Sensitive Personal Data

Sensitive personal data is a category of personal data that needs special handling. The definition of what qualifies as sensitive personal data may differ for different legal areas or industries. Sensitive data may, for example, be information on racial or ethnic origin, political opinions, or bank and credit accounts. Sinch Contact Pro is not designed to store and process sensitive personal data.

This applies specifically for the following capabilities:

  • Directory fields. Do not use directory fields for collecting or storing any sensitive personal data.
  • Scripts. Do not use scripts for collecting any sensitive personal data.
  • IVR. Do not use IVR for collecting any sensitive personal data.
  • Outbound campaigns. Do not store or collect any sensitive personal data in outbound call list fields.
  • Call recordings: Do not use or implement call recording if the calls in your line of business include sensitive topics unless there is a legal obligation to do that.
  • Internal notes: Do not store or collect any sensitive personal data in internal notes.

Call Recordings

Call recordings need to be treated in a special way because of their sensitive nature. The system provides logging of listening of call recordings. A user with rights to listen to a specific call recording leaves a log trace of the event, and additionally can provide an explanation for the listening. This is activated in System Configurator > User and Role Management > User Settings Template > Recording > Log Recording Listening. Listening logs are saved in the Configuration database CallRecordingListenLog table, and agents are able to see their own logs in CDT. With the Listen to Recording rights it is possible to view all listening logs via Restful Contact Management (CMI) integration interface. Listen to Recording is also needed in Communication Panel to listen recordings and view listening logs. The logs can be removed with SQL tools only.

Customer Consent for Call Recordings

Sinch Contact Pro can be configured so that call recording is done only if a caller has given his consent for that. For emergency or other legal or business cases, it is possible for agents to override this configuration and record a call without customer consent. These occasions can be audit logged. For more information about customer consents, see Customer Consent for Saving Personal Data.