MiFID II will change businesses call recording policies
Both MiFID II and GDPR aim to regulate the financial services sector with their own set of strict rules around call recording. However, the issue is that many businesses lack clarity about whether call recording is legal in the first place.
Most businesses these days have a phone call recording policy. Many of them, however, are still unclear about what aspects of call recording are legal. This lack of clarity can have potentially damaging financial, legal and reputational consequences.
From regulatory compliance and dispute resolution to training and quality control, businesses have different motivations to record its employees’ phone calls. Such recordings are governed by a number of regulations, many of which are aimed at regulating the financial services sector.
In particular, business call recording must adhere to the Data Protection Act 1998 (DPA) and the Regulation of Investigatory Powers Act 2000 (RIPA).
The DPA applies because call recording generally results in a business obtaining personal data on someone, while RIPA places limits on when telephone calls can be made. Automated recordings of phone calls generally contravene the regulations unless there is explicit consent from all parties.
For the purposes of DPA compliance, personal data collected includes information about identifiable individuals, such as a home address. Further sensitive personal data would include information about someone’s ethnicity, religious beliefs, or mental and physical health.
So it’s easy to see how business call recording can frequently capture personal data. If personal calls are also included in a company’s call recording policies – it’s even more likely sensitive personal data will be captured…