No Image Available

googletag.cmd.push(function() { googletag.display(‘div-gpt-ad-1705321608055-0’); });

Call recording and data protection


Hi All,

I am looking for some help. We have a small call centre of around 40 staff and we are going to start call recording. However around 50% of our calls the agents need to take credit card payments / bank details or the converstaions are of a sensitive nature.

Data protection states that we can not store or record people giving bank details / credit card detials...I am sure we are not the only business that has these problmes so how do you overcome this problem?

I would welcome your suggestions and help!

Thanks Sarah

4 Responses

  1. Just from memory

    Hi Sarah,

    Please don’t take this as being correct as it is purely from memory and you will need to double check it.

    I spent a number of years working in contact centres where recording calls that included taking customers payment details was common practice and this is as much as I can remember.

    If the business takes customers card details then these will be stored somewhere anyway.  If that is the case then the business will already have this logged with the Information Commissioners Office that this is a certain detail that is held about customers.

    As far as I’m aware, if the call is recorded then this is classed as the same as long as the other measures are taken to protect the information as if it were stored in text.  So, for example the information must be kept secure.  Most call recording facilites encrypt the recording and people need a log into access the system.  If you are recording them onto old fashioned tapes to play back I’m not sure this will stand.

    Of course the other rules that lets the customer know that their calls might be recorded will need to be in place.

    I would take a look at your organisations Data Protection Policy that people sign up to and ensure there something in there about logins to call recordings ets to ensure you are covered from that angle to.

    Like I said, this is all from memory and would seek some advice from the ICO and also check that recording calls with card details is also PCI compliant.

    Hope this helps.


    — Managing Director Revolution Learning and Development Ltd

  2. Xfloretta

    I am a Training Manager in a call centre and we take card payment over the phone.

    We have a call recording pause facility that the agent operates when taking the card details to ensure that we dont capture them on the call recording.


    Hope this helps

  3. Thank-you

    Thanks so much for answering my question. David I am going to look into that as I am keen to find out more. Xfloretta that is certainly something that I think we could do.

    Thanks again



  4. Data Protection

    Hi Sarah

    I am a training consultant who deals with DPA quite a lot and also used to practise as a lawyer in this area. There is nothing in the Data Protection Act that actually prevents you from doing what you are planning but there are a few things you need to bear in mind:

    (i) Employees

    You will need to make sure your employees are fully aware that their calls will be recorded and presumably monitored as well. In particular you need to explain why you are doing this and let them now how it will be done. More detail on what you should be doing is available from the Information Commissioner’s Website at

    On there you will find that he has an ‘Employment Code of Practice’ and section 3 deals explicitly with monitoring of employees in a number of circumstances. This has some useful suggestions about how to spell this out to your employees.

    There are other helpful rules set out in the ‘Lawful Business Practice Regulations’ which again allow you to monitor and record employees’ conversations for ‘legitimate business uses’ including having a record of the contract, monitoring staff performance and compliance and also the prevention and detection of crime.

    All in all as long as you are clear and up front about it then you should be fine.


    (ii) Customers

    The main issue here is that you will need to advise customers that you are recording the conversation at the start. This can be done by having a recorded message which says this or alternatively your advisor could tell the customer at the start that the call is recorded and ask if they wish to continue.

    You also need to consider how long you retain the recordings for. There is no hard and fast rule about this with the suggestion being it is ‘as long as necessary’. I don’t know what products you sell but I would think that you would retain details for the life of your relationship with the customer and some time afterwards in case of queries, refunds etc.

    Finally you need to think about security. Bank details are not actually ‘sensitive personal data’ as such but you still need to be careful in terms of access by employees. I assume that you already have some controls in place on your system about access and you would just need to make sure these are extended to however you will store this information.

    Of course some training would also be a good idea and I would be happy to help. If you want any further assistance then feel free to e-mail me on

    Best wishes

    Keith Markham

No Image Available

Get the latest from TrainingZone.

Elevate your L&D expertise by subscribing to TrainingZone’s newsletter! Get curated insights, premium reports, and event updates from industry leaders.


Thank you!