Scaling SMEs: Compliance and Colorado Phone Recording Laws

This is the fourth entry in the series concerning the concept of scaling a small or medium sized enterprise (SME) to optimise efficiency, support business growth and aid competitiveness. In this entry, our focus is on compliance.

Step 4: International Commercialization/Complying with Local Regulations

Blended with the theme and purpose of this entry of Up4Scale, Companies should bear in mind in their journey to scale that some states and countries have local phone recording laws which govern certain aspects of their customer engagement strategy. Customers interact with enterprises and their employees on a regular basis. Many of these interactions are considered “business communications” and by extension are in scope for local phone recording laws. It is also important to note that in most states in America you need consent from only one-party to the phone call to record the call, however, in certain states, such as Colorado, two-party consent is required.

Different states have different requirements, which can be quite complex and confusing. Outlined are some examples of how potentially time consuming matters relating to this area of regulation can be for SMEs which devote their limited human and technological resources to ensuring compliance.

Firstly, comprehensive compliance with Colorado phone recording laws requires two-party consent. SMEs should seek informed consent from anyone who calls in and may be recorded. This consent obligation may not be practicably feasible for all types of businesses, especially for those which require 24/7 support. If informed consent cannot be obtained from the caller, contact will need to be managed to avoid related consequences.

Secondly, in terms of administrative procedures, businesses which record customer or client communications must ensure that they have appropriate policies and procedures to monitor those calls. This may require physical environments to be observed where those conversations take place. Call monitoring requires management by an individual or department (e.g. compliance, at least in part). The person conducting this role needs to be independent and impartial, and therefore may require hiring a third-party to fulfil this area of the business function. For example:

Thirdly, for all purposes, it is advisable for SMEs to ensure any technology software used on phone lines and other call surfaces have robust data protection measures built into their architecture. American and European guidelines relating to data protection set out clear guidance regarding the obligation to adequately secure information. Informational privacy is guaranteed by both the United States Constitution and the European Right to Respect for Private and Family Life. The penalties for non-compliance can be severe and for SMEs it could mean having to dedicate budgets to compliance with regulations and the potential to accrue fines in the event of a breach.

Moreover, these principles serve as a useful starting point for the deployment of software and technology in relation to customer engagement. SMEs outsourcing the management of communications may also want to ensure that the vendor has an established and open policy with respect to Colorado Phone Recording Laws and other relevant legislation.