If you hold any personal information about customers, such as names and addresses, you must comply with the Data Protection Act. You must also ensure you don’t make unsolicited calls, or send unsolicited letters, faxes or emails, to people who have opted out of such approaches, such as by registering with the Telephone Preference Service. You must also not contact individuals by email or text message without their prior consent.
Regulation, compliance and standards
There are many regulations and standards affecting contact centres. They can be split into four groups:
- Legislative requirements
- Data Protection Act 1998
- Privacy and Electronic Communications Regulations 2003
- Telecommunications (Lawful Business Practice) Interception of Communications Regulations 2000
Regulatory enforcement
Compliance with your legal obligations is adjudicated and enforced by Ofcom, the Information Commissioner’s Office
(ICO) and the Financial Services Authority (FSA).
The penalties for non-compliance include fines, sanctions, public censure and reputational damage.
For more information on penalties – including examples of organisations that have been sanctioned – visit the ICO:
ico.org.uk
Industry standards
Provided by professional bodies such as the DMA.
Although these are not law, contact centres are required to comply with them if they are members of the organisation.
Industry bodies monitor compliance with their codes of practice and can impose sanctions if they are not met.
Best practice guidelines and kitemarks such as those contained in this document aim to raise standards and retain
consumer confidence in the medium. They aim to ensure the long-term sustainability of our industry.
- Comply with relevant standards
Contact centres need to decide the standards with which they will comply (in addition to those that are a legal requirement) and put in place quality assurance processes that verify they are being met.
- Obtain verification
Regulatory requirements and industry standards usually require verification to those bodies responsible for them.
A level of transparency is necessary to comply.
- Encourage internal transparency
It is also worth considering transparency internally for management and agents. This will drive standards as objectives are set and improvements are considered by all involved.
Verification
As part of the processes around regulation, compliance and standards, you should include a verification process.
- Assign internal responsibility
Appoint an employee to manage this process and ‘own’ regulation, compliance and standards
verification for your organisation.
The employee appointed to fulfil this task will need to liaise with outside regulatory bodies.
- Appoint compliance officer
Appoint a compliance officer and communicate their responsibilities across your organisation.
Your compliance officer should be an expert in this area and be able to advise your organisation on its future
development as well as the regulation, compliance and standards to which your contact centre must adhere.
- Demonstrate compliance
Use your verification process to monitor and improve the processes that are necessary for compliance.
Keep relevant records to demonstrate compliance.
- Create campaign quality assurance
Ensure that all relevant personnel understand these verification processes.
Create quality assurance procedures and measures to ensure compliance at the start of each campaign.
- Keep records
Keep verification records including:
- Agent and team objectives
- Dialler compliance reports
- Copy of agent script for campaign
- Agent training manual for campaign
- Campaign results
- Campaign execution rules – including dialling times, retry counts, abandoned call
message handling and so on
- ‘Do not call’ (DNC) list management processes
- Data management process
- Details of other front office and back office processes
- Complaints and resolutions
Verifiers
- Use a verifier
Consider using a verifier for certain processes.
The purpose of a verifier is to check data, a call or a transaction on an individual basis to ensure it is correct.
This is a double-checked approach that you should adopt for sensitive sales and regulated products
such as financial services.
This approach minimises product cancellations, poor agent selling techniques and incorrect data.