Contact Center Compliance: What You Need to Know
Contact center compliance refers to the standards that a contact center must follow to protect its customers and the sensitive data shared during their interactions with contact center agents.
These standards are defined by specific laws and regulatory agencies such as the following:
- Telephone Consumer Protection Act (TCPA): This law regulates telemarketing calls and is overseen by the Federal Communications Commission (FCC).
- Payment Card Industry Data Security Standard (PCI DSS): This is the global security standard for companies that handle credit card transactions.
- Health Insurance Portability and Accountability Act (HIPAA): Protects sensitive health information from being disclosed about a patient without their knowledge or consent.
These contain just some of the many rules call centers must comply with.
They can be hard to keep track of, especially if they also have to comply with the standards set by other countries.
Compliances Contact Centers Must Follow
Here’s a brief rundown of some general standards call centers should adhere to and some tips on staying compliant.
They Must Have Consent from Agent and Customer to Record Conversations
Here in the US—and in many countries around the globe—contact centers must first ask for the customer’s consent before recording the conversation (usually for data gathering purposes).
This applies to both inbound and outbound calls.
One common mistake is that the agent, or the call center as a whole, might assume that informing the customer that the call will be recorded can be considered consent.
However;
They have to get a clear response from the customer before proceeding.
Not doing so would violate the TCPA.
Agents Shouldn’t Contact Numbers in the DNC List
The Do Not Call (or DNC) registry is a list that people can add their numbers to if they don’t want to receive telemarketing calls that involve sales pitches.
Contact centers have to be careful and avoid calling numbers from this list, as they could face penalties of over $43,000 per call.
Contact centers can prevent such mistakes by staying updated on the registry and providing lists to their outbound agents.
If they call a DNC-registered number, it should only be for purposes such as:
- Providing information
- Surveying
- Debt collection
Contact Centers Must Not Record Credit Card Data
The PCI DSS forbids call centers from collecting credit card information such as CVV, magnetic stripe data, and PINs when recording calls.
Some tools used to prevent this include implementing a “pause recording” feature while the customer shares their credit card data.
The contact center management should also ensure that their agents do not store the credit card information for themselves.
Searching for paper with possible credit card numbers written on it is one of the measures to take.
Agents Cannot Threaten Customers to Pay Bills
Many contact center agents are tasked with following up with consumers regarding their bill payments.
However
Some clients can become hostile when questioned about money issues. Nonetheless, the call agent should avoid harassing, threatening, or speaking abusively to the consumer.
The contact center would violate the Fair Debt Collection Practices Act.
You can avoid this violation by distributing a phone script for agents to use when dealing with an aggressive client.
There should be no insulting language directed at clients in the script.
Ready to take your business to the next level? Let our call center experts show you how we've helped organizations just like yours seamlessly scale while lowering costs and increasing efficiencies.
You won't regret it.
How to Keep a Contact Center Compliant
Here are a few ways you can avoid having problems with call center compliance:
- Keep a Compliance Checklist: Staying updated on your industry’s compliance requirements will help your call center avoid accidentally breaking any rules.
- Create a Data Security Policy: You can implement company-wide compliant security measures to prevent leaks, such as tracking employees who regularly handle sensitive data. Your call center’s computer systems should also be secured against data breaches.
- Provide Regular Agent Training: Agents can receive routine training on handling calls and using tools to remain compliant.
We Take Compliance Seriously
At ROI CX Solutions, compliance is our top priority.
We’re ISO 27001, HIPAA, Soc2 Type II and PCI complaint, making our services secure and trustworthy.
With decades of experience, we know compliance.
We’re regularly updating our teams on new regulations so that our clients stay compliant.
Contact us and see how we can help your outsourcing needs.
![What Is a Predictive Dialer in a Call Center [FAQs]](https://roicallcentersolutions.com/wp-content/uploads/2021/04/predictive-caller-roi-500x383.jpg)
