Call recording is a common business practice that is widely used by companies and organizations across the world. However, before an organization records a particular telephone conversation, it must first consider if capturing the voice calls is legal in the country in which they are operating, or if there are any regulations and legislation in place that set out obligations on when recording voice calls are necessary and if supervision controls exist that the organization must establish.
These constraints are an extremely important consideration for businesses and organizations that operate in the U.K. While there are no regulations in place that prohibit private individuals from recording conversations, there are various regulations in place that regulate organizations’ efforts to capture and record voice calls.
Call Recording in the UK – Is It Allowed By the Law?
Recording telephone calls are allowed and not a criminal offense in the U.K.
However, the interception, recording, and monitoring of telephone calls are governed by several different pieces of UK legislation, the primary being:
1. Regulation of Investigatory Powers Act 2000 (RIPA)
Under this legislation, it is not illegal for individuals and business to capture and record voice calls secretly as long as the individual or a business will only use the recording for their own use,i.e. research purposes.
Recording or monitoring voice calls is only prohibited if the individual or business plans to share the conversation or some parts of it to a third-party. If the business, for instance, plans to quote the feedback of a customer as a testimonial on their website, then they need to notify the customer that the conversation is being recorded.
An exception is where there is a public interest at stake. A law enforcement agency or regulatory authority, for example, can capture and record voice calls with a company that is being investigated for giving bad advice without notifying them.
2. Investigatory Powers Act 2018 or Snooper’s Charter
The Investigatory Powers Act 2018 is legislation that came into force on 8 March 2018 and replaced the Telecommunications Regulations 2000. Under Section 46 of this legislation, recording telephone calls by business are legal if it is authorized by the monitoring and recordkeeping requirements of relevant regulations. In addition, the employer’s interception of the communication will only be lawful if the business will use the recording for:
- Establishing evidence of a business transaction.
- Ensuring that the business is compliant with regulatory or self-regulatory requirements.
- Demonstrating the standards which are met or ought to be achieved by personnel using the device or platform in the course of their duties.
- Preventing or detecting crime related to unauthorized use of a mobile network.
- Securing the efficient operation of the enterprise mobile network.
Companies don’t have to tell their clients they are recording calls if it is for any of the above reasons. But in any other case – for example, market research – they have to notify the customer.
For example, financial firms under the authority of Financial Conduct Authority (FCA) must “retain records of specific telephone conversations of client-ordered services that are related to the reception, transmission, and execution of client orders and proprietary trading.” This also includes telephone conversations that are intended to result in a trade, even if ultimately, they do not.
The DPA 2018 is the revised version of DPA 1998and includes some provisions that align with the objective of the EU-wide General Data Protection Regulation (GDPR). According to the newly-implemented DPA 2018, in order to record a call where an organization or business is able to identify the identity of either party involved in the call, it has to:
- Inform the other party how the recording will be used.
- Obtain information for the call to be recorded.
- Data to be kept in a secure storage location – accessible when requested.
Investigatory Powers Act 2018 vs.DPA 2018 and GDPR – A Matter of Consent
UK firms in highly regulated industries such as finance often get confused between the seemingly conflicting call recording standards of IPA 2018 and DPA 2018 and GDPR. It is important to keep in mind that companies that are required by law to record calls can capture and record voice calls with an individual even if that conversation includes personal data.
Any regulatory requirements trump the rights of the individual, and therefore such calls should be captured and recorded.
However, an issue may arise if the call is not relevant,e.g. client inquiries that don’t meet regulatory requirements for call recording, and the individual has not opted-in to having their data stored. An example is if a customer only called an investment bank to inquire about their service availability in the holiday season, or an investment advisor having a phone call with their colleague discussing where they will head out for lunch.
From the financial service perspective, if the call isn’t intended to result in a trade, then the financial firm does not have any justification for recording the call. However, you also need to ensure a failsafe strategy that means a call which is justified is captured and recorded without any potential error by the employee receiving the call to authorize the recording.
Solution – Data Protection Policy and Enterprise-Grade Call Recording Solution
In order to address this issue, it is crucial for regulated organizations and companies in the UK to develop a data protection policy for call recording that is in compliance with industry regulation and meets the requirements of GDPR and DPA 2018.
The solution is to be transparent with your customers and trust that they will respect your transparency by providing consent. If they do not provide their consent, inform them that you will not be able to discuss certain subjects,e.g., trade-related topics that you are required to capture during the call.
With respect to employee call recording, all relevant employees should be informed explicitly of your organization’s recording policy. By having them formally agree that you will have to capture and record their phone calls – regardless if the call took place via company-issued or employee-owned device – you will be able to stay compliant with the requirements of DPA 2018 and GDPR.
Lastly, you must also have an enterprise-grade mobile archiving platform that can capture and record voice calls in compliance with data protection regulations and industry standards.
TeleMessage’s Mobile Archiver solution helps organizations in UK financial services, government, and healthcare sector efficiently manage data and content including enterprise telephone calls, SMS, emails, and web and social media content concerning voice call recording compliance. Our archiving solution is equipped with versioning and robust governance capabilities that ensure content across all digital channels is compliant and meets global regulatory requirements.
Contact us today to learn more about mobile archiving solutions.
