Addressing the Risk Associated with Legacy Call Recordings

It is somewhat ironic that having recorded calls for many years for regulatory compliance, you now face a very real risk that these legacy recordings are non-compliant.

Over recent years legislation regarding the capture, retention and processing of personal information has been significantly tightened. PCI DSS, the Privacy Act in Australia, GDPR in Europe and the recent Privacy Bill in New Zealand all impose restrictions on what information can and cannot be retained and place greater responsibility on organisations to ensure they secure this information.

This has an impact on contact centres, trading floors and the public sector all of which have been recording and retaining calls for many years. If this is you, then you probably have multiple legacy recording platforms that you are maintaining, each of which holds many thousands of hours of voice recordings across millions of individual conversations, in various formats, and are unlikely to be as secure as they should be.

Personal Information & Toxic Data
Contained within these legacy call recordings is personal information about customers you need to secure, payment card details you should not be retaining under PCI DSS and potentially toxic data about customers you no longer have any legitimate right to be retaining information on.

What is more, in most countries, citizens have the right to serve a subject access request on companies and these companies are mandated to declare all the information they are holding on that customer including retained call recordings. For most organisations, this poses a significant challenge with no real way of identifying all recordings pertaining to a particular customer let alone having the ability to execute on any ‘rights to be forgotten.’

The First Step is Consolidation
Robot Process Automation now makes it possible to extract calls out of legacy and proprietary recording platforms and ingest these into a single consolidated platform. This automation not only enables the physical recording to be ingested, but also all related metadata to be preserved and used to tag the calls in the consolidated platform.

Consolidating recordings into a single platform delivers some key benefits. First, it enables you to retire all of the legacy platforms that you currently have to maintain, reducing both recurring costs and management burden. Second, it enables you to apply the latest compression technology to ensure you significantly reduce the storage capacity required and third, you are able to ensure that all call recordings are encrypted to improve security.

Enriching Tagging & Remediation
With the advancement of speech analytics technology, a number of steps can be taken to enrich the tagging of your recordings and to take remedial steps to ensure compliance.

By applying speech analytics across your legacy call recordings you are able to fill the gaps in terms of metadata, extracting from the call key information about the customer and the transaction and using this to tag the call to simplify future search.

This process also enables you to take remedial action such as identifying and redacting personal information held within call recordings that you should not be retaining. A good example of this is blanking out payment card details to ensure compliance with PCI DSS.

It is also possible to remediate toxic data during this process, identifying recordings associated to customers for whom you should no longer be retaining data and ensuring this is securely removed.

Single Pane of Glass
Consolidating all of your legacy recordings into a unified platform creates a single pane of glass onto your call recordings and provides a comprehensive yet simple method to search and replay any recording. You now have one platform that you are required to secure and can more effectively control access to reduce information security risks.

The ability to search all of your legacy recordings in a single repository enables you to meet your obligations quickly and easily under subject access requests as well as provides you with the capability, where appropriate, to securely remove recordings under the right to be forgotten.

The net result is that you reduce the risk to the business of potential non-compliance of your historic call recording while at the same time reducing the cost, management overhead and security challenges of maintaining multiple legacy platforms.

To help organisations who face these challenges of securing and ensuring compliance with legacy call recordings, we have created a Best Practice Guide. I am sure you will find this useful. However, if you have any specific questions, please do not hesitate to reach out to me or the team. Contact Us.

Written by Chris Berry, Managing Director, Liquid Voice.