Is your business compliant?
The professional world has changed rapidly in recent years. It’s not just the influx of new technology like AI and IoT that’s driving new outcomes. We’re also adapting to a new era of customer expectations. Your clients demand more meaningful, and secure experiences than ever.
To address a rising demand for quality and privacy in brand/consumer interactions, countless global groups have begun to introduce new policies. In 2006, we saw the arrival of PCI DSS standards for protecting transactions. In 1996, HIPAA changed the way companies dealt with health information. Most recently, in 2018, GDPR forced companies to reconsider how they handle consumer data.
As the landscape continues to evolve, the definition of “compliance” is changing too. Businesses can no longer rely on old fashioned practices to stay on top of the regulations. A focus on securely storing data doesn’t mean that you’re adhering to privacy standards. “Implied” consent isn’t enough to facilitate call recording and data collection.
Every industry, from retail to the public sector, is adapting to a change in regulation and compliance requirements for a new age of privacy and security. However, few areas have seen as much change as the communication landscape. Contact centres now have to put new strategies in place for recording calls. Companies must ensure that they have enough information to deliver personalised experiences, without treading on sensitive data.
Originally, the biggest concern that companies had during conversations with customers, was the data protection act. The DPA outlined how companies could reasonably use data. For instance, companies weren’t able to release information to a third party without consent. Additionally, brands needed to ensure that they weren’t keeping data for longer than necessary.
However, as more companies continued to find loopholes on how to manage and collect customer information, further action became necessary. The EU updated the DPA with GDPR (opens pdf). When GDPR arrived in 2018, it made managing security and privacy even more complicated for companies worldwide. Now, instead of just gathering implied consent for recordings and data collection, businesses must ensure that they have active permission from each customer.
The introduction of GDPR prompted a new era in call management and recording technology. Vendors began producing both UC and contact centre solutions with compliance measures built-in. For some companies, this meant implementing IVR technology that would automatically ask for permission from a customer before passing them to an agent.
Call recording vendors started to change the way that companies could access and organise data. This makes it easier for businesses to track information and adhere to things like the right to be forgotten. Before GDPR began, many EU member countries had their own call recording regulations. For instance, Germany was a two-party consent state. This meant that call recording demanded the consent of all participants.
However, it’s not just GDPR that companies have to think about right now. All around the globe, companies are re-assessing the way they handle the data. Many companies in the USA also adhere to GDPR guidelines so that they can continue to interact with EU customers. After all, GDPR doesn’t just apply to EU businesses – but anyone who interacts with a customer or brand in the EU too.
At the same time, the United States has its own compliance systems in place. The California Invasion of Privacy Act (CIPA) requires every party in a conversation to give consent for recording confidential communications. All outbound and inbound calls must inform customers of any recordings that might take place. Another ten states in the US have similar standards.
Elsewhere, in countries like Canada, the PIPEDA system stipulates that call recordings must only occur with the consent of the recorded party. Additionally, participants must know the purpose of the recording, and the caller also has the right to object to the recording. Australia also has it’s own calling and compliance strategies. For instance, the Interception and Access act says that all parties must be notified when a call is being recorded.
Countries all around the globe are constantly introducing new standards and strategies to improve customer privacy and security. From GDPR in the EU for call recording and data management purposes, to PCI DSS for transaction protection. Many countries around the globe demand that companies follow the guidelines of PCI DSS to ensure that financial information is well-protected during any conversation.
With so many different regulations and guidelines to consider, it’s no wonder that businesses have a hard time ensuring complete compliance. It’s not just government-mandated and location-based regulations around call recording that businesses need to consider either. There are also various industry governing bodies that have rules to think about around call recording.
In the UK, for instance, we have the Financial Conduct Authority. The FCA requires all financial firms, including banks and brokers to record complete conversations. The FCA deems that full recordings are essential to manage things like transaction disputes. Recordings are also necessary for making sure that customers receive fair treatment.
In a similar vein, the Financial Industry Regulatory Authority, or FINRA, enforces special procedures for supervising recording strategies. Elsewhere, in the healthcare industry, companies have regulations like HIPAA to consider. HIPAA improves the way that healthcare information and personally identifiable information moves throughout business environments.
The HIPAA regulations protect everyone from doctors, to health insurance companies in the industry. This makes these guidelines essential for a wide selection of business leaders.
As the communication landscape continues to evolve, businesses need to adhere not just to new technology – but new expectations too. Customers demand greater privacy, security, and protection than ever before. Businesses that don’t provide these things could end up facing significant fines, and a loss of brand reputation.
Today’s companies must ensure that the technology they invest in for the digital transformation isn’t only effective – it’s compliant too. How is your company making sure that it adheres to the latest regulations?