It’s more important than ever to ensure that your Contact Centre fully complies with regulations regarding identification, data security, call recording, credit cards, spam and privacy.
It doesn’t matter if the Contact Centre is an in-house team or a third party Australian-based or international centre operating on your behalf; compliance is mandatory.
- In 2016 The Federal Court ordered travel agent Getaway Escapes Pty Ltd (in liquidation) and its director to pay penalties of $325,000 for breaches of the Do Not Call Register Act
- In 2017 in the US a massive data breach of at least one telemarketing firm exposed thousands of recorded telephone conversations in an unsecured database online which customers provided sensitive information, including their credit card details.
And there are many more examples like these.
Telemarketing and Research Standards that you must comply with
There are two industry standards that set enforceable rules about how and when telemarketers, researchers and fax marketers can contact people.
These standards apply to any individual or organisation that makes or arranges for telemarketing/research calls to be made or marketing faxes to be sent to Australian numbers, even those not on the Do Not Call Register.
Even if a particular business, such as a registered charity, is exempt from the requirements of the Do Not Call Register Act 2006 and therefore able to call or fax numbers listed on the register, it must still meet the requirements contained in the industry standards.
The Standard covers things like:
- Calling line identification
- Calling Times
- Terminating a call
- Provision of information during a call
- Sending faxes
Visit the donotcall.gov.au website for a full explanation of all the requirements.
How to comply
Use a contact centre solution (like Premier Contact Point) with features that make compliance easy to achieve and monitor.
- Calling line identification – set up a calling line so callers don’t see a blocked number and can call back if they wish
- Campaign Scripting – to ensure that your team provides the required Industry Standards information
- Preview Dialler – allows agent to get ready for calls, by reviewing customer info beforehand, then clicking the dialler to make the call.
What about call recording?
Most organisations use call recording to meet customer protection legislation, to manage risk, to improve quality management and staff training, and for intelligence gathering.
To do this effectively, they need comprehensive recording capabilities, long-term data retention, and sophisticated retrieval mechanisms. The larger the enterprise, and the more they service customers across various lines of business and departments, the more important compliance-centred recording becomes.
The importance of using the right call recording platform
Not all call recording platforms are created equal. To reduce risk and maximise efficiency you need a platform which does all of the following, as a minimum.
- Automatic call recording functionality which records all calls – in and out
- An IVR component that allows for compliance prompts to be played to customers before their call lands on an agent
- Customisable recording permissions which can be applied to agents, teams, or queues to allow agents to manually initiate, pause, resume, or stop recordings as needed
- Searchable on-line access to all call recordings
- Securely stored to protect private data and comply with industry regulations
- Access and playback restricted to authorised users or roles
Premier Contact Point call recording provides all of these vital features, and more.
Credit card security
If your Contact Centre team is processing payments, you must comply with the Payment Card Industry Data Security Standard (PCI-DSS). The standard was created to increase controls around cardholder data to reduce credit card fraud.
Contact Centre’s face many challenges around PCI DSS Compliance and have become the latest target for data breaches globally.
Being compliant with PCI guidelines means
- having network security in place, such as an effective firewall and additional layers of protection
- ensuring your agents have received security awareness training
- not storing digital recordings that contain sensitive card data if those recordings can be queried
One method is to provide agents with call recording pause functionality so that recordings don’t capture the audio of the CCV number, and to remove all pens and paper and personal mobile phones from agents desks so the numbers are not manually recorded.
Another method is to use automation and touch tone DTMF dialing to enter masked numerical data so it is not recorded or audible to the agent.
As a tier 1 PCI DSS compliant provider of payment for financial institutions, government agencies and utilities around the world, Premier Technologies offers a suite of secure payment processing solutions to Contact Centres to help them meet PCI DSS obligations.
Email and SMS compliance
On 12 March 2014, amendments were made to the Privacy Act which affect the way most organisations collect, handle, store and disclose personal information.
In essence, this means that recipients must have a method of opting out or unsubscribing, whether that be by an unsubscribe link in an email or a STOP or UNSUB link in a text message.
- Specifying the personal information you are collecting
- Explaining the purposes of collection
- Providing people with access to the data you have about them
- Allowing people to request to correct their personal information
- Explaining how an individual can make a complaint
- Stating the countries that any data is sent to.
You need to let people know you are collecting data, why you are collecting it, how you plan to use it, and where they can go to opt out.
Compliance is more than technology
Compliance is more than technology; it’s a culture that needs to be well planned, implemented and monitored using stringent quality control procedures and systems. The right technology makes compliance possible, but without a compliance culture there is also no compliance adherence.