Call Recording Law in the UK 2018 edition

Tuesday 6th November 2018

We have compiled a detailed summary of where the law currently stands in relation to call recording in general. There are a number of laws which require certain obligations to have been met before telephone calls can lawfully be monitored. We have covered the main ones to assist you to understand requirements and expectations.
Our conclusions, as to the steps which you should take before monitoring telephone calls, are set out after this summary:

• Investigatory Powers Act 2016 (supersedes the Regulation of Investigatory Powers Act 2000 ("RIPA"))
• Telecommunications (Lawful Business Practice)(Interception of Communications) Regulations 2000 ("LBP Regulations")
• The Data Protection Act 2018
• General Data Protection Regulations "GDPR"
• The Employment practices, Data protection code
• Human Rights Act 1998 ("HRA")
• Section 48 of the Wireless Telegraphy Act 2006 (offence of interception or disclosure of messages) ("WTA")
• Sections 1 to 3A of the Computer Misuse Act 1990 (computer misuse offences) ("CMA")

Beyond general legislation the financial industry has specific regulations:
Markets in Financial Instruments Directive ("MiFID")
and if you are receiving payments by credit card further regulations apply
PCI Data Security Standard ("PCI DSS")

The following telecommunication related regulations do not seem to be concerned with call recording per se:
The Telecommunications (Data Protection and Privacy) (Direct Marketing) Regulations 1999

Common Questions and Answers *

Can I record telephone conversations on my home phone?

Yes. The relevant law, RIPA, does not prohibit individuals from recording their own communications provided that the recording is for their own use. Recording or monitoring are only prohibited where some of the contents of the communication - which can be a phone conversation or an e-mail - are made available to a third party, i.e. someone who was neither the caller or sender nor the intended recipient of the original communication.

Do I have to let people know that I intend to record their telephone conversations with me?
No, provided you are not intending to make the contents of the communication available to a third party. If you are you will need the consent of the person you are recording.

Can a business or other organisation record or monitor my phone calls or e-mail correspondence with them?
Yes they can, but only in a limited set of circumstances relevant for that business which have been defined by the LBP Regulations. The main ones are:
• to provide evidence of a business transaction
• to ensure that a business complies with regulatory procedures
• to see that quality standards or targets are being met in the interests of national security
• to prevent or detect crime to investigate the unauthorised use of a telecom system
• to secure the effective operation of the telecom system.
In addition, businesses can monitor, but not record, phone calls or e-mails that have been received to see whether they are relevant to the business (ie open an employee's voicemail or mailbox systems while they are away to see if there are any business communications stored there.
However any interception of employees' communications must be proportionate and in accordance with Data Protection principles.. The Code is designed to help employers comply with the legal requirements of Data Protection Act 1988. Any enforcement action would be based on a failure to meet the requirements of the act - however relevant parts of the Code are likely to be cited in connection with any enforcement action relating to the processing of personal information in the employment context. Accordingly this Code of Practice and the Data Protection Act must also be considered by any business before it intercepts employees' communications.

Do businesses have to tell me if they are going to record or monitor my phone calls or e-mails?
No. as long as the recording or monitoring is done for one of the above purposes the only obligation on businesses is to inform their own employees. If businesses want to record for any other purpose, such as market research, or share the contents with a third party, they will have to obtain your consent.

What do I do if my calls have been recorded unlawfully?
Under RIPA it is a tort to record or monitor a communication unlawfully. This means that if you think you have suffered from unlawful interception of your phone calls or e-mails you have the right to seek redress by taking civil action against the offender in the courts.

* Source OFCOM.org.uk

Conclusions

A common theme through the above pieces of law is the requirement to inform all parties to a monitored/recorded call in advance that their conversation will be recorded. This requirement applies in respect of an organisation’s staff, just as much as it does in respect of its customers.
It enables you to record calls, but the obligation to inform customers that the calls are being recorded is not overridden.
The Regulations require that all reasonable efforts to inform participants to a call be made. our advice is that mentioning the fact that your calls will be monitored / recorded in customer documentation or adverts is the absolute minimum step which you should take to comply with the Regulations' prior information requirement. Ideally at the beginning of a monitored/recorded call customers should also be:

• informed that recording will be taking place (as required by the Regulations and the DPA) ;
• informed of the purpose of the recording/how it will be used, e.g. for training and monitoring purposes (as required by the Regulations and the DPA); and
• asked to consent to this (as required by the DPA.)

The requirement to obtain consent should always be observed where sensitive data (as defined by the DPA) is obtained from the individual concerned.

Where recording/monitoring takes place in the course of business (as opposed to detect a crime) staff should be notified which phone lines/types of calls will be monitored and should be asked to consent to this happening.
Some companies incorporate this information into their Staff Handbook and associated documentation.

The recommendation is to try and make your operational processes as transparent as possible around the recording of calls and inform all people as openly and honestly as possible and ensure that you have processes in place that can deal with requests for data to be removed and erased, but only after compliance checks have been conducted to ensure that this is feasible and in line with your Data Protection policies.

For a copy of our whitepaper on Call Recording Law in the UK 2018 edition, please use the Contact Us Form on our website, or email us at info@computertel.co.uk

All information supplied by ComputerTel Limited (CTL) is for information purposes only and without liability and in no event shall CTL be held liable for any consequential special incidental direct or indirect damages arising out of the use that you the reader, your company or any third party makes of the information supplied. Further CTL shall not in any event be held liable for any claims whether in contract tort or howsoever arising resulting from or in connection with your use or otherwise of the information supplied.

Feel Free To Contact Us

To request a demonstration or to find out more information, please complete the information below with any questions and a ComputerTel representative will contact you.