Trillium Insights

Thoughts and Insights from Trillium's Practice Leaders

Maintaining Data Privacy in the Contact Center

Maintaining Data Privacy in the Contact Center

Most of us have interacted with a contact center and heard the phrase “This call may be recorded for quality or training purposes”.  GDPR and some of the new US-based state-wide privacy regulation have an impact on the policies and business process for call centers.  One of the main changes is the justification of the contact center to record the call.   Contact centers can no longer justify recording the call for training or quality purposes.  To be able to record the conversation, the organization must meet one of the following reasons:

  • The people involved in the call have given consent for the call to be recorded
  • Recording is required for regulatory or legal reasons
  • Recording is necessary to fulfill a contract
  • Recording is necessary to protect the vital interests of one or more participants
  • Recording is in the legitimate interests of the recorder, unless those interests are overridden by the interests of the participants in the call
  • Recording is in the public interest, or necessary for the exercise of official authority


This has necessitated organizations develop an effective recording policy for its employees.  In order to do this an organization must do the following:

  • Identify all of the recording devices that the organization uses.  This includes, phone, online meeting applications (Zoom, Skype for Business, GoToMeeting, etc.)
  • Identify all of the parties that will be covered by the policies.  This includes both employees, 3rd party contractors and BPO organizations
  • Develop a recording, retention and destruction policy to ensure recordings are created, managed, and disposed of in accordance with applicable regulatory record-keeping requirements and business needs. This should include who has recording authority and under what circumstances. It also should include the controls to ensure adherence to the policy
  • Provide education on established policies
  • Execute the controls to ensure adherence to the policy.

The penalties associated with failing to meet regulatory compliance can be high.  Take the steps necessary to ensure that your contact center is well positioned to be successful with new data privacy regulations.