Compliance Recording for Call Centers

While many Call Centers choose to record as a way to improve agent performance, many more record to comply with a wide variety of industry and governmental regulations. Even when recording itself is not mandated, the Call Center may record to document their compliance with statutory requirements. Here’s a quick look at just some of the compliance rules, regulations and laws that can spur an organization to record calls and/or to add features to an existing call recording system.

Compliance Regulations

Telemarketing Sales Rule The Telemarketing Sales Rule (TSR) was issued by the Federal Trade Commission in 1995, and has been amended in 2003, 2008 and 2010. One of its key provisions is the Do Not Call Registry for consumers, but there are other provisions which affect the outbound Call Center specifically. Example: Company Call Centers that use “novel” payment methods like check-by-phone, payment on a utility or mortgage bill, etc., are required to obtain verifiable authentication that the customer understands and agrees to the specifics of the payment method. An audio recording of the customer’s assent meets this requirement. Any such recording must be retained for as long as other records about the sale and must be provided to the customer and/or billing entity upon request.
PCI DSS The Payment Card Industry Data Security Standard (PCI DSS) provides an actionable data security framework for organizations that accept credit card payments. While PCI DSS does not mandate call recording, it does address the way in which credit card data can be recorded and stored in the Call Center environment. Example: the general requirements of PCI DSS call for payment card data must be encrypted.  If Call Centers collect sensitive authentication data, however, such as the card validation code, they are prohibited from storing that data even if encrypted. It is important that the Call Center’s recording system be capable of pausing, stopping, or muting recording during the disclosure of sensitive authentication data. Additional information can be found in the Information Supplement: Protecting Telephone-based Payment Card Data, available from the PCI Security Standards Council.
HIPAA The U.S. Office for Civil Rights enforces the HIPAA Privacy and Security Rules, and the Patient Safety Rule. These Rules protect the privacy, security and confidentiality of individually identifiable health information. Healthcare and insurance company Call Centers in particular need to be aware of HIPAA and how it can impact their recording initiatives. Example: Call recording can be used to demonstrate that confidential health information was not relayed to an unauthorized person or left on an answering machine. Encryption may be considered for recordings of calls in which confidential information was discussed.   Call recording can assist and/or impact compliance with regulatory and industry standards and this was just a few regulations.  To learn more about compliance recording for your Call Center, please call us at 1-800-556-8556 and speak with one of our Call Center Specialists or click here to schedule a FREE demo.