How Long Should You Keep that Call Recording?

Compliance Recording Balancing Blocks

Recorded customer interactions, whether they are landline, VoIP, mobile or chat (e.g. Skype for Business), can be a real savior if your business is ever in a dispute, a legal entanglement or cited for a compliance infraction by a regulatory body. Recordings can prove what was and was not said during the interaction in question.

However, recordings can also serve as a tremendous nuisance and a potential business liability if they are kept for too long. This is why you need a recording solution that has versatility in how long you retain certain types of interactions.

In addition, most regulated industries have specific retention requirements. Here are just a few of the recording retention regulations. There are others.

  • Financial institutions and trading houses – U.S. Securities Exchange Commission (SEC) requires broker-dealers to retain interactions for at least six years; Dodd-Frank says five years
  • Mortgage Brokers – U.S. Consumer Loan Act requires interactions to be kept for at least three years
  • Healthcare – U.S.-based Health Insurance Portability and Accountability Act (HIPAA) requires interactions to be kept for six years
  • Utilities – U.S. Federal Energy Regulatory Commission (FERC) requires utility companies to retain “recorded telephone exchanges” for five years

If you do business in Europe, your recordings can also be impacted by the European Union’s new General Data Protection Regulation (GDPR). This consumer privacy regulation requires firms to produce all information (including recorded interactions) containing personally identifiable information (PII) to customers who request it within 30 days. At the same time, these same customers also have the Right to be Forgotten and may request any recordings of them be purged immediately. Therefore, versatility in retention, purging and searching for specific recordings is essential in order to maintain compliance.

In addition, many states also have their own laws that can impact your recordings. For example, the California Consumer Privacy Act (CCPA), which goes into effect on January 2, 2020, is modeled after the European Union’s GDPR.

PII and protected health information (PHI) can also be tricky. Any recording that contains a credit card number, pin number, account number, birth date, hospital discharge date, etc. must be protected from unauthorized users. To ensure this protection, you need versatility in setting permission levels regarding who has access to your stored recordings. Any unauthorized access could cause legal, financial and regulatory scrutiny.

When selecting a compliance recording solution, you should consider certain criteria to protect your organization. In particular, your solution should be able to:

  1. Record all customer interactions
  2. Record landline, VoIP, mobile and chat
  3. Offer versatility in setting recording access permissions
  4. Mask or mute sensitive portions of interactions (e.g. when credit card data is being captured)
  5. Offer versatile retention capabilities
  6. Provide audit trail capabilities
  7. Encrypt interactions while in transit and at rest
  8. Offer digital signatures at the recording level (to protect against tampering)
  9. Offer multi advanced search criteria to locate specific recordings

The financial impact of non-compliance on your organization can be quite significant. Some regulatory violations can cost upwards of 4% of your annual revenue. Lawsuits vary from case to case and can also be quite high, plus there is the risk of losing customers and credibility.

To learn more about Numonix RECITE compliance recording software, please visit us at https://numonixrecording.com/compliance-recording/

Comments are closed.