The database solution assures the integrity of stored data and provides full traceability for database operations. A web user must acquire a login to the web interface and may interact with the database only via:
The actual query (type of query and search parameters) will be logged in the database together with the specific session ID that refers to an individual web user’s account.
Database audit capabilities will be enabled for all database operations performed by the database administrator.
Recorded calls are transferred from Touch Call Recorder to the recording facility using VPN, SFTP and HTTPS . All customer interaction with the recording service web interface is secured via HTTPS. A two-stage process ensures secure login.
Touch Call Recording Service supports the General Data Protection Regulation (GDPR) and UK Data Protection Act 1998. GDPR comes into effect on 25th May 2018 and replaces the current Data Protection Directive 95/46/EC.
GDPR was designed to harmonise data privacy laws across Europe and give EU citizens more control over their personal data. It will reshape the way organisations across the region approach data privacy, by insisting on greater transparency in the way in which organisations process data.
We also track other current and future legislation to ensure that we continue to enhance our service to support new regulations.
The ‘Access-right user’ (described below) is an example of functionality developed to comply with the new data act. The purpose of Personal Data Acts is to protect persons from violation of their right to privacy through the processing of personal data.
The Acts help to ensure that personal data are processed in accordance with fundamental respect for the right to privacy. This includes the need to protect personal integrity and an individual’s private life, and also to ensure that personal data are of adequate quality to meet legislative requirements.
We have created a streaming solution to help our customers fulfil their legal obligations without actually giving end-customers permanent access to the data files. Creating an Access-right user in the system enables temporary access, when it may be required.
The Access-right user is typically a customer who has requested access to his or her recordings. The Company Administrator grants temporary access to selected recordings. When the recordings are made available, an SMS is sent to the Accessright user who then can access the recordings via a web interface. All use is logged.
The solution complies with FCA regulations.