Privacy Law and Policy Reporter
This is an extract from a paper given at AIC Conferences' 'Call Centres '95' Conference, Sydney, March 1995.
As this conference indicates, call centres have become a popular and cost-effective means of - as the brochure for this conference stated - 'Building profitable relationships with your customers through the telephone.' With the expansion of telecommunications products and the deregulation of the telecommunications industry, it is clear that the use of call centres as a means of building and managing relationships with customers will become increasingly important to all types of organisations. On the one hand, there are the increasingly more common 'inbound' call centres which, by the use of telecommunications services such as those utilising 1800, 13 or 1300 numbers, deal with a range of incoming customer inquiries, complaints, and orders for goods and services. On the other hand, we are seeing an increasing proliferation of 'outbound' call centres which will operate as direct telemarketing organisations. These outbound call centres, combined with the new specialised marketing lists which are now becoming available, will become an increasingly valuable tool for organisations to develop a customer base at a time when the costs of mass-marketing techniques are becoming increasingly expensive.
The difficulty (and lawyers are always good at finding the difficulty) is that call centres offer a multitude of services (even though it may appear to be a simple single service). And due to the multitude of services offered by call centres, there are many legal issues raised by the operation of call centres. Call centres have to operate in a legal environment which encompasses telecommunications law, telephone interception law, privacy law, trade practices and fair trading law and, possibly, the law relating to defamation. There are also others but these are the main areas of law with which a successful call centre operation must comply.
Further, because of the nature of the Australian legal system
(being a Federation of States) this involves complying with both
and various state laws. And in what seems to be true
Australian legal fashion, call centres operating nationally will
to both Commonwealth and state legislation. Therefore,
eight separate pieces of legislation may be relevant
to one legal aspect which, although similar in intent, are just different enough to be annoying and to make compliance both difficult and time consuming.
Nonetheless, the purpose of this article is to bring your attention to some of the legal risks which call centres face in an effort to keep you out of court. It is therefore necessary to look at these areas of law individually to assess the risks and to develop some risk management strategy and compliance procedures for dealing with them.
Call centres conduct business by telephone. Although this is an obvious statement, it has a lot of consequences which are not so obvious. For example, as we will see later, because call centres use the telephone to transact business, that automatically brings call centres within the jurisdiction of the Trade Practices Act (Cth), which does not always apply in other situations. However, the main area relevant to call centres under the telecommunications and telephone interception law, is the use of call monitoring to monitor the performance of customer service representatives.
A large number of organisations undertake monitoring of calls to or from call centres. The purpose of this is to enable the call centre managers to gather information about the way in which the customer service representatives are 'handling' the customer. This is then used as an assessment of the customer service representative's performance as part of the ongoing education and training of the customer service representative. The monitoring can be done by means of 'double jacking' at the point where the customer service representative is sitting or alternatively can be done at another point so that neither the customer nor the customer service representative knows that the monitoring is taking place. In either case, the customer is unaware that monitoring is taking place.
The issue of call monitoring brings into play a Commonwealth Act, the Telecommunications (Interception) Act and one of eight state and territory Acts dealing with listening devices (in NSW, the Act is known as the Listening Devices Act). The way in which a telephonecall is intercepted determines whether the Commonwealth or state legislation applies.
The Telecommunications (Interception) Act prohibits the interception of a telephone call at a point in the telecommunications system. The definition of 'interception' in the Telecommunications (Interception) Act also extends to the recording of a communication in its passage over the telecommunication system by one of the parties to the communication without the other party's knowledge. A telecommunications system is defined to include a line or facility connected to a network which could reach beyond the boundary of the network to include customer equipment. Therefore, listening to and recording of telephone conversations using devices such as a bug within the telephone mouthpiece, a wire attached to the telephone line and an interception device used to intercept car telephone waves fall within 'interception' prohibited under the Telecommunications (Interception) Act. These are not common methods of interception used in recording conversations in call centre situations and the Interception Act probably does not apply in most call centre situations.
However, if an 'interception' is the form of call monitoring taking place in a call centre, there is an exception to the prohibition in the Interception Act which provides that if a person who is lawfully on premises to which a telecommunication service is provided, by means of any apparatus or equipment that is part of that service, listens to or records a communication passing over that telecommunication system then the listening or recording does not, for the purposes of the Act, constitute interception' of the communication.
This exception would apply in most situations where call monitoring occurs in call centres, using the relevant forms of interception.
There is also a general exception to the prohibition of intercepting a telephone call where both parties to the conversation consent to the recording of the communication. In some industries, a 'beep' sounds every five seconds or so - to indicate to both parties to the conversation that it is being recorded. It has not yet been tested whether the hearing of a beep by a party to the conversation means they have given their consent (probably implied) to the recording.
It is interesting to note that some organisations have experienced industrial disquiet at the use of call monitoring of employees, especially where the finding brought to light by the call monitoring had been used to take disciplinary action against those employees. Further, the issue of privacy of information being given over the telecommunications system by the customer needs to be addressed and it would be prudent to ensure that a supervisor who is monitoring a call to or from a call centre does not take down any details which would identify the customer and that a customer should not be contacted by the supervisor as a result of the monitoring, for example, to clarify or correct advice or a callback to the customer to check customer satisfaction.
Ideally, the consent of the staff should be obtained to avoid industrial problems at a later stage.
The NSW Listening Devices Act prohibits anyone from using a listening device to overhear or record a private conversation without the consent of the parties involved. This Act applies where there is no form of telephone 'interception'. The Listening Devices Act is relevant to the more usual call centre recording procedures of 'double jacking'. Other recording devices such as those used externally from the mouthpiece (for example, a dictaphone) would also be addressed by the Listening Devices Act.
The prohibition only applies to private conversations which is one which takes place in circumstances where the participants evince an intention to confine the conversation to themselves. It is difficult to know whether, when a customer is calling a call centre or has received a call from a call centre, that customer has 'evinced an intention' to confine the conversation to the customer and the customer service representative. However, given the sensitive nature of privacy issues generally and especially privacy issues combined with telecommunications, it is likely that there would be a significant public outcry if it was thought that calls to or from a call centre were routinely recorded by call centre management because they were not considered to be private conversations. Most customers would almost certainly feel that the conversation to which they were a party was a 'private' conversation and would be concerned if they thought that the customer service representatives or their supervisors were electronically or acoustically recording details of that conversation.
The prohibition does not apply where all of the principal parties to the conversation consent, expressly or impliedly, to the listening device being used. My earlier discussion in relation to obtaining consent of the customer and the relevant call centre employee is relevant to this defence.
The prohibition also does not apply if a principal party to the conversation consents to the listening device being so used and:
(a) recording of the conversation is reasonably necessary for the protection of the lawful interests of that party; or
(b) the recording of the conversation is not made for the purpose of communicating or publishing the conversation, or a report of the conversation, to persons who are not parties to the conversation.
In some cases the latter exception may apply. However, in many circumstances the conversation is communicated to a manager who is not a party to the conversation. Accordingly, the consent of both parties to the recording of a private conversation should be obtained so that a defence under the Listening Devices Act is available.
Although this area of the law seems to raise more questions than
it answers, the bottom line is that call monitoring is not free
from legal risks, even though it is a valuable tool in educating
and training customer service representatives. What can be said
is that it must be used carefully and that customer service representative
staff should always be informed that call monitoring does
take place from time to time. Consideration should also be given to obtaining the consent of customers to call monitoring and recording, or some other technique so that the customer is made aware of the monitoring or recording.
Privacy, especially in the telecommunications and telemarketing industries, is a 'hot' political and commercial issue at the moment. Many will be aware that following AUSTEL's Privacy inquiry in 1992, the Government formed the Telecommunications Privacy Committee which represents the interests of consumers, users, the telecommunications and telemarketing industries and relevant government agencies in an attempt to deal with some of the privacy issues surrounding telecommunications and telemarketing. There are a number of problems in this area including the following:
New features of telecommunications systems such as calling-number display, which allows the receiver of a call to see the telephone number of the person who is calling, raise new privacy concerns which continue to undergo public debate.
The increasing popularity of EFTPOS payments for the purchase
of goods and services has made the collection of customer lists
easy but also increasingly valuable as retailers
and other organisations are now able to collect lists of people
and categorise them
into particular purchasing categories. For
example, grocery store retailers use their checkout scanning equipment
to not only speed
up the checkout process but also to re-order
stock and keep a very tight control over inventory. However, that
with the use of EFTPOS technology, allows
those retailers to keep detailed information about their customers
and to develop from
that information a categorisation of customers
depending on what they buy over a period of time or at a certain
time of the year.
This allows these stores to identify purchasing
trends and to more accurately order the types of products which
their customer base
wants to buy. However, that information is
becoming increasingly valuable as a marketing tool as it allows
'niche' marketing to specific
customers which, in the long term,
is far more effective
and far more cost efficient than mass-marketing techniques which by comparison can be very scattergun in its approach.
The privacy concern is that by making a purchase at a particular store, a customer, without his or her consent, may find his or her name on a large number of lists which include not only the customer's name but also their purchasing demographic and other categorisations. As AUSTEL identified in its Privacy Report, consumers are often concerned by how they got onto a particular list and how they might be able to get off it.
This information is largely used by outbound call centres to make unsolicited calls to customers. It is largely agreed in the industry that these calls are intrusive on consumers. However, whether there is a privacy issue because of this intrusiveness has been long debated. Consumer interest bodies are, to a large extent, pitted against marketing interests in a battle over who has the rights to use information and what controls should be placed upon that use. It is safe to say though, that the stigma of 'invasion of privacy' is an issue to be considered by outbound call centres when using information gathered by an independent source when the outbound call centre makes an unsolicited call to a consumer.
Unfortunately, although privacy concerns are widespread, there is very little understanding of the scope of the existing privacy legislation. In Australia, privacy concerns are governed by the Commonwealth Privacy Act. However, the scope of the Privacy Act is far more limited than most people may be led to believe. The Privacy Act controls three main areas:
At present, the Privacy Act does not cover the activities of call centres or those organisations who compile and sell customer databases unless those persons are credit providers or credit reporting agencies and the information in the customer database includes consumer credit information about individuals. Looking again at the example of retail grocery stores and information collected by EFTPOS purchases, those stores are not 'credit providers' because they do not allow consumers to purchase goods on credit. The goods are paid for at the time of purchase and are directly debited by the consumer's bank against the consumer's deposit account. However, even if the organisation to which the call centre relates is a 'credit provider', the Act only prohibits disclosure of any information relating to credit information to third parties. It does not deal with outbound calls from a call centre such as direct telemarketing.
Although certain groups such as the Privacy Commissioner's Office and some consumer interest groups are pressing for tighter controls on the collection and use of this type of information, the call centres are largely unregulated in relation to privacy issues. The Telecommunications Privacy Committee has been established to form and oversee guidelines and codes of practice to address privacy concerns which arise in relation to issues such as unsolicited communications and the compilation of marketing lists and information. The only call centres which are strictly regulated are call centres of the telecommunications carriers: Telecom, Optus and Vodafone. There is a section in the Telecommunications Act (s 88) which prohibits the employees of a telecommunications carrier from disclosing the affairs and personal particulars of customers of the carrier. However, this section does not apply to call centres in other industries.
Therefore, the use of the phrase 'invasion of privacy' underlines the misconceptions which the general community has about the nature and scope of privacy legislation in Australia. Privacy concerns of the general community are not generally addressed in legislation. This is not to suggest that the voluntary nature of privacy regulation of call centres means that those who are managing and using call centres should be complacent about the use they make of customer information. There is a push in the community generally for tighter controls to be imposed on the use of customer databases and on telemarketing activities. Any restriction on the use of customer information databases and on the regulation of telemarketing activities will have a profound effect on the effectiveness of call centres. It is therefore advisable that the call centres which you operate abide by the spirit of privacy principles and guidelines even though they may not be bound by the strict letter of privacy law. In other words, self-regulation of the telemarketing industry must be seen to be effective in the general community or there will be irresistible political pressure for there to be direct government regulation.
Angus Henderson, Solicitor, Gilbert and Tobin, Lawyers, Sydney.
The rest of this paper concerned other aspects of the legal liability of call centres, particularly fair trading and trade practices aspects.