I have been looking into this extensively. Here is my opinion in
relation to MOST organisations...
I agree that even though recording is lawful under other legislation
this does not automatically make it comply with the DPA.
Call recording disclaimers on literature and websites are all very well
if all you're collecting is personal data.
However, it is a potential breach of the DPA to process sensitive
personal data without a suitable Sch 3 condition. EXPLICIT consent (for
whatever the purpose is) is the easiest condition to meet as you don't
then need to try and make the condition fit your purpose after the data
has been collected. Each scenario is likely to be different in some way
so it would be difficult to apply another condition across the board
(which is dangerous in its own way).
If it is possible that you might collect sensitive personal data but
aren't sure when it will be collected (which is highly likely in my
experience), surely you should obtain explicit consent as a matter of
course? Continuing the call after being informed of recording should be
seen as such consent. This also fits in with being transparent.
A robust disclaimer at the outset protects the work you are doing,
individual rights and reduces the likelihood of problems further down
the line when a particular scenario doesn't quite fit the mould.
A recorded message is standard practise for incoming calls, but what
about outbound calls? My view is that if you can't solve this with
technology, the member of staff making the call should inform the person
they are calling. I have experienced this from certain 'big companies'
when receiving a call and think it is fairly standard practice now.
I would rather be safe than sorry...maybe some people here have more of
an appetite for risk than others.
In terms of technology and practicality, it is not always as easy as
pausing or switching recording on or off. There are additional problems
with this anyway (eg if someone forgets to turn it back on). If it is
organisational policy to record calls the technical limitations of the
system and practicalities of ensuring legal compliance all need to be
considered. These conditions are likely to be different between
different data controllers.
The simple solution is...DON'T RECORD CALLS!
Kevin Tarleton
Information Policy Advisor
General Medical Council
Tel: 0161 923 6305
Email: [log in to unmask]
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Baines, Jonathan
Sent: 24 November 2011 09:47
To: [log in to unmask]
Subject: Re: [data-protection] Call Recording in a call centre
This is A VERY GOOD QUESTION...
Simply because an interception is lawful under RIPA and/or the Lawful
Business Practice Regs does not necessarily mean that it is fair/lawful
under DPA. I think in order to establish whether a Schedule 3 condition
can be met the question needs to be turned back to you - for what
purposes do you record conversations? and, in what circumstances is
sensitive personal data discussed (and recorded)?
Jonathan Baines
Legal and Democratic Services
Buckinghamshire County Council
01296 383681
-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Marilyn Barton
Sent: Wednesday 23 November 2011 23:23
To: [log in to unmask]
Subject: [data-protection] Call Recording in a call centre
We are a housing association, recording all calls to and from our call
centre for lawful business purposes.
I know that it is not necessary to advise callers during the course of
the call that the call is being recorded, so long as we have made
reasonable effort to inform potential callers that this is our practice.
We don't have a recorded message advising callers that their call may be
recorded, but we have taken actions to make our customers aware that
recording may take place via letter headings, publications and our web
site. In surveys we have been praised because, rather than having to go
through an automated process to reach an operator, calls are answered
directly by an advisor, so we would like to avoid a recorded message if
we can.
Our dilemma is whether this is adequate when discussing sensitive
personal information, as defined in the DPA and whether we are meeting
the conditions in Schedule 3 of the Act. Should we be requesting
explicit consent to record calls if sensitive personal information is
being discussed?
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask] All user
commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list
owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your
needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Buckinghamshire County Council
Visit our Web Site : http://www.buckscc.gov.uk
Buckinghamshire County Council Email Disclaimer
This Email, and any attachments, may contain Protected or Restricted
information and is intended solely for the individual to whom it is
addressed. It may contain sensitive or protectively marked material and
should be handled accordingly. If this Email has been misdirected,
please notify the author or [log in to unmask] immediately. If
you are not the intended recipient you must not disclose, distribute,
copy, print or rely on any of the information contained in it or
attached, and all copies must be deleted immediately. Whilst we take
reasonable steps to try to identify any software viruses, any
attachments to this Email may nevertheless contain viruses which our
anti-virus software has failed to identify. You should therefore carry
out your own anti-virus checks before opening any documents.
Buckinghamshire County Council will not accept any liability for damage
caused by computer viruses emanating from any attachment or other
document supplied with this email.
All GCSx traffic may be subject to recording and / or monitoring in
accordance with relevant legislation.
The views expressed in this email are not necessarily those of
Buckinghamshire County Council unless explicitly stated.
This footnote also confirms that this email has been swept for content
and for the presence of computer viruses.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at
http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list
owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your
needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Unless otherwise expressly agreed by the sender of this email, this communication may contain privileged or confidential information which is exempt from disclosure under UK law. This email and its attachments may not be used or disclosed except for the purpose for which it has been sent.
If you are not the addressee or have received this email in error, please do not read, print, re-transmit, store or act in reliance on it or any attachments. Instead, please email the sender and then immediately delete it.
General Medical Council
3 Hardman Street, Manchester, M3 3AW
Regents Place, 350 Euston Road, London, NW1 3JN
The Tun, 4 Jacksons Entry, Holyrood Road, Edinburgh, EH8 8AE
Regus House, Falcon Drive, Cardiff Bay, CF10 4RU
9th Floor, Bedford House, 16-22 Bedford Street, Belfast, BT2 7FD
The GMC is a charity registered in England and Wales (1089278) and Scotland (SC037750)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|