Call recording has many benefits but businesses must be aware of the legislation to navigate in order to ensure compliance with the law.
The core benefits of call recording are:
GDPR provides a single set of rules handling the data of EU citizens. In relation to call recordings, the key elements are consent, responsibility and accountability. These can be boiled down to simply ensuring that people are aware of being recorded and that the recording/file access is controlled and secure. Consumers will have greater data rights than the current Data Protection Act such as the right to know the scope of personal data collection and rights to port data or be forgotten and all at no charge to the consumer. The role of the data controller to facilitate this with a clear data policy and concise processes is imperative to avoid financial penalties.
Please contact us for details on Data Protection Impact Assessments (DPIAs) and for further information and details for the data protection officer (DPA)
http://www.eugdpr.org/the-regulation.html
MiFID I and II apply to businesses/persons offering financial markets advice/transactions and mandates as compulsory rather than best practice previously, that all calls incurring financial advice and/or subsequent transactions should be recorded and stored for a prescribed period of up to 7 years. MiFID II grants clients the right to receive copies of records and as such integrity and provenance will become a prominent evidential factor in firm-client disputes.
https://www.fca.org.uk/markets/mifid-ii
http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32014L0065&from=EN See Article 16(7)
PCI-DSS is not compulsory and was introduced by payment providers (Card Companies) in a bid to curb credit card fraud. As far as call recording is concerned, there are particular sensitivities around the storage of private card details and the standard has required businesses to make “best endeavours” to ensure the three-digit CV2 security numbers are not recorded or are not identifiable on any call recordings.
https://www.pcisecuritystandards.org/pci_security
VoiceHost can provide you with compensating controls to help negate the recording of CV2 codes. You can enable start/stop call recording via the control panel.
Once a call is recorded, it is stored using 256-bit encryption and each recording has a unique key and modification hash (checksum) to ensure authenticity at the network generation level which makes the recording admissible in a court of law.
No archiving of call-recordings is allowed at a network level and once the defined call-recording storage period has elapsed, the recording is permanently deleted.
The delivery of call recordings via FTP or FTPS is available. Access to the VoiceHost edge is not permitted and delivery is made nightly via FTP to the customer. Recordings are decrypted for FTP delivery otherwise playback would not be possible. Call recordings will remain encrypted on network storage until the used defined period has elapsed. Call recordings are then permanently deleted and cannot be recovered.
Call recordings are pursuant to the following legislation which is applicable in England and Wales.
Call recordings are compressed using MPEG layer 3 encoding @ 24Kbps. 1GB of storage should accommodate 92.59 hours of audio recorded or approximately 10.8 MB per hour of audio recorded.
All storage is within the United Kingdom and encrypted at rest within ISO27001, ISO9001, PCI-DSS and GDPR compliant Data centres.
Given that VoiceHost offers unlimited call recording stored FREE for 30 calendar days makes it an obvious choice in deciding whether to enable it.
The VoiceHost privacy policy is available here: https://www.voicehost.co.uk/privacy-policy
previous post
GDPR Statement - Privacy by design