The full force of new legislation relating to consumer rights, electronic communications and data protection which takes hold this year poses a major challenge for SMEs who will have to comply with its onerous requirements, Matthew Balcomb, CEO of Call Cabinet Southern Africa.
In terms of the Electronic Communications and Transactions (ECT) Act, the Financial Advisory and Intermediary Services (FAIS) Act, the Financial Intelligence Centre Act (FICA) and the Consumer Protection Act (CPA), all businesses, including SMEs, will have to record, store and be able to retrieve all customer conversations.
Combine this with the requirements of the recently promulgated Protection of Personal Information (POPI) Act and the Payment Card Industry Data Security Standard (PCI DSS), and it’s clear that all this legislation demands significant changes to communications and IT infrastructure, operations, policies and procedures.
For most SMEs, the cost of sophisticated voice recording and logging solutions could be way beyond their budget, while less expensive options may not be compliant.
The solution is to implement cost-effective, fully compliant Cloud-based solutions that are designed to meet the needs of smaller organisations.
However, before opting for a call recording solution – regardless of whether it is an on-site or Cloud-based solution – SME’s must ensure that it is fully compliant.
* It must enable the SME to keep accurate and full records of all transactions and customer interactions and to record and store verbal and written communications in an appropriate format for up to 10 years.
* The data recorded must be securely encrypted, not only to comply with the legislative requirements for data security and protection, but also to provide tamper-proof records that are legally tenderable evidence if required by a court of law.
* It must be able to offer different levels of security access, for example to restrict access to records containing credit card details to authorised personnel only.
* It must ensure that all records remain easily accessible for inspection – which means retrievable within seven days – and be readily reducible to written or printed form.
* It must be absolutely reliable to ensure that every call is recorded all the time, every time.