Telephone Call Recording Laws

Telephone Recording Laws UK

http://complianceandprivacy.com/News-Dechert-Telephone-Monitoring.html

Telephone Monitoring: Dos and Don'ts

An article by Renzo Marchini, Of Dechert LLP

It is widely (and incorrectly!) believed that it is unlawful in the UK in all circumstances to monitor and record telephone calls without drawing this to the attention of the parties to the call. There are in fact broad exceptions which are relevant to many businesses which do allow such activities without obtaining consent.

There are several reasons why businesses may wish to monitor or record telephone use for the purpose of its business. Often the rationale is quality control or even compliance by an employee with certain regulations, but the monitoring may also be useful for ensuring that employees are not calling friends in Australia at the businesses expense or otherwise using the system contrary to your policies. The law must however balance these goals against the need to protect employees as well as external persons from "snooping" and misuse of such data.

There are two principle legal areas of relevance; namely, the law on "interception" of communications stemming from the Regulation of Investigatory Powers Act 2000 ("RIPA") and the Data Protection Act 1998 ("DPA").

Regulation of Investigatory Powers Act 2000

RIPA puts constraints on when a person may make an "interception of a communication in the course of transmission". RIPA is wide in scope and, in particular, "interception" includes a "monitoring or interference" with a private telecommunications system which makes the communication available to someone other than the sender or recipient of the communication. Interestingly, this includes the opening of previously unopened emails, but for the purpose of this article, it includes listening in on and recording telephone calls.

Any interception would be, broadly, unlawful (in fact, criminal) unless the consent of both the sender and recipient is obtained, or alternatively the communication falls within an exception defined in the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000 (the "Regulations"). Under the Regulations, the exceptions that are relevant to most businesses are where monitoring or recording communications are carried out:

• to ascertain compliance with regulatory requirements, practices or procedures;
• to ascertain or demonstrate employee standards;
• for the purpose of preventing or detecting crime;
• for the purpose of detecting unauthorised use of the telecommunications system; or
• to ensure the effective operation of the system.

In addition, monitoring (but not recording) communications may be carried out without consent:

• for the purpose of determining whether they are communications relevant to the business; or
• to monitor communications to confidential anonymous counseling or support helplines.

In addition, in all cases where consent is not obtained, the interception must be of a communication relevant to the business.

This is all pretty wide, but there are two easy traps to fall into.

First, a business must not intercept private communications. Having said that what happens if what you thought was a business communication turns out to be private? It is easy to envisage a personal communication being inadvertently intercepted in the course of a permitted interception. Where this is the case there is no offence where the situation is unavoidable in the context of permitted monitoring. In other words, if in the course of the monitoring (or the playing back of a recording) it becomes apparent that the monitored communication is in fact private, the interception (or playing back) should cease.

Consistent with the situation under the data protection regime, below, an employer must have made all reasonable efforts to inform all employees that an interception of their telecommunications may take place.

Data Protection Act 1998

The recording of phone calls will also be governed by the DPA, as the information recorded will be "personal data" of an employee and (possibly) "personal data" of the external person (as the recording could be used to identify the caller). (Interestingly, merely listening in on calls does not raise a DPA issue, but making notes of what is discussed might.)

As such, the data protection principles set out in Schedule 1 of the DPA must be adhered to. In particular, all processing of personal data must be "fair". The one difficult issue here (which is why you often hear notices in relation to recorded calls) is that to be "fair" the following information must be provided to the individual, "so far as is practicable":

• information regarding the identity of the "data controller" (broadly, the party 'processing' the data) and the purpose for which the information is being processed.
• further information as is necessary, having regard to the specific circumstances in which data is processed, to enable the processing to be "fair".

Both the requirement that information only be provided "so far as is practicable" and the vague requirement to provide information which is "necessary" to be "fair" require an exercise of judgment and explains why some people do provide notices of recordings of calls.

Employees

The analysis above applies to employees as well as external persons, but for data applicable to employees in particular, the Information Commissioner has published a detailed Employment Practices Data Protection Code ("Code") which covers, amongst other things recording and monitoring of employee calls. Although the Code is not strictly binding, the Information Commissioner has been clear that enforcement of the Code will be based on breach of the DPA itself.

The Code sets out the core principles for monitoring of employee calls. Three key principles are:

• Proportionality - an employer should be clear as to why the monitoring and recording is required and should determine whether the reason for it is legitimate. Against this reasoning, the employer should consider whether the action is as un-intrusive as possible. Employers should conduct an assessment of the impact of its monitoring in order to ensure the balance is appropriate.
• The Provision of Information to Employees - in order to comply with the first data protection principle, full information about the monitoring or testing should be supplied to the employee. The Code is clear that this should take the form of a written policy document, which should be brought to the attention of the employee.
• Technical / Security Measures - employers are required to safeguard against the unauthorised processing of data.

As often in data protection matters, this can be summarised as: do what you do only for good reason, do no more than is necessary for that reason, and keep data secure!

Summary

• The privacy of private communications should be respected.
• Where a telephone call is monitored and/or recorded according to a purpose specified in the Regulation, there is no need to tell external callers that calls will monitored / recorded. Where such calls are recorded the author suggests it is good practice to bring this to the caller's attention, in order that the data is processed in a manner that is "fair".
• Employees should be informed about the way in which data relating to them, including the monitoring and recording of telephone calls, is dealt with, and the aims of processing such data should be legitimate.
• Written policies on what an employee is and is not allowed to do with provided communications systems are always best practice.

Renzo Marchini
Solicitor
Dechert LLP
+44 (0)20 7184 7563
Renzo.marchini@dechert.com

From Oftel   http://www.ofcom.org.uk/static/archive/oftel/consumer/advice/faqs/prvfaq3.htm

Recording and monitoring telephone calls or e-mails

A general overview of interception, recording and monitoring of communications

The interception, recording and monitoring of telephone calls is governed by a number of different pieces of UK legislation. The requirements of all relevant legislation must be complied with. The main ones are:

It is not possible to provide comprehensive detail of that legislation here. Any person considering interception, recording or monitoring of telephone calls or e-mails is strongly advised to seek his/her own independent legal advice and should not seek to rely on the general information provided below. It should be borne in mind that criminal offences and civil actions may occur when the relevant legislation is not complied with. Accordingly, Oftel accepts no liability for reliance by any person on the following information.

Can I record telephone conversations on my home phone?

Yes. The relevant law, RIPA, does not prohibit individuals from recording their own communications provided that the recording is for their own use. Recording or monitoring are only prohibited where some of the contents of the communication - which can be a phone conversation or an e-mail - are made available to a third party, ie someone who was neither the caller or sender nor the intended recipient of the original communication. For further information see the Home Office website where RIPA is posted.

Do I have to let people know that I intend to record their telephone conversations with me?

No, provided you are not intending to make the contents of the communication available to a third party. If you are you will need the consent of the person you are recording.

Can a business or other organisation record or monitor my phone calls or e-mail correspondence with them?

Yes they can, but only in a limited set of circumstances relevant for that business which have been defined by the LBP Regulations. The main ones are:

• to provide evidence of a business transaction
• to ensure that a business complies with regulatory procedures
• to see that quality standards or targets are being met in the interests of national security
• to prevent or detect crime to investigate the unauthorised use of a telecom system
• to secure the effective operation of the telecom system.

In addition, businesses can monitor, but not record, phone calls or e-mails that have been received to see whether they are relevant to the business (ie open an employee's voicemail or mailbox systems while they are away to see if there are any business communications stored there). For further information see the DTI website where the LBP Regulations are posted.

However any interception of employees' communications must be proportionate and in accordance with Data Protection principles. The Information Commissioner has published a Data Protection Code on "Monitoring at Work" available on its website here. The Code is designed to help employers comply with the legal requirements of Data Protection Act 1988. Any enforcement action would be based on a failure to meet the requirements of the act - however relevant parts of the Code are likely to be cited in connection with any enforcement action relating to the processing of personal information in the employment context. Accordingly this Code of Practice and the Data Protection Act must also be considered by any business before it intercepts employees' communications.

Do businesses have to tell me if they are going to record or monitor my phone calls or e-mails?

No. as long as the recording or monitoring is done for one of the above purposes the only obligation on businesses is to inform their own employees. If businesses want to record for any other purpose, such as market research, they will have to obtain your consent.

From Wikipedia    http://en.wikipedia.org/wiki/Telephone_recording_laws#United_Kingdom

United Kingdom

The Regulation of Investigatory Powers Act 2000 in general prohibits interception of communications by a third party, with exceptions related to government agencies. A recording made by one party to a phone call or e-mail without notifying the other is not prohibited provided that the recording is for their own use; recording without notification is prohibited where some of the contents of the communication—a phone conversation or an e-mail—are made available to a third party. Businesses may record with the knowledge of their employees but without notifying the other party to

• provide evidence of a business transaction
• ensure that a business complies with regulatory procedures
• see that quality standards or targets are being met in the interests of national security
• prevent or detect crime to investigate the unauthorised use of a telecom system
• secure the effective operation of the telecommunications system.

They may monitor without recording phone calls or e-mails that have been received to see whether they are relevant to the business (e.g., to check for business communications addressed to an employee who is away); but such monitoring must be proportionate and in accordance with data protection laws and codes of practice.

Companies that record telephone calls must ensure that their employees can make unrecorded personal calls, if necessary on a telephone on the premises which is not recorded; they may otherwise be in breach of Article 8 of the European Convention on Human Rights.

This summary does not necessarily cover all possible cases. The main legislation which must be complied with is:

• Regulation of Investigatory Powers Act 2000 ("RIPA")^[6]
• Telecommunications (Lawful Business Practice)(Interception of Communications) Regulations 2000 ("LBP Regulations")^[7]
• Data Protection Act 1998
• Telecommunications (Data Protection and Privacy) Regulations 1999^[8]
• Human Rights Act 1998