Is your call center organization fully compliant with the laws governing personal information, do-not-call lists and call abandon regulations? Chances are that it is, unless you’re keen to rack up tens of thousands of dollars in fees from the federal and state governments.
But if you’re thinking of broadening business into Europe, it’s important to understand that the EU has its own entirely different set of rules and regulations, particularly when it comes to governing personal customer information. Beyond that, the member nations of the European Union often have their own customized rules when it comes to customer privacy and security. In other words: one size does not fit all in the EU, and organizations operating contact centers must ensure they are following the rules of all the nations they operate in.
In Portugal, the rules are focused around keeping customer information private and call center operations transparent. Here are some general rules, outlined in a recent article authored by Portugal-based business attorneys Mónica Oliveira Costa and Beatriz Oliveira.
The call center service must have the necessary human and technical means in order to be able to fulfill its tasks.
Access to the service or information cannot be conditioned by prior supply of personal data that is not strictly necessary to handle the request. Nevertheless, the confidentiality of the data must be ensured and should only be accessed by authorized users.
The call center should work within a pre-established schedule during the day with personalized answering. Automated solutions should only be used outside of this pre-establish schedule.
Finally, the telephone number and the operating schedule should appear clearly visible in all commercial communications, including labeling of products, correspondence, websites, advertising, etc.
Call centers may make calls only between 9 a.m. and 10 p.m., and may not transfer calls if it involves charges for the customer. They must be answered in incoming call order (i.e., no fast-tracking of platinum customers), and calls must be answered within 60 seconds or offered a callback, which must take place within two working days. An interactive voice response (IVR) may not offer more than five initial choices, and one of them must be connection to a live agent. Agents must immediately identify themselves and their organization. Finally, the recording of calls is prohibited except under a narrow set of exceptions.
It’s also important to understand that, while fines are rare in the U.S., even for companies that break the rules, this is not necessarily the case in EU nations, where protection of consumer information is pursued strongly, and new data privacy laws are more stringent than any in the U.S.