Call recording and call monitoring
Call recording has become increasingly important for many organisations, either for best practice or for compliance with regulatory bodies. Quexia specialises in recommending, supplying and supporting a range of call recording and call monitoring solutions that can be used across a variety of platforms, both on-premise and hosted.
The way call recording can be used is tightly regulated and under the General Data Protection Regulation (GDPR) it is critical that organisations using or planning to use call recording and call monitoring ensure they are compliant.
Organisations need call recording and call monitoring for a number of reasons, including:
- Providing evidence of a business transaction
- Ensuring that a business complies with regulatory procedures
- Meeting quality standards or targets
- Protecting national security
- Preventing or detecting crime
- Investigating the unauthorised use of a telecommunications system
- Ensuring the effective operation of the telecommunications system
Call recording training
We understand that every organisation may use its telephone and call recording systems in different ways. That’s why we offer bespoke call recording training during which we can sit with your teams to understand why and how they are using their call recording system. We usually install your telephony and then allow around three weeks for your teams to get to grips with using it. Our call recording training begins at that point by which time there will probably be a number of questions that we can answer and discuss with you all to improve best practice.
Through our call recording training services we can provide:
- Call scoring and evaluation to improve staff performance during calls
- A ‘listen in live’ function on selected calls so we/you can find out how your staff are communicating in a live environment
- An evolving call recording training programme depending on your level of requirement/interest
- Reports and evaluations
We also provide ongoing call recording training programmes for new starters and to support new initiatives and new products so you can make the very best of the technology we provide to you, now and into the future.
Call recording and GDPR
Call recording has always been subject to regulation under the DPA (Data Protection Act) and the Payment Card Industry Data Security Standard. With the introduction of GDPR you will require customer consent to record calls with certain exemptions.
It’s currently acceptable to record a call as long as a recorded or a written message informs the caller (for example on a website, or on correspondence). The GDPR makes an explicit requirement for an organisation to obtain the customer’s consent to record a call first unless any of the following apply:
- Call recording is necessary for the performance of a contract with the subject or to take steps to enter into a contract
- It is necessary for compliance with a legal obligation
- It is necessary to protect the vital interests of a subject or another person
- It is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
- Where call recording is necessary for the purposes of legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests, rights or freedoms of the data subject
Rules for securely processing call recordings
As part of GDPR, organisations have an obligation to appoint a Data Controller. A Data Controller has responsibilities over voice recordings as well as more traditional data. The recording of audio can also provide an important permanent record of an event, for example, in a call centre or recording; however, it can also be intrusive.
Data controllers must consider the security of lawful call recordings and whether this can be achieved through the use of full-disk or file encryption products. However, some types of audio recording devices such as dictation machines may not routinely offer encryption. The data controller must consider whether an alternative device is more appropriate or consider additional technical and organisational safeguards such as deleting the data as soon as practicable and locking the device away when not in use.
In the event that an unencrypted version of the call recording should be retained (e.g. for playback in a Court of Law) then a range of other compensatory measures must be considered. These can include storage within a secure facility, limited and authorised access and an audit trail of ownership and usage.
The data controller must also consider the security of call recordings once transferred from the device for long-term storage and be aware of other requirements which may prohibit audio recording of certain types of data. For example, the Payment Card Industry Data Security Standard prohibits the recording of card validation codes.