2020-06-25
Legal Articles

When is it permissible for a business to record telephone calls?

Home / Knowledge base / When is it permissible for a business to record telephone calls?

Posted by Christine Jackson on 08 February 2016

Christine Jackson - Commercial Contracts Solicitor
Christine Jackson Partner

Introduction

“Your call may be recorded for monitoring and training purposes”

The law governing a business’s right to monitor and record telephone calls with its customers is primarily set out in:

  • Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000 (SI 2000/2699) (Lawful Business Regulations).
  • Data Protection Act 1998 (DPA).

In addition, where businesses wish to monitor and record telephone conversations made by employees, it needs to consider the Information Commissioner's Employment Practices Data Protection Code and the Human Rights Act 1998 (HRA).

Further rights are included in the Regulation of Investigatory Powers Act 2000 (RIPA) which regulates the manner in which certain organisations may conduct surveillance and access a person's electronic communications.

What does the law say generally?

RIPA permits ‘inception’, meaning the contents of a communication are made available to a third party during transmission, when the organisation in question has (i) obtained the customer’s consent, or (ii) where it is authorised to do so by the Lawful Business Regulations.

The Lawful Business Regulations specify that any calls can be monitored and recorded in the following circumstances:

  • to establish the existence of facts relevant to the business, such as keeping a record of instructions given by telephone where it is necessary or desirable to know what has been said during a conversation;
  • to ascertain compliance with regulatory or self-regulatory practices or procedures relevant to the business. This would include monitoring as a means of checking that the business is complying with external regulatory  guidelines;
  • to ascertain or demonstrate standards that are or ought to be achieved by persons using the system. This could include monitoring for the purposes of quality control or staff training;
  • to prevent or detect crime. For example, monitoring to detect evidence of fraud or corruption;
  • to investigate or detect the unauthorised use of the communications system or ensure the effective operation of the system, such as monitoring employee access to certain applications and data.

In relation to employees, the Lawful Business Regulations also authorise employers to monitor (but not record) employee communications without consent in the following circumstances:

  • to determine whether or not the communication is relevant to the business; for example, when the employee is absent from  work;
  • to monitor communications to a confidential anonymous counselling or support helpline.

However, all the conduct permitted under the Lawful Business Regulations set out above is only expressly permitted solely for the purpose of monitoring or recording a communication which is "relevant to the business". Furthermore, the business must also have made "all reasonable efforts" to inform every person involved that this may take place.

In addition, the data protection act is likely to be applicable if the content of a call is recorded, as the information disclosed during a call is likely to contain personal data such as name and address information. Accordingly, processing that recorded information will be subject to the requirements of the DPA.

The first principle of the DPA requires that personal data is processed fairly and lawfully, which includes informing the caller (at the point at which data is collected) that the data is being recorded, and having legitimate grounds for collecting and processing the data, for example, by obtaining consent from the caller.

In addition, recorded telephone calls must be stored securely, only retained for an appropriate time and the customer must be given the right to access the data.

Furthermore, to the extent that any information to be recorded would be classified as "sensitive personal data", which is personal data consisting of information about a person’s racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health or condition, sexual life, or commission of or proceedings for any offence committed or alleged to have been committed by that person, further restrictions apply and explicit consent would be required in these circumstances. We advise that businesses should seek further advice if this is applicable.

What else needs to be considered when dealing with employees?

The Information Commissioner's Employment Practices Data Protection Code suggests the following principles of good practice for the monitoring of telephone calls made by employees at work:

  • communications should only be monitored for specific purposes;
  • wherever possible, employees should be notified in advance that such monitoring may take place, for example, through a staff handbook;
  • covert monitoring should only be used in exceptional circumstances, such as a criminal investigation, on a strictly targeted basis and for a limited period of time.

In addition, article 8 of the HRA provides that every individual has the right to respect for their private and family life, their homes and correspondence. This right to privacy extends to the workplace. This has the following effect:

  • employees have a reasonable expectation of privacy in the workplace. Employees should therefore be warned that communications may be intercepted; and
  • even where no expectation of privacy exists, an employer must be able to justify the interference. Any monitoring must be proportionate and only go as far as is necessary to achieve its purpose.

What are the consequences of failure to comply?

Breach of the RIPA or the Lawful Business Regulations can result in either civil or criminal action, and breach of the DPA can result in the Information Commissioner imposing substantial fines.

As a business, how can I comply?

As a matter of best practice, a business that intends to monitor and record telephone calls should:

  • Use pre-recorded messages to notify customers that calls may be monitored and recorded, and the specific purposes for which this is taking place, such as quality control or training. If pre-recorded messages are not possible, businesses should ensure telephone operators notify customers of this information at the outset of a call.
  • Add suitable wording to privacy policies. For example, "We may monitor, record, store and use any telephone, email or other communication with you in order to check any instructions given to us, for training purposes, for crime prevention and to improve the quality of our customer service".
  • In respect of employees, include in a staff handbook and work policies details of the monitoring of telephone calls or other means of communication and the purpose of such monitoring. Employees whose calls are monitored should be given access to a private line over which personal calls can be made during, for example, their lunch break.

About the author

Christine helps clients manage risk and financial exposure in their day to day business dealings.

Christine Jackson

Christine helps clients manage risk and financial exposure in their day to day business dealings.

Recent articles

30 July 2020 Rethinking the landlord / tenant relationship

We have been following the travails of the high street for over 12 months where changing shopping habits, business rates and rent increases have been contributing to a growing strain on many landlord / tenant relationships. The Covid-19 pandemic has not only turned a bad situation critical for many retailers and hospitality venues but has also turned the spotlight on the wider commercial sector too. Almost all businesses operating across the country have suffered financially to a greater or lesser extent as result of the economic downturn precipitated by the imposition of lockdown in March.

Read article
30 July 2020 Bankrupts fail in claim to have interests in land revested in them

The claim by Mr and Mrs Brake (Brake v Swift), heard in the High Court in May, to have a cottage and adjacent land revested in them under Section 283A of the Insolvency Act 1986, was set against a background of convoluted litigation extending over a number of years, described by Matthews HHJ as ‘complex’. The claimants had been made bankrupt in 2015 and the matter before the Court concentrated on whether or not the property concerned was, indeed, the claimants’ principal residence at the time of the bankruptcy.

Read article
29 July 2020 Remote witnessing of wills – a sign of the times

The law governing how a will is witnessed dates back to 1837 and for good reason. The requirement for two people (neither of whom can inherit from the will they are witnessing) to be physically present at the signing of a will is designed to, among other things, prevent fraud and the exercise of undue influence. That is, until the Covid-19 pandemic struck.

Read article
Contact
How can we help?
01926 732512
CALL BACK