Top Compliance Considerations for Your Contact Centre

Anwesha Roy

Importance of complying with contact centre regulations

Insights
Top Compliance Considerations for Your Contact Centre

Contact centres are privy to large volumes of sensitive customer information, bringing them under the jurisdiction of consumer protection and data privacy laws. Illegitimate use of this information or infringing on personal privacy is strictly forbidden and can incur penalties amounting to several hundreds of thousands of dollars. Just recently, a contact centre in Swansea was fined £130,000 for making unauthorised direct marketing calls regarding consumer pension.

To avoid such scenarios, it is important to comply with contact centre regulations as applicable in your region. Some of the key areas to look out for include:

What data do you record?

When collecting customer information, agents should not ask for or record sensitive personally-identifiable information such as passwords, social security numbers, credit card details, magnetic strike data, and the like. Even if the consumer shares this information, your call recording should proactively leave it out by auto-triggering an integration that can flag sensitive data and pause the recording automatically.

Do you have customer consent before recording calls for quality management purposes?

GDPR makes it mandatory to obtain consent before recording anyone’s data in the EU context. There are equivalent laws in nearly every country, and it applies to employees and customers alike. Contact centres must inform agents that their calls might be recorded right at the time of initiating the employment contract. You should also configure your IVR message to let customers know that the conversation might be recorded.

Who has access to sensitive information?

Contact centres typically employ a very large workforce, which translates into a sizable risk vector. With more people accessing sensitive data, there will be a greater risk of a data breach, and difficulty in tracing malicious intent in case of insider threat. Address this by following least-privilege access policies, where only those who need data access as part of their job have it. Protect data access using two-factor authentication, particularly if you have agents logging in from remote locations.

Are agents trained in ethical behaviour?

Customer interactions don’t always go your way, but it is important to stop any conflict-ridden interaction from escalating to unethical behaviour on the part of agents. Outbound centres engaged in debt collection often face this issue, as a defaulting customer could be subject to unethical behaviour by agents to meet targets. The US government has laws against this, and it is also against industry best practices for customer service quality.

Is your automated phone equipment being misused?

Modern technology allows call centres to process an incredible number of interactions in a very short period of time. But this infringes upon the privacy rights of consumers – UK’s Ofcom could find contact centres for “persistent misuse” of equipment, where customers are called multiple times a day, a lot of the calls are silent/abandoned, or the technology systematically inconveniences a large pool of customers in any way.

These are the five top considerations to remember when maintaining contact centre compliance. Finally, also ensure that you source call lists in outbound from ethical parties to avoid any involvement with fraudulent activity.


Join our Weekly Newsletter