Dismiss Notice
We would like to remind you that we’re updating our login process for all 3CX forums whereby you will be able to login with the same credentials you use for the Partner or Customer Portal. Click here to read more.

GDPR + Call Recording

Discussion in 'Ideas' started by Anthony Stirk, Oct 24, 2017.

GDPR + Call Recording 5 5 4votes
5/5, 4 votes

  1. Anthony Stirk

    Joined:
    May 22, 2017
    Messages:
    11
    Likes Received:
    4
    With the european GDPR legislation due in May 2018 I believe 3CX need to urgently review how call recording is performed on the system.

    Firstly assumed consent ("all calls maybe recorded for training and quality purposes") isn't sufficient. It needs to be opt in consent. I note HP/Microsoft are already doing this on their systems ("Press 1 to consent to this call being recorded").

    Secondly blanket call recording of all calls where staff can make personal calls puts the company in immediate breach of GDPR (and DPR for that matter) as these call recordings are not being used for a specific purpose.

    This is my understanding of the situation and I'm not a legal person but as the vendor I believe 3CX should urgently review the situation. Currently the only way to remain compliant is to disable call recording entirely as 3CX does not give the option to pause/resume call recording (breach of PCI compliance by the way) or offer optin call recording.

    Ref : https://www.commstrader.com/guides/.../call-recording-gdpr-preparing-new-data-laws/
     
    Joe Johnston and iptechnology like this.
  2. Anthony Stirk

    Joined:
    May 22, 2017
    Messages:
    11
    Likes Received:
    4
    Hi a response to this would be appreciated.
     
  3. DL_

    DL_

    Joined:
    Mar 31, 2015
    Messages:
    55
    Likes Received:
    8
    I'd be interested in what particular telephone number/option you are calling for HP/Microsoft to get that option as part of our discussions about GDPR.

    With regards to you r query I notice there is an option for a customer to choose not to record the call if they come via a queue (but not to specifically choose to record it). You could choose to record manually by asking the customer first if the would mind having the call recorded when the agent answers and then starting a manual record (for audit purposes you might then have to repeat that they have agreed to have the call recorded once you hit record) or you could ask while recording and then turn it off if they say no and you have their choice then recorded. This also works for outgoing calls as well, which could otherwise be troublesome.

    For personal calls the user can choose to disable call recording for that call, as it is their own call surely they can be in control of the recording. Or set up a departmental non-record phone that staff can use (in their breaks etc) that isn't recorded for personal calls. As it is a legislative issue staff could be banned from using the normal phones for personal calls in this way.

    Finally you do have the option to use the API/CFD/Agent app to create a GDPR or PCI compliant system using 3cx yourself. However an option to press 1 to record 2 to not record your call with a custom prompt would be useful for standard incoming call queues.
     
  4. Anthony Stirk

    Joined:
    May 22, 2017
    Messages:
    11
    Likes Received:
    4
    Microsoft Partner Services.

    Call recording of them not recording attached (as a zip can't upload wavs).

    With regards to the personal calls I'm applying the PCI Compliance for pause resume recording. If the process is manual you are in breach of PCI. The trouble with staff is you can tell them to do something but they may not do it and that puts you in breach.
     

    Attached Files:

    • ms.zip
      File size:
      712.9 KB
      Views:
      6
  5. DL_

    DL_

    Joined:
    Mar 31, 2015
    Messages:
    55
    Likes Received:
    8
    Thanks, for the recording. That's helpful.
     
  6. nedwos

    Joined:
    Oct 24, 2017
    Messages:
    1
    Likes Received:
    0
    Hi - Interesting view about not being able to record calls based on consent.

    If a blanket recording policy is in place (eg banking) then the use case does not need consent as it is required for regulatory reasons or audit in a sales environment. The issue of consent is made easier, as the option can be removed as long as the user can see the policy documents online - perhaps on your website.

    Also, with a blanket recording policy, if there is a business case for it and it is implemented, the user cannot realistically consent because of the inequality of power. Calls may be recorded to prove trade details, or order confirmations etc and are therefore part of the normal "checkout" process of collecting name, address, credit card number etc - all not needing explicit consent as it is part of the required workflow that the user has initiated.
     
  7. Joe Johnston

    Joined:
    Apr 23, 2018
    Messages:
    2
    Likes Received:
    0
    Also looking at a way to do the above? At the moment it's looking like we'll have to disable call recording without a way of the user giving consent.
     
  8. voiptoys

    voiptoys Active Member

    Joined:
    Feb 13, 2013
    Messages:
    893
    Likes Received:
    154
    Here are a couple of solution:

    1. Send the caller to an IVR prior to the queue. The IVR offers 1 to record, 2 to not record. If caller chooses 1, send to recorded queue, if 2 send to non recorded queue. On the handset configure two accounts. One account (extension) has all calls recorded, and the other account (extension) does not. Then assign one extension to the recorded queue, and the other extension to the non recorded queue. Outbound personal calls are made from the extension that is not recorded. This obviously will not work for 3CX Phone for Windows without a physical phone since you can only have one account active, therefore it requires a physical phone that supports multiple accounts, and a bit of labor.

    2. Another alternative would be to create a CFD application that offers the two choices, then stores the unique call ID to a database with the caller's choice. Then a service monitors which calls the agent has answered and confirms the caller's choice, and turns on / off recording for that call using the Call Control API.

    3. Or, you could have a normal IVR provide the choices and send to different queues based on the caller's choices, then have a service look at the origin of the agent's call (recorded or non-recorded queue) and have the service use the API to turn on / off recording for that particular call.

    We can help with all the above.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. Joe Johnston

    Joined:
    Apr 23, 2018
    Messages:
    2
    Likes Received:
    0
    Hi Matthew,

    Thanks for your response. Just spoke to another member of my team here and he's come up with a different way, I just need to check with our data guys if it's acceptable as the consent wouldn't be stored anywhere.

    If you play an an intro message on the queue stating the options, with the options being 2 to consent and 3 to not consent using the advanced, queue preferences caller ability ability to opt out of recording 3 will disable it.

    Joe
     
  10. voiptoys

    voiptoys Active Member

    Joined:
    Feb 13, 2013
    Messages:
    893
    Likes Received:
    154
    I didn't quite follow what you are proposing. There are no queue options for pressing 1, 2, or 3, so you must be referring either to a Digital Receptionist, or a CFD application. Either way, I don't see how this helps unless I simply don't understand what you are proposing. Controlling whether a call is recorded is either manually invoked by the agent, or it is controlled by the extension setting that records all calls.

    As DL_ suggested, this could be a largely manual process, but then you are dependent on the agent to (1) remember to ask, and (2) perform the correct actions every time.

    If you want an automated process where the agent is not relied upon to do the right things every time, then you will probably need to implement one of the options I mentioned in the previous post.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  11. CodeTwo

    Joined:
    Jun 27, 2017
    Messages:
    13
    Likes Received:
    1