experience as a CRM and contact center practitioner, he focuses on the mission-critical aspects of capturing customer intelligence and optimizing business processes and workforce performance. Patrick’s work has been published in Customer Inter@ction Solutions, Business Management, Contact Professional, Call Center Magazine, Connections Magazine and Contact Center World. Patrick holds an MBA from Pepperdine University and a BSE in Engineering from Arizona State University.
VPI [Voice Print International] is the premier global provider of interaction recording and analytics, contact center quality management and workforce optimization solutions. For more information visit http://www.vpi-corp.com/.