Business Call Recording: Legal and Compliance Considerations Under MiFID II
Many businesses are unclear about what aspects, if any, of business call recording are legal, and this lack of clarity can have potentially damaging consequences.
There are a lot of reasons why a business might want to record its phone calls – compliance, dispute resolution, training, or even quality control. But many businesses are unclear about what aspects, if any, of business call recording are legal, and this lack of clarity can have potentially damaging consequences.
Business call recording is not illegal, but it is bound by a number of regulations, especially in the financial services sector. It must comply with the Data Protection Act 1998 (DPA) and the Regulation of Investigatory Powers Act 2000 (RIPA). The DPA applies because call recording generally results in a business obtaining personal data.
RIPA places limits on when telephone calls can be made, and an automated recording of a telephone call will generally contravene the regulation unless there is the consent of all parties.
Personal data – for the purposes of DPA compliance – means information held about identifiable individuals, such as a home address. Sensitive personal data would include information about someone’s ethnicity, religious beliefs, mental and physical health.
Considering this it’s obvious that business call recording frequently captures personal data and if personal calls are included in call recording policies then sensitive personal data is also easily captured…