There are many compelling reasons for recording phone calls, not all of which involve nefarious activities, a super villain and a spy with a licence to kill, or shoring up evidence for the Jerry Springer Show for that matter. In the call centre environment of the corporate world, call recording simply makes good business sense.
The practice allows business to evaluate how effective its call centre employees are at satisfying customer queries and complaints, to analyse protocols for the purpose of improvement, and even to ensure continued compliance. If the movies and Jerry Springer have taught us anything however, then it’s that anything you say can and will be held against you. It’s hardly surprising then that the phrase “This call may be recorded” has the power to strike fear into the hearts of callers.
Good business sense and customer suspicions aside however, is call recording strictly legal in South Africa? There is no simple path to finding that answer. Instead it’s a legislative minefield, but one that ultimately reveals that call recording is not illegal, provided that you narrowly follow the letter of the law(s).
The Laws Governing Call Recording
Here’s where it gets interesting. There’s no single law governing the recording of calls in a call centre environment. Instead the act of determining whether you may record and how to do it in such a way that your business remains compliant, protects the customer’s privacy, and stays squarely within the bounds of the law, is a quest of Tolkien-like proportions.
We begin our journey with the South African Constitution, section 14 of which states that “Everyone has the right to privacy, which includes the right not to have the person or their home searched; their property searched; their possessions seized; or the privacy of their communications infringed.” If you were to stop there, notwithstanding the fact that the constitution does go on to say that such rights are limited in terms of law, the answer to the question of call recording would be a resounding ‘no’. Fortunately we don’t stop there.
The Regulation of Interception of Communications and Provision of Communication-Related Information (RICA) Act 70 of 2002, is an asset to business on this particular quest. Chapter 2, Part 1, Section 4 of the act states that “Any person, other than a law enforcement officer, may intercept any communication if he or she is a party to the communication, unless such communication is intercepted by such person for purposes of committing an offence.”
Section 5 takes this further with its edict that “Any person, other than a law enforcement officer, may intercept any communication if one of the parties to the communication has given prior consent in writing to such interception, unless such communication is intercepted by such person for purposes of committing an offence.”
Section 6 shores this up with its pronouncement that “Any person may, in the course of the carrying on of any business, intercept any indirect communication (a) by means of which a transaction is entered into in the course of that business; (b) which otherwise relates to that business; or (c) which otherwise takes place in the course of the carrying on of that
business, in the course of its transmission over a telecommunication system.
It’s clear then that on the grounds of the business being a party to that call, that party is indeed permitted to intercept that call.
Things would now appear to be nicely cut and dried, except for the entry of The Protection of Personal Information (POPI) Act of 2013 into the fray. POPI is a complex act that does exactly as its name implies. From the outset it identifies that its purpose, inter alia, is to “regulate the manner in which personal information may be processed, by establishing conditions, in harmony with international standards, that prescribe the minimum threshold requirements for the lawful processing of personal information.”
It goes on to clarify that “processing” means any operation or activity or any set of operations, whether or not by automatic means, concerning personal information, including (a) the collection, receipt, recording, organisation, collation, storage, updating or modification, retrieval, alteration, consultation or use; (b) dissemination by means of transmission, distribution or making available in any other form; or (c) merging, linking, as well as restriction, degradation, erasure or destruction of information.
The act furthermore addresses call recordings directly under its definition of ‘record,’ which includes among others, this description: “information produced, recorded or stored by means of any tape-recorder, computer equipment, whether hardware or software or both, or other device, and any material subsequently derived from information so produced, recorded or stored.”
POPI is nothing if not thorough, and in order to be compliant, organisations must ensure they adhere strictly to the multitudinous provisions for the proper and legal processing of personal information.
Section 18 is particularly relevant in the call recording context and addresses such criteria as stating clearly to customers the purpose of recording their call. A simple “This call may be recorded for quality purposes” will not suffice if that recording is to be legitimately used for any purpose other than quality control. To add another layer of complexity, that section requires, among many other such requirements, that the customer be advised of their right to object to such processing (recording). This implies that the call centre must have the functionality to allow individuals to opt out of such processing without abandoning the call.
“But wait, there’s more…”
If that weren’t enough to make your head spin, there are moreover additional laws that impact the call centre. Among others, these include the consumer protection, recordkeeping and data security requirements entrenched in the Electronic Communications and Transactions (ECT) Act, the Financial Advisory and Intermediary Services (FAIS) Act, the Financial Intelligence Centre Act (FICA), the Consumer Protection Act (CPA) and the Payment Card Industry Data Security Standard (PCI DSS), demanding significant changes to communications and IT infrastructure, operations, policies and procedures.
Bring in the big guns
Running an efficient and secure call centre that uses the best technologies and delivers on your business needs, while ensuring compliance and being strictly legal has become an increasingly difficult task to accomplish in-house. That’s where we come in. CallCabinet is a leading developer of innovative, flexible and cutting-edge cloud and premise-based call recording solutions. We have extensive experience providing affordable enterprise voice recording and call logging solutions, and solutions that are uniquely suited to South African companies in the context of this new regulatory and business landscape.
CallCabinet will help your business navigate a successful path through the legislative minefield to achieve a call centre that meets your needs and exceeds your expectations.