7 Contact Center Compliances A Call Center Must Follow
Posted on Thursday, August 18th, 2022 at 9:39 am
Call centers are the bedrock of many law firms. While attorneys focus on complex legal matters, they can rest assured that leads and potential new clients are receiving excellent customer service and are being provided necessary information. The legal industry requires a certain amount of confidentiality and adherence to certain guidelines, and call centers are no exception. In fact, there are seven contact center compliances a call center must follow.
Regulations for Call Center Operations
There are specific laws and guidelines that call centers must adhere to, including the Consumer Protection Act (CPA), the Health Insurance Portability and Accountability Act (HIPAA), the Telephone Consumer Protection Act (TCPA), U.S. labor laws, and more. Take a look.
1. Payment Card Industry Data Security Standard (PCI-DSS)
Under PCI-DSS guidelines, call centers cannot record the CVV2 numbers on credit cards. They also cannot record sensitive information like the magnetic strip identification or pin number. This rule applies to any information, including written or verbal communications. This guideline is in place to protect highly sensitive customer information. The goals of PCI-DSS standard are:
- Protect customer information
- Build and maintain a secure network
- Implement access control measures
- Maintain a proper information security policy
- Require agents to have a unique identification number if they access sensitive information
2. Consent Standards
Most states in the U.S. require consent between parties in a conversation before the conversation can be recorded. Call centers must adhere to state laws and overall governing policies. It is not enough for call centers to advise the other party that they are recording, they must get consent to do so.
3. Health Insurance Portability and Accountability Act
The Health Insurance Portability and Accountability Act, or HIPAA, is a law that governs private health information. This includes written and electronic records. Under HIPAA rules, call center agents must be trained in how to handle healthcare-related information properly. This includes:
- Properly securing health information
- Proper storage and transfer of information
- Data security training
- Ongoing training to maintain HIPAA compliance
In addition, if a client requests that their information be safeguarded, a call center should have adequate safeguards readily available.
4. Fair Debt Collection Practices Act
The Fair Debt Collection Practices Act, or FDCPA, is the federal law that governs debt collection. When any organization attempts to collect a debt, they must follow FDCPA guidelines, including:
- Not calling debtors before 8:00 a.m. or after 9:00 p.m.
- Not engaging in threatening or harassing behaviors.
- Not using obscene or profane language.
- Not calling a debtor once the debtor is represented by an attorney.
- Not threatening criminal action or arrest.
It is important that call center agents are trained in FDCPA guidelines and that they know that there are consequences for not adhering to them.
5. General Data Protection Regulation (GDPR)
The General Data Protection Regulation, or GDPR, is a set of guidelines issued by the EU. These guidelines apply to call centers that do business with European countries or those accepting information from EU residents. It is a good idea for all call centers to be mindful of GDPR regulations, including:
- All call center data must be easily accessible.
- If customers wish to retrieve their information, they must be allowed to at no charge.
- Call centers must have compelling reasons for recording calls and storing customer information.
- Call center agents must receive consent before recording calls.
While these guidelines may not apply to every call center interaction, the guidelines are applicable to most call center operations.
6. Telephone Consumer Protection Act
The Telephone Consumer Protection Act, or TCPA, is a set of regulations governed by the Federal Communications Commission (FCC). The TCPA is one of the most relevant sets of guidelines for call centers. The TCPA guidelines include:
- Call centers are prohibited from calling residential telephone numbers before 8:00 a.m. or after 9:00 p.m.
- Call center agents must identify themselves, the company they represent, and their phone number.
- Call centers must follow regulations of the Do Not Call Registry.
- Automated or pre-recorded calls are prohibited for telemarketing purposes if the consumer has not provided consent.
Call centers and/or agents who violate TCPA guidelines may be subject to legal action, including lawsuits.
7. Do Not Call Registry
The Do Not Call registry, or DNC, is a nationwide list that consumers can add their names and telephone numbers to if they do not want to receive telemarketing calls. Call center agents should be aware of the DNC rules and avoid crossing the line into the telemarketing sphere. Call centers that violate DNC rules could face penalties of $43,000 per violation.
To avoid violating the DNC, call center agents should be trained and should stay updated on DNC lists. If they make outgoing calls, they should be limited to providing information, surveying consumers, or debt collection efforts.
Legal Conversion Center’s Commitment to Compliance
At Legal Conversion Center, we are committed to being compliant with all state and federal laws and guidelines. Our legal intake professionals are highly trained and supervised to ensure that our services meet the highest standards. Contact us to learn more.