All articles

Contact Center Compliance Rules and Guidelines

Call centers must follow the rules and regulations instituted by law. Failing to adhere to these can be detrimental to the business. Below, we tackle the most important contact center compliance rules and how we can help you comply with them.

1. Telephone Consumer Protection Act (TCPA)

TCPA is a compliance act signed into law in 1991 that amended the Communications Act of 1934. It aims to restrict telemarketing and automated phone messaging equipment. 

Some of the key regulations include:

  • Telemarketers cannot use robocalls to contact wireless phones or messages without previous consent from customers
  • For any reason, consent can be revoked at customers' request
  • Callers are prohibited from using previous consent to reassigned phone numbers  
  • Callers retain consent when the same person using the same number changes from a landline to a mobile device

Basic contact center compliance requirements:

  • For five years, you must follow the Do-Not-Call registry
  • Agents must reveal who they are as well as who they are representing
  • Pre-recorded calls and AI telemarketers are prohibited

We have all been there before — a call comes through at the worst possible time, and we pick up the phone only to realize it is a spam call. Annoyed, we hang up the phone and block the number. The next day, another spam call comes through. Over time, we stop picking up the phone for all unidentified caller IDs. And worst—one day we miss an important call because it was an unidentified number.

Hiya Connect helps tackle this problem through Branded Caller ID and reputation monitoring. The system is designed to show caller ID to users, give a snippet of the reason for the call, and help you become more personal with the customer.

2. Payment Card Industry Data Security Standard (PCI DSS) 

PCI DSS is a set of requirements intended to ensure that all companies that process, store, or transmit credit card information maintain a secure environment for that data. When a call center records customer calls, it runs a high risk of storing sensitive information. To prohibit this from happening, call centers use an applicable programming interface (API) that stops the recording when the agent enters the credit card information and resumes the recording when they are finished. This is important for a variety of call centers, but particularly for collections.

Customers rely on the security of the call center to maintain their sensitive information. Building this trust with customers and complying with PCI DSS requirements can be accomplished with Hiya Connect's secure call system. The system uses authenticated calls that strip identity and terminate unverified calls before they can be completed.

3. Consent Before Recording a Conversation

Call centers must be aware of their state’s laws about obtaining consent before initiating conversation with customers. Most states in America require consent from both parties before engaging in communication. If a customer refuses to be recorded, call centers are required to provide an opt-out option for them. 

4. Unique ID Tracking for All Agents

Under the PCI DSS, all agents must be assigned a unique ID. The purpose of the ID is to quickly identify the agent in cases of leak, stealth, or tampering of information. Companies should always use 2-factor authentication when allowing employees to work remotely. 

5. Annual Training for All Employees

Since policies and procedures are regularly updated, agents need annual training to refresh their knowledge about the changes. This training should center around regulations issued by HIPPA, TCPA, PCI DSS, and other industry-specific organizations. Annual training will help companies stay out of trouble and ensure customer safety.

6. No Threatening Customers to Pay Their Bills

In section 806 of the Fair Debt Collection Practices Act (FDCPA), it states:

“A debt collector may not engage in any conduct the natural consequence of which is to harass, oppress, or abuse any person in connection with the collection of debt.”

If a company is dealing with debt collection, they must ensure their agents have the proper training to deal with non-paying customers. No circumstances allow an agent to use violent or unethical behavior when engaging with callers.

7. Call Centers Cannot Share Customer Health Information

The Healthcare Insurance Portability and Accountability Act (HIPAA) was enacted to protect the privacy and security of patients' health information. Things like:

  • Social Security numbers
  • IP addresses
  • Account numbers 
  • Personal photographic identification or images
  • And more

How Hiya Connect Can Help

Hiya Connect allows outbound call centers to use Branded Caller ID to help build trust and improve answer rates. Along with branded calls, Hiya’s Voice Performance Platform gives companies secure calls with reputation monitoring and management. This enables businesses to:

  • Monitor how often numbers have been blocked or reported
  • Track reputation health
  • Dispute spam labels

Many of the regulations focus on contact center compliance with regular agent training and management. Hiya Connect provides call analytics and insights that help businesses track call attempts, call durations, answer rates, data trending, and more. These insights are beneficial to improve call performance.

Is your call center compliant with regulations but still getting flagged as spam? Download our Stop Spamming and Start Talking eBook for eight tips to bypass spam filters and get your business calls answered.

Download Stop Spamming eBook


Author Alicia Marie Beatty

Content Marketing Manager at Hiya