What compliance laws and regulations are important to contact centres nowadays?
Compliance laws and regulations are central to how a contact centre functions. Violating laws can cost you millions of dollars in penalties (like the AT&T contact centre, which was fined $25 million for a data breach). In a previous article, we discussed the top compliance areas to watch out for when operating a contact centre – namely the data you record, customer consent, data access privileges, ethical behaviour, and equipment misuse.
What’s more, contact centre compliance laws and regulations are regularly updated in response to industry trends and market forces. That’s why it is critical that you know about the latest regulatory changes in the sector.
Any organisation working with Us customers must follow the country’s contact centre regulations. This includes the Telephone Consumer Protection Act (TCPA), which forbids agents from calling residential numbers between 9 PM and 8 AM, and makes it mandatory to disclose the caller’s identity information.
Contact centres must also pay wages according to the state minimum wage standards and any data around health insurance has to comply with the Health Insurance Portability and Accountability Act (HIPAA).
Apart from this, you have to remember union requirements as per local laws.
In 2019, several states introduced the US Call Center Worker and Consumer Protection Act, meant to address issues around customer service offshore.
As per this new compliance law, agents would have to mandatorily disclose their name and actual location to consumers in the US. if the consumer requests that the call is handled by a US-based agent, you need a mechanism (and workforce) in place for transferring the call accordingly. Any violation would lead to your contact centre getting listed as a “bad actor” and incur a penalty of $5,000 per day or more.
In some states like Colorado, you might have to submit detailed reports on your contact centre workforce and wage data.
UK’s Ofcom lays down regulations for preventing persistent misuse of automated telephony equipment. You cannot call customers multiple times a day or leave a large number of calls silent/abandoned midway, causing customer inconvenience. Like other countries, the UK is also subject to data privacy laws, and exposure of customer data due to contact centre negligence could result in severe penalties.
UK contact centres also come under the jurisdiction of PCI DSS, a global set of security regulations for handling customer payment information (cash, credit, or debit).
In addition to the above, the UK’s Information Commissioner’s Office (ICO) recently introduced the Direct Marketing Code of Practice, particularly relevant to outbound contact centres. This lays down guidelines for obtaining consent, distinguishing between service messages and direct marketing, and purchasing/renting marketing data.
There are also new laws around data enrichment without consent, referral schemes where one customer shares another prospect’s data without the latter’s consent and obtaining consent at the time of registration.