Legality of recording conversations, UK law on phone recording.

Nederland

Tel: 072-5 345 004 Fax: 072-5 345 001


Home Startpagina Site Overzicht Nieuws Zoeken Producten Overzicht Per toestel op recorder Overzicht Retell 121 - Instapmodel (ook voor GSM en DECT) Retell 703N - Recorder met 650 connector Edirol R09ADV - Digitale MP3 recorder met 650 connector Per toestel op PC Overzicht 957 Lite - Set met 157 connector en Lite software 957 Pro - Set met 157 connector en software 957 Adv - Set met 650 connector en software 957 Linc - Integreer ReTell software met uw applicatie Rechtstreeks van netlijn Overzicht EyeSDN USB A2 - Voor 1 of 2 analoge netlijnen EyeSDN USB S0 - Voor 1 ISDN-2 netlijn EyeSDN USB 4S - Voor 1-4 ISDN-2 netlijnen EyeSDN USB 4Sbox - Voor 1-4 ISDN-2 netlijnen EyeSDN USB E1 - Voor 1 ISDN-30 netlijn Telefoontraining koffers Overzicht Koffer met standaard recorder Retell Koffer met digitale MP3 recorder Edirol Recorders Overzicht Retell standaard cassetterecorder Retell micro cassetterecorder Roland Edirol MP3 recorder Connectoren Overzicht 145 - rechtstreeks op toestelaansluiting naar recorder 156 - hoorn naar recorder 157 - hoorn naar pc of recorder 650 - hoorn naar pc of recorder via Line-in of Mic Accessoires Grotere systemen Hulp bij Recording Over onze producten Over telefoonrecorders Training tips Kies de juiste connector Legaliteit Legaliteit van de producten Opnemen zakelijk gesprek Opnemen gesprek werknemer Opnemen gesprekken thuis Over ons & onze klanten Over ReTell en RecallCalls Voorbeelden van gebruikers Case Studies In de pers Support Pre sales After sales Downloads Handleidingen FAQ's Contact Contactgegevens Wordt ReTell reseller Privacy Policy Waar te koop Bestellen

Home > Lawful Business Practice Regulations

Lawful Business Practice Regulations

What has been written on the other pages on this site about the legality of recording in your company should give you all the information that you need, but for further background information including when you can record without the parties consent (i.e when you have not notified them in advance) see the DTI website from which the following is taken verbatim (as this is taken verbatim you may prefer to follow the link to the DTI website so that the links within the document will work).

Lawful Business Practice Regulations - Response To Consultation

Introduction
Legislative Overview
Outline of the Original Proposals
Key Issues Raised in the Consultation
Outline of the Final Regulations
Conclusion
Further Information

Annex A: The Lawful Business Practice Regulations (available on the HMSO website here)

Annex B: Regulatory Impact Assessment

Annex C: Notes for Business

Introduction
1. From 1 August to 15 September 2000, the DTI conducted a public consultation exercise on draft Lawful Business Practice Regulations to be made under the Regulation of Investigatory Powers (RIP) Act 2000. The RIP Act establishes a basic principle that communications may not be intercepted without consent. The purpose of the Regulations is to make an exception to this rule and to allow businesses to intercept communications without consent for certain legitimate purposes.

2. As part of the consultation exercise, the DTI published a Consultation Paper which described the legislative background to the Regulations and invited comments on its proposals. The Department also conducted extensive informal discussions with key representative organisations such as the Confederation of British Industry and British Chambers of Commerce. It received over 80 consultation responses from businesses, charities, representative organisations, and private individuals.

3. The Government is grateful for the efforts that consultees have made to comment in detail on its proposals. In what follows, we set out the main issues raised during the consultation and the steps we have taken to address respondents' concerns. We provide the final text of the Regulations and a set of Notes for Business explaining the new rules. The Regulations were made on 2 October and will come into force on 24 October 2000.

Legislative Overview
4. The Regulation of Investigatory Powers (RIP) Act establishes a new legal framework to govern the interception of communications. The Act reflects the changes which have taken place in the communications industry over the last 15 years.

5. The Act also ensures that the UK's interception regime is compliant with the Telecoms data Protection Directive. The Directive requires Member States to protect the confidentiality of communications made by means of public telecoms systems and specifically prohibits activities such as recording or tapping by others than users. It is worth noting that the European Commission has published proposals for a revised Telecoms Data Protection Directive which will be negotiated in 2001. (See Further Information and the original consultation document for additional background information.)

6. The Act establishes offences of unlawful interception on a public or a private telecoms system and a tort of unlawful interception on a private system by the operator of that system. However, the Act authorises interception in cases where the interceptor has reasonable grounds to believe that both the sender and the intended recipient have consented. And Section 4(2) of the Act allows the Secretary of State to make Lawful Business Practice Regulations authorising businesses to intercept on their own systems without consent for certain purposes.

7. In the past, businesses and others operating private telecoms systems were at liberty to intercept communications on their own systems. One of the effects of the RIP Act is that, in future, businesses which intercept on their own systems will need to be sure that their actions are legally authorised. If they intercept unlawfully, the sender or recipient of the communication may be able to obtain an injunction or sue for damages. All interceptions are authorised if there are reasonable grounds to believe in consent. The Lawful Business Practice Regulations will authorise businesses to intercept without consent for certain purposes.

Outline of the Original Proposals
8. The Consultation Paper provided a first draft of the Lawful Business Practice Regulations and invited interested parties to comment on its proposals.

9. The draft Regulations would have authorised businesses, including public authorities, to intercept communications without consent for the purposes of establishing the existence of facts, detecting crime and detecting the unauthorised use of their telecoms systems. They would have authorised charitable bodies to monitor calls to confidential counselling helplines. And they would have authorised public authorities to intercept communications on their or (where invited) others' private systems in the interests of national security.

10. In all of these cases, the draft regulations required the interceptor either to make all reasonable efforts to inform all parties to the communication that interceptions might take place or, otherwise, to have reasonable grounds to believe that the parties to the communication were already aware that interceptions might take place.

Key Issues Raised in the Consultation
11. As mentioned above, the Government received more than 80 consultation responses from businesses, charities, individuals and representative organisations. The majority of responses represented business interests and focused on the need to facilitate legitimate business activities. Others represented the interests of employees and consumers. This section outlines the key issues raised in the consultation exercise and the steps we have taken to address consultees' concerns.

Interceptions for operational purposes
12. A number of businesses have suggested that the draft Regulations might not allow them to make essential interceptions to ensure the operation of their telecoms systems. Businesses need to monitor communications to protect their systems against viruses and other threats. They also need to make routine interceptions for operational purposes such as backing up and forwarding emails to the correct destination.

13. We understand that businesses need to intercept communications for a variety of purposes relating to the operation of their systems. We have expanded the regulations to make clear that businesses are allowed to record or monitor communications without consent in order to secure, or as an inherent part of, the effective operation of their telecoms systems. This will make clear that businesses are able to intercept to protect against viruses, to route traffic and for other similar purposes.

Routine access to business communications
14. A number of consultees have suggested that the RIP Act and the Regulations may not provide business with sufficient authority to gain access to their own communications. Businesses need to check voicemail systems and email accounts in order to access communications during the absence of staff. It would be unreasonable and impracticable to require businesses to gain the consent of senders and recipients of communications before doing so.

15. We understand that businesses need to have access to their own communications. We have expanded the Regulations to authorise businesses to monitor communications without consent in order to determine whether they are relevant to the business. This will achieve a balance between giving businesses free access to their own communications and protecting the privacy of non-business communications where these are permitted.

Interceptions for quality control purposes
16. The consultation paper specifically asked respondents to comment on interceptions for quality control purposes. A large number of respondents suggested that businesses ought to be able to monitor calls for these purposes. A variety of businesses regularly monitor calls for a range of customer relations management purposes, for example, staff-training and quality control. The operators of call centres, in particular, monitor calls as an essential method of maintaining service standards.

17. Consultation responses made clear that call centres would need to overhaul their procedures if they were required to gain consent for this type of interception. The majority of call centres monitor calls on a random basis. Their current equipment and procedures would not allow them to stop monitoring if a customer refused consent. One major operator suggested that the costs of implementing procedures to gain consent would be over €800,000 per annum.

18. In the light of these arguments, the Government has come to the conclusion that it would not be in the interests of businesses or consumers to require consent before monitoring for quality control. We have expanded the scope of the Regulations to allow businesses to intercept without consent in order to ascertain or demonstrate the standards which ought to be achieved by persons using their systems. This will allow businesses to continue monitoring as at present for purposes such as staff training which are of benefit for consumers.

Interceptions for other purposes such as marketing and market research
19. A small number of consultation respondents suggested that businesses ought to be able to intercept communications without consent for purposes such as marketing or market research. However, the Government would be reluctant to authorise businesses to intercept without consent for purposes which were neither strictly essential nor necessarily in the interests of consumers. It is our understanding that in most cases, such functions could be performed using stored data without the need for interception. (These activities would probably fall within the scope of the Data Protection Act 1998). We also believe that Regulations that authorised these interceptions might be in inconsistent with the Telecoms Data Protection Directive. For these reasons, we have decided not to widen the scope of the Regulations to allow interceptions without consent for other purposes such as marketing or market research.

Monitoring calls to welfare helplines
20. Certain charities currently monitor communications on their helplines in order to provide counselling staff with adequate protection. Helpline calls can sometimes be distressing and monitoring offers a practical way to support staff. For these reasons, the consultation draft proposed to allow charities to monitor (but not record) communications to counselling and support helplines providing that these services were offered free of charge and on a confidential basis.

21. A number of businesses have explained that they also run confidential, welfare helplines and that they also need to monitor calls in order to protect helpline staff. These businesses include television and radio broadcasting companies and trades unions.

22. The Government accepts that businesses, like charities, have a legitimate need to monitor calls to their counselling helplines in order to protect staff. We have therefore modified the Regulations to allow any business to monitor, without consent, communications to counselling or support helplines. The Regulations specify that monitoring is only authorised if the helpline is provided free of charge and on a confidential basis. This will safeguard the confidentiality of conversations despite the fact that monitoring may take place.

Monitoring for unauthorised use
23. A number of businesses have indicated that they currently intercept communications in order to check for unauthorised use. Some businesses monitor internet use to check that employees are not accessing offensive material using the company's system. Some scan emails for indications of harassment or abuse.

24. The final regulations, like the consultation draft, will authorise businesses to intercept communications without consent in order to investigate or detect unauthorised use of their telecoms systems. This will allow businesses to check that staff are not using their equipment for inappropriate purposes such as those described above.

25. The sure way to make it clear what is or is not authorised use would be to circulate a notice to staff and/or to put notices on telephones and PCs explaining what use of the business's telecoms system was authorised, what use was unauthorised. Some uses, however, would be unauthorised even without a notice, such as anything illegal (eg, down-loading child pornography) or in breach of an employee's duty (eg, passing trade secrets to a competitor).

The requirement to inform correspondents of interceptions
26. The draft regulations required businesses to make "all reasonable efforts" to inform all parties to communications that interceptions might take place or, otherwise, to have "reasonable grounds to believe" that the parties to communications were already aware that interceptions might take place. The large majority of respondents commented on the costs and practical difficulties that this provision might impose.

27. Businesses have not expressed concern about having to inform their own staff that interceptions may take place. A large number of businesses do so already. Where this is not current procedure, businesses could use a variety of methods to inform staff that call recording or monitoring might take place. Our discussions with business groups indicate that this could be done without significant difficulty or cost.

28. However, businesses are worried about the additional costs of informing third parties that interceptions may take place. They could do this by means of recorded messages at the start of telephone calls or by means of notices in publicity literature. But in both cases, the financial burden of reorganising procedures might be considerable.

29. Businesses have also suggested that in some cases it would be inappropriate or impracticable to inform correspondents of interceptions. Certain organisations, for example record calls to their switchboards in order to provide evidence of bomb threats. In case like this, they suggest that it would be inappropriate to inform callers that recording takes place.

30. The Government is anxious to make clear and workable regulations and to avoid placing unreasonable burdens on business. We accept that, in many cases, a requirement to inform outside correspondents of interceptions would place an excessive burden on business. For that reason, we have removed the requirement to inform all parties to communications of interceptions.

31. However, we have retained a requirement for businesses to "make all reasonable efforts" to inform the users of their own telecoms systems that interceptions might take place. This will ensure that, in accordance with current best practice, businesses inform employees of that communications may be monitored or recorded.

Workplace Practice
32. A small number of respondents have suggested that the Regulations should establish a legal framework for workers and management to discuss company practices relating interception.

33. The Government would certainly wish to encourage businesses to agree with employees on appropriate levels of recording or monitoring if they wish. The Regulations will certainly not inhibit or discourage such discussions.

34. However, the Government would not want to oblige businesses to engage in collective bargaining on interception. Businesses need to intercept for a variety of essential purposes such as ensuring the routine operation of their systems. We believe they should have a clear right to do this providing they inform their employees that interceptions may take place.

35. The Data Protection Commissioner is currently developing a Code of Practice on the Use of Personal Data in Employer/Employee Relationships. The Commissioner intends to publish a draft of the Code in October 2000 for consultation. The Code will address the impact of the data Protection Act 1998 on the monitoring by employers of telephone calls, emails and internet access involving their employees. The Commissioner has told us that she intends that the Code of Practice will take account of the Regulations and address their inter-relation with data protection requirements. The Government believes that the Data Protection Commissioner's Code will provide an excellent opportunity to develop best practice regarding monitoring of employees at work. We would urge interested parties to participate in the consultation.

A Proportionality Test
36. A small number of consultation responses suggested that the Regulations should include a proportionality test to govern the extent of businesses' interception activities. They argue that such a test would ensure that a business's interception activities were in proportion to the level of need for interception.

37. The Government is not convinced that this approach would lead to transparent or workable regulations. It would leave businesses and others unsure as to what interception activities were permitted. This would place businesses in a vulnerable legal position and might encourage some to relocate operations outside the UK.

38. The Data Protection Act 1998 applies a proportionality test to the obtaining and recording and processing of personal data. We believe that this Act is sufficient to ensure that businesses act in a proportionate manner when collecting and using personal information.

The Rights of Consumers
39. A small number of respondents suggested that the Regulations might result in an imbalance between the rights of business and the rights of consumers. They were concerned that the combined effect of the Regulations and the RIP Act would be to allow businesses to record their calls with customers, but to deny consumers the right to record their calls with businesses.

40. This is not the case. The Regulation of Investigatory Powers Act does not prohibit individuals from recording their own communications for their own use, because that does not fall within the meaning of "interception" in the Act. Consumers will be able to record their calls with business providing that the recording is for their own use. Nothing in the Act would prevent the consumer from choosing subsequently to disclose or make use of that record in the courts or dispute resolution proceedings.

Outline of the Final Regulations
41. The final regulations will authorise businesses ( in the widest sense of the word, which covers charities and other non-commercial bodies and expressly includes public authorities) to monitor or record all communications transmitted over their systems without consent for the following purposes:

Establishing the existence of facts
Ascertaining compliance with regulatory or self-regulatory practices or procedures
Ascertaining or demonstrating standards which are achieved or ought to be achieved by persons using the system
Preventing or detecting crime
Investigating or detecting unauthorised use of the business's telecoms system
Ensuring the effective operation of the system.

42. The Regulations will also authorise businesses to monitor (but not record) communications for the following purposes:

Checking whether or not communications are relevant to the business

Monitoring calls to confidential, counselling helplines run free of charge.

43. The Regulations will also authorise public authorities to monitor or record in the interests of national security.

44. In all of these cases, the Regulations require businesses to "make all reasonable efforts" to inform those people who use the organisation's telecoms systems that interceptions may take place.

Conclusion
45. The Government is confident that the Lawful Business Practice Regulations will allow business to conduct most important monitoring or recording activities without needing to restructure practices and without undergoing significant costs. The Regulations should offer business the greatest possible scope for maximising the advantages of new ways of working with phone, email and other electronic communications, consistent with a high degree of privacy for the users of communications services. As such, they will contribute to the Government's aim of making the UK the best place for e-commerce by encouraging modern markets and confident consumers.

46. The Lawful Business Practice Regulations and Section 1(3) of the Regulation of Investigatory Powers Act will come into force on 24 October 2000. The DTI intends to review the Regulations after twelve months from their entry into force or, if later, after the adoption of the revised Telecoms Data Protection Directive proposed to the EU Council by the EC Commission in July 2000.

Further Information

Annex A: The Lawful Business Practice Regulations

INVESTIGATORY POWERS

The Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000

Made 2nd October 2000
Laid before Parliament 3rd October 2000
Coming into force 24th October 2000

The Secretary of State, in exercise of the powers conferred on him by sections 4(2) and 78(5) of the Regulation of Investigatory Powers Act 2000[1] ("the Act"), hereby makes the following Regulations: -

Citation and commencement
1. These Regulations may be cited as the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000 and shall come into force on 24th October 2000.

Interpretation
2. In these Regulations -

(a) references to a business include references to activities of a government department, of any public authority or of any person or office holder on whom functions are conferred by or under any enactment;

(b) a reference to a communication as relevant to a business is a reference to -

(i) a communication -

(aa) by means of which a transaction is entered into in the course of that business, or

(bb) which otherwise relates to that business, or

(ii) a communication which otherwise takes place in the course of the carrying on of that business;

(i) compliance with which is required or recommended by, under or by virtue of -

(aa) any provision of the law of a member state or other state within the European Economic Area, or

(bb) any standard or code of practice published by or on behalf of a body established in a member state or other state within the European Economic Area which includes amongst its objectives the publication of standards or codes of practice for the conduct of business, or

(ii) which are otherwise applied for the purpose of ensuring compliance with anything so required or recommended;

(d) "system controller" means, in relation to a particular telecommunication system, a person with a right to control its operation or use.

Lawful interception of a communication
3. - (1) For the purpose of section 1(5)(a) of the Act, conduct is authorised, subject to paragraphs (2) and (3) below, if it consists of interception of a communication, in the course of its transmission by means of a telecommunication system, which is effected by or with the express or implied consent of the system controller for the purpose of -

(a) monitoring or keeping a record of communications -

(i) in order to -

(aa) establish the existence of facts, or

(bb) ascertain compliance with regulatory or self-regulatory practices or procedures which are -

applicable to the system controller in the carrying on of his business or

applicable to another person in the carrying on of his business where that person is supervised by the system controller in respect of those practices or procedures, or

(cc) ascertain or demonstrate the standards which are achieved or ought to be achieved by persons using the system in the course of their duties, or

(ii) in the interests of national security, or

(iii) for the purpose of preventing or detecting crime, or

(iv) for the purpose of investigating or detecting the unauthorised use of that or any other telecommunication system, or

(v) where that is undertaken -

(aa) in order to secure, or

(bb) as an inherent part of,

the effective operation of the system (including any monitoring or keeping of a record which would be authorised by section 3(3) of the Act if the conditions in paragraphs (a) and (b) thereof were satisfied); or

(b) monitoring communications for the purpose of determining whether they are communications relevant to the system controller's business which fall within regulation 2(b)(i) above; or

(c) monitoring communications made to a confidential voice-telephony counselling or support service which is free of charge (other than the cost, if any, of making a telephone call) and operated in such a way that users may remain anonymous if they so choose.

(2) Conduct is authorised by paragraph (1) of this regulation only if -

(a) the interception in question is effected solely for the purpose of monitoring or (where appropriate) keeping a record of communications relevant to the system controller's business;

(b) the telecommunication system in question is provided for use wholly or partly in connection with that business;

(c) the system controller has made all reasonable efforts to inform every person who may use the telecommunication system in question that communications transmitted by means thereof may be intercepted; and

(d) in a case falling within -

(i) paragraph (1)(a)(ii) above, the person by or on whose behalf the interception is effected is a person specified in section 6(2)(a) to (i) of the Act;

(ii) paragraph (1)(b) above, the communication is one which is intended to be received (whether or not it has been actually received) by a person using the telecommunication system in question.

(3) Conduct falling within paragraph (1)(a)(i) above is authorised only to the extent that Article 5 of Directive 97/66/EC of the European Parliament and of the Council of 15 December 1997 concerning the processing of personal data and the protection of privacy in the telecommunications sector[2] so permits.

Patricia Hewitt,
Minister for Small Business and E-Commerce, Department of Trade and Industry

2nd October 2000

--------------------------------------------------------------------------------

EXPLANATORY NOTE

(This note is not part of the Regulations)

These Regulations authorise certain interceptions of telecommunication communications which would otherwise be prohibited by section 1 of the Regulation of Investigatory Powers Act 2000. To the extent that the interceptions are also prohibited by Article 5.1 of Directive 97/66/EC, the authorisation does not exceed that permitted by Articles 5.2 and 14.1 of the Directive.

The interception has to be by or with the consent of a person carrying on a business (which includes the activities of government departments, public authorities and others exercising statutory functions) for purposes relevant to that person's business and using that business's own telecommunication system.

Interceptions are authorised for -

monitoring or recording communications -

to establish the existence of facts, to ascertain compliance with regulatory or self-regulatory practices or procedures or to ascertain or demonstrate standards which are or ought to be achieved (quality control and training),

in the interests of national security (in which case only certain specified public officials may make the interception),

to prevent or detect crime,

to investigate or detect unauthorised use of telecommunication systems or,

to secure, or as an inherent part of, effective system operation;

monitoring received communications to determine whether they are business or personal communications;

monitoring communications made to anonymous telephone helplines.
Interceptions are authorised only if the controller of the telecommunications system on which they are effected has made all reasonable efforts to inform potential users that interceptions may be made.

The Regulations do not authorise interceptions to which the persons making and receiving the communications have consented: they are not prohibited by the Act.

A regulatory impact assessment is available and can be obtained from Communications and Information Industries Directorate, Department of Trade and Industry, 151 Buckingham Palace Road, London SW1W 9SS. Copies have been placed in the libraries of both Houses of Parliament.

ANNEX B: REGULATORY IMPACT ASSESSMENT
1. TITLE

"Lawful Business Practice" Regulations

2. PURPOSE AND INTENDED EFFECT OF THE MEASURE

Issue and Objective
Issue

The Regulation of Investigatory Powers Act 2000 prohibits the interception of communications made by means of a public or private telecoms system without consent. However, Section 4(2) of the Act allows the Secretary of State to make "Lawful Business Practice" Regulations to authorise businesses to intercept communications on their own private systems without consent for certain purposes.

Objective

Businesses need to intercept communications for a variety of legitimate purposes such as keeping essential records of transactions and ensuring the operation of their systems. The objective of the regulations is to ensure that businesses will be able to continue to make interceptions for essential purposes once the Regulation of Investigatory Powers Act comes into force. However, it is also important to ensure that the regulatory framework governing interception provides sufficient protection for the confidentiality of communications and individuals’ right to privacy.

Article 5.1 of the Telecoms Data Protection Directive requires Member States to ensure the confidentiality of communications made by means of a public telecoms system (which includes the beginning or end of such a communication on a private system). Articles 5.2 and 14.1 establish the extent to which Member States can make an exception to this rule. The Lawful Business Practice Regulations can only exempt business from the requirement to gain consent to the extent permitted by the Directive.

The Regulations must also not go further than permitted by the European Convention of Human Rights and the Human Rights Act 1998.

Risk Assessment
The Regulation of Investigatory Powers Act establishes new legal constraints on the interception of communications. The purpose of the Lawful Business Practice Regulations is to ensure that legitimate business activities are not unfairly hindered as a consequence of the Act.

3. OPTIONS

Options available
Four main options have been identified:

Option A (Not to make any regulations.)

Not to make any regulations authorising businesses to intercept communications without consent.

Option B (Regulations allowing essential interceptions; business to inform staff and third parties.)

To make regulations which allow businesses to intercept communications without consent for evidentiary and operational purposes providing that they make all reasonable efforts to inform both staff and third parties of interceptions

Option C (Regulations allowing interceptions for essential and quality control purposes; businesses to inform staff.)

To make regulations which allow businesses to intercept communications without consent for evidentiary, operational, and quality control purposes providing that they make all reasonable efforts to inform staff of interceptions.

Option D (Regulations authorising all interceptions; businesses not required to inform staff or third parties.)

To make regulations which allow businesses to intercept without consent for any purpose without needing to inform staff or third parties of interceptions.

Issues of equity or fairness
It is important that the regulations strike a fair balance between, on the one hand, facilitating legitimate business practices and, on the other hand, ensuring that individuals' confidentiality and privacy are adequately protected.

4. BENEFITS

Identify the Benefits
Benefits for Business

The benefit of the regulations is that they will allow businesses to intercept communications without consent for certain purposes. This will facilitate business practices by avoiding, in certain cases, the costs and difficulties involved in gaining consent.

The Regulations will provide business with the legal certainty they need to derive full benefit from modern communications technology and to develop innovative ways of handling information.

Benefits for Employees and Consumers

The regulations will establish the purposes for which businesses can intercept without consent and the conditions that businesses will have to meet before doing so. They therefore fit into the framework of legislation designed to ensure that individuals' right to privacy is respected.

Quantity and Value

Option A (Not to make any regulations.)

Benefits for Business

This option would provide no benefit to business because it would not allow interception for any purposes without consent. It would seriously hinder essential business practices such as keeping records of transactions and ensuring the operation of communications systems.

Benefits for Employees and Consumers

This option would ensure a very high degree of protection for the confidentiality of communications by requiring consent to be gained before an interception could take place.

However, consumers would suffer from lower standards of service because of the disruption caused to legitimate business practices such as maintaining the effective operation of systems and procedures and monitoring for quality control.

This option would also inhibit business from making interceptions for the purpose of protecting staff from abuse or harassment.

Option B (Regulations allowing essential interceptions; business to inform staff and third parties.)

Benefits for Business

This option would facilitate essential business practices by allowing interceptions without consent for purposes such as keeping records and ensuring the operation of communications systems.

However, businesses would need to modify their practices and procedures in order to inform staff and third parties of interceptions. They would also need to modify their procedures in order to gain consent for interceptions for purposes outside the scope of the regulations such as staff training, quality control, marketing and market research.

Benefits for Employees and Consumers

This option would result in a high level of consumer awareness of businesses’ practices regarding interception. However, some of the costs of informing third parties of interceptions would inevitably be passed on to customers.

Consumers might suffer lower standards of service because the Regulations would not allow businesses to intercept without consent for purposes of quality control. Employees might also suffer if the Regulations had a negative impact on their training.

Option C (Regulations allowing interceptions for essential and quality control purposes; businesses to inform staff.)

Benefits for Business

This option would facilitate legitimate business practices by allowing interceptions without consent for purposes such as keeping records, ensuring the operation of communications systems and monitoring calls to ensure a high level of service.

Businesses would not need to restructure their procedures in order to inform third parties of interceptions or in order to gain consent for interceptions for quality control purposes.

However, if they did not do so already, businesses would need to ensure that staff were aware that interceptions might take place. They would also need to gain consent before intercepting for purposes outside the scope of the regulations such as marketing or market research.

Benefits for Employees and Consumers

This option would ensure that businesses informed employees that interceptions might take place. This would help to ensure that employees understood what level of privacy they could expect when making personal communications on their employers’ systems.

This option would avoid placing significant burdens on business that might be passed on to the consumer. Customers would benefit because businesses would be able to monitor communications in order ensure high standards of service.

Option D (Regulations authorising all interceptions; businesses not required to inform staff or third parties)

Benefits for Business

This option would not change the legal position of businesses regarding interception before the entry into force of the RIP Act. It would allow businesses to continue intercepting communications on their networks for any purposes as at present.

Benefits for Employees and Consumers

This option would do nothing to limit the purposes for which businesses might intercept without consent and it would not require businesses to inform either staff or consumers that interceptions might take place.

This option would be in breach of the Telecoms Data Protection Directive and would risk breach of the European Convention of Human Rights and the Human Rights Act 1998. It would fail to provide adequate protection for the confidentiality of communications and it would allow businesses excessively wide scope to intercept without consent.

5. COMPLIANCE COSTS FOR A "TYPICAL" BUSINESS

Business Sectors Affected
These proposals have a bearing on the activities of a wide range of businesses. The financial services industry, in particular, needs to be able to record evidence of telephone transactions. The operators of call centres need to be able to monitor communications in order to ensure a high quality of service. Businesses need to intercept emails in order to check for viruses and protect against attack as well as to conduct routine activities such as accessing email accounts in the absence of staff.

It would be extremely difficult, if not impossible, to reach an accurate estimate of the total number of businesses affected - or potentially affected - by the Regulations. This is because of the sheer range of businesses that need to intercept for routine operational purposes such as checking for viruses or accessing emails in staff absence.

The call centre industry, in particular, would be affected by any change to current practices of call monitoring for quality control purposes. In 1999, there were 2150 major call centres in the UK with 20 or more telephone operators. There were also 4200 smaller centres with 3-19 telephone operators. These numbers are expected to increase significantly in 2000-2001.

The Financial Services industry, in particular, would be affected by any change to current practices regarding the recording of telephone transactions. The Financial Services Authority estimates that there are currently 22,000 financial services organisations operating in the UK.

Compliance Costs for a "typical" business
Option A (Not to make any regulations.)

Businesses would need to overhaul their procedures in order to gain the consent of correspondents before making any interceptions.

This option would impose extremely heavy costs on a wide range of businesses. It would not be possible to arrive at an exact estimate of costs because of the variety of businesses affected to varying degrees.

However, it is worth noting that this option would inhibit businesses from making essential interceptions for purposes such as scanning for viruses and ensuring the operation of their email systems. As such, it would affect the majority of businesses that operate modern communications systems.

This option would also inhibit businesses from conducting transactions by telephone. The financial services industry, in particular, would need to put in place procedures to gain consent for recording before conducting telephone transactions.

Option A would impose overwhelming practical difficulties for a large number of businesses. The consultation exercise suggested that some businesses would relocate operations outside the UK if the regulatory environment inhibited interceptions without consent for essential operational purposes.

Option B (Regulations allowing essential interceptions; business to inform staff and third parties)

If they did not do so already, businesses would need to modify their procedures to ensure that staff and third parties were aware that interceptions for purposes authorised under the regulations might take place.

Businesses would need to modify their procedures to ensure that they gained consent before making an interception for purposes outside the scope of the regulations such as quality control, staff training, marketing and market research.

The consultation exercise revealed that a large number of businesses were very concerned about the costs of informing third parties. One major British company suggested that the costs of installing new equipment and procedures in order to inform callers of interceptions might amount to €100,000.

The consultation also revealed that businesses were concerned about the costs of needing to gain consent for interceptions for quality control purposes. A national call-centre with 2000 telephone operators suggested that the costs of reorganising procedures in order to gain consent before monitoring calls for quality control purposes would be €800,000 per annum. Around 400,000 call centre and other telephone operators in the UK might be affected. We could, therefore, estimate that the total costs of having to gain consent for quality control monitoring might be €160 million.

Option C (Regulations allowing interceptions for essential and quality control purposes; businesses to inform staff.)

Businesses would need to modify their procedures to ensure that staff were aware that interceptions for purposes authorised under the regulations might take place.

Businesses would need to modify their procedures to ensure that they gained consent before making interceptions for purposes outside the scope of the regulations such as marketing and research.

The consultation exercise did not reveal that businesses were generally concerned about the costs of informing staff that interceptions might take place. Both British Chambers of Commerce and the Federation of Small Business indicated that they did not believe this requirement would impose a significant burden on business. One large service company estimated that it would cost €15 per employee to run training meetings to inform staff of its interception practices. However, the DTI believes that in most cases this would be a matter for routine communications between employers and staff and would not involve significant costs.

A small number of respondents argued that businesses ought to be able to monitor communications without consent for marketing and market research purposes. However, the majority of respondents agreed that businesses ought to gain consent before intercepting for these purposes. The DTI believes that in the majority of cases, businesses will be able to conduct these operations without needing to intercept communications.

Option D (Regulations authorising all interceptions; businesses not required to inform staff or third parties)

This option would impose no costs. Businesses would not need to change their current practices in any way. However, this option would be in breach of the Telecoms Data Protection Directive and would risk breach of the European Convention of Human Rights and the Human Rights Act 1998.

Total Compliance Costs
It would be very difficult to make an accurate estimate of the total compliance costs of each option. The Regulations affect - or potentially affect - a wide range of businesses in a variety of ways. However, it is possible to weigh the cost burden of each option in relation to the others:

Option A (Not to make any regulations.)

This option would impose extremely heavy costs. A wide variety of businesses would need to overhaul essential, routine procedures such as checking emails for viruses and checking email accounts in the absence of staff.

Option B (Regulations allowing essential interceptions; business to inform staff and third parties)

This option would impose significant costs for a large number of businesses by requiring them to restructure procedures to inform correspondents that interceptions take place. It would also impose significant costs for call centres and other businesses that intercept for quality control purposes. These businesses would need to restructure their procedures to gain consent before monitoring for quality control.

Option C (Regulations allowing interceptions for essential and quality control purposes; businesses to inform staff.)

This option would not impose significant costs on many businesses. It would require a large number of businesses to inform staff of interception practices. However, this could be done without considerable expense. Businesses that intercept without consent for marketing purposes might also need to review their practices.

Option D (Regulations authorising all interceptions; businesses not required to inform staff or third parties)

This option would not impose any costs. However, it would be in breach of the Telecoms Data Protection Directive.

6. CONSULTATION WITH SMALL BUSINESS

The DTI has held meetings with the British Chamber of Commerce and the Federation of Small Businesses in order to ensure that the regulations take account of the needs of small to medium sized enterprises. We have also developed the proposals in close consultation with our own Small Business Service.

These discussions made clear that small businesses might incur significant costs if they were required to inform third parties before making routine interceptions. They also made clear that some small businesses, like larger companies, need to monitor communications in order to ensure high quality of service. There was no indication that small businesses would incur significant costs as a result of having to inform staff that interceptions might take place.

The DTI’s consultation paper invited small firms to comment on the cost implications of the regulations on their business. A few small firms and two regional Chambers of Commerce responded to the consultation. They made clear that small businesses need to intercept for routine purposes such as ensuring the operation of their systems and keeping adequate records. However, none of the respondents was able to give a precise estimate of the costs complying with the regulations.

7. OTHER COSTS

None.

8. RESULTS OF CONSULTATIONS

The DTI conducted a public consultation exercise on the draft regulations from 1 August to 15 September 2000. Its proposals were based on Option B. It received over 80 consultation responses from businesses, charities, representative organisations and private individuals. During the same period, we held a large number of informal discussions with representative organisations including the Confederation of British Industry, the British Chamber of Commerce, the Information Security Forum, the Alliance for Electronic Business, the London Stock Exchange, the Financial Services Authority and the parliamentary lobby group EURIM.

A summary of consultation responses and a Response to Consultation have been published on the DTI website at http://www.dti.gov.uk/cii/regulation.html . These provide a detailed account of the issues raised by consultees and the steps we intend to take to address them. Businesses expressed concern about the compliance costs of informing third parties of interceptions and gaining consent for interceptions for quality control and staff training. Two respondents were able to provide an estimate of the costs of compliance with these requirements. We have quoted their estimates in Section 5 above.

9. SUMMARY AND RECOMMENDATIONS

Option A (Not to make any regulations)

This option would restrict to an unreasonable extent business practices regarding interception. It would inhibit a wide range of essential business practices such as keeping records of transactions and ensuring the operation of modern communications systems. It might lead to some companies relocating outside the UK.

Option B (Regulations allowing essential interceptions; business to inform staff and third parties)

This option would allow businesses to make essential interceptions without consent. However, the requirement to inform third parties of interceptions would impose significant costs. The requirement to gain consent for interceptions for quality control would also impose costs and might in some cases have an adverse effect on service standards.

Option C (Regulations allowing interceptions for essential and quality control purposes; businesses to inform staff.)

This option would allow businesses to make interceptions for essential evidentiary and operational purposes without consent. It would also allow businesses to intercept without consent in order to monitor service standards. It would require businesses to inform staff but not third parties that interceptions might take place.

The consultation exercise indicates that this option would allow businesses to continue legitimate practices without being burdened with significant additional costs. The requirement to inform employees of interceptions would minimise the danger of personal calls being monitored without their knowledge. The provision for businesses to monitor communications for quality control would help to ensure high service standards for the benefit of consumers.

Option D (Regulations authorising all interceptions; businesses not required to inform staff or third parties)

This option would be in breach of the Telecoms Data Protection Directive.

Conclusion

Option C is the recommended approach. This will allow businesses to continue legitimate business practices without needing to overhaul equipment or procedures. However, it will require businesses to gain consent before interceptions for non-essential purposes such as marketing and market research. It will safeguard privacy by ensuring that staff are aware of their employers’ practices regarding interception.

10. ENFORCEMENT, SANCTIONS, MONITORING AND REVIEW

Section 1(3) of the Regulation of Investigatory Powers Act 2000 will introduce a tort of unlawful interception on a private telecoms system by the operator of that system. The effect of this is that if a business unlawfully intercepts communications on its own network, individuals who suffer a loss as result of the interception will be able to sue for damages.

The regulations will not in themselves be enforceable. They will not impose an obligation on business but will reduce the need to gain consent for interceptions under section 3(1) of the Regulation of Investigatory Powers Act.

The DTI intends to review the Regulations after twelve months from their entry into force or, if later, after the adoption of the revised Telecoms Data Protection Directive proposed to the EU Council by the EC Commission in July 2000.

11. REGULATORY QUALITY

Declaration. I have read the Regulatory Impact Assessment and I am satisfied that the balance between cost and

benefit is the right one in the circumstances.

PATRICIA HEWITT

Minister for Small Business and E. Commerce

12. CONTACT POINT AND DATE

Richard Bartelot
Department of Trade and Industry
Communications and Information Industries Directorate
151 Buckingham Palace Road
London SW1W 9SS

ANNEX C: NOTES FOR BUSINESS
THE TELECOMMUNICATIONS (LAWFUL BUSINESS PRACTICE) (INTERCEPTION OF COMMUNICATIONS) REGULATIONS 2000

1. Introduction

The Regulation of Investigatory Powers Act 2000 establishes a new legal framework to govern the interception of communications. It sets the rules regarding activities such as recording, monitoring or diverting communications in the course of their transmission over a public or private telecoms system.

The Act brings the interception activities of private businesses on their telecoms systems within the scope of regulation. If a business intercepts a communication on its system without legal authority, the sender or the recipient of the communication will be able to obtain an injunction or, if they can show that they suffered a loss as a result of the interception, sue for damages.

The Act establishes the circumstances in which it is lawful to intercept communications. It authorises interception in cases where the interceptor has reasonable grounds to believe that both the sender and intended recipient have consented. It also provides for the Secretary of State to make "Lawful Business Practice" Regulations setting out the circumstances in which businesses can lawfully intercept communications without consent.

The Lawful Business Practice Regulations will allow businesses to intercept without consent for purposes such as recording evidence of transactions, ensuring regulatory compliance, detecting crime or unauthorised use, and ensuring the operation of their telecoms systems. Businesses will not need to gain consent before intercepting for these purposes although they will need to inform their staff that interceptions may take place.

The new rules will come into force on 24 October 2000. These notes set out the purposes for which businesses will be able to intercept without consent under the regulations and the steps they should take to inform staff of these practices. The notes also set out some of the circumstances in which businesses would need to gain consent for interceptions and some of the steps they might take to ensure that this is achieved.

2. Purpose of these notes

These notes represent no more than the views of the DTI on the meaning of Part I of the Regulation of Investigatory Powers Act 2000 and the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000. They are not exhaustive and have no legal force. They will not necessarily have any bearing on how the courts interpret the new legislation.

Businesses will need to consult the Act and the Regulations in order to ensure that their activities do not breach the new interception rules. They may need to take legal advice to ensure compliance.

3. Interceptions authorised under the Lawful Business Practice Regulations

The Regulations authorise businesses to monitor or record communications on their telecoms systems without consent for the following purposes:

a. to establish the existence of facts relevant to the business

e.g. keeping records of transactions and other communications in cases where it is necessary or desirable to know the specific facts of the conversation.

b. to ascertain compliance with regulatory or self regulatory practices or procedures relevant to the business

e.g. monitoring as a means to check that the business is complying with regulatory or self regulatory rules or guidelines.

c. to ascertain or demonstrate standards which are or ought to be achieved by persons using the telecoms system

e.g. monitoring for purposes of quality control or staff training.

d. to prevent or detect crime

e.g. monitoring or recording to detect fraud or corruption.

e. to investigate or detect the unauthorised use of their telecoms systems

e.g. monitoring to ensure that employees do not breach company rules regarding use of the telecoms system.

f. to ensure the effective operation of the system

e.g. monitoring for viruses or other threats to the system; automated processes such as caching or load distribution.

The Regulations also authorise businesses to monitor (but not record) without consent in the following cases:

g. for the purpose of determining whether or not they are communications relevant to the business

e.g. checking email accounts to access business communications in staff absence.

h. in the case of communications to a confidential anonymous counselling or support helpline

e.g. monitoring calls to confidential, welfare helplines in order to protect or support helpline staff.

4. Requirement to inform staff of interceptions made under the Regulations

If businesses intend to make interceptions without consent for the purposes authorised under the regulations, they are required to make all reasonable efforts to inform every person who may use their telecoms system that communications may be intercepted.

e.g. Businesses could place a note in staff contracts or in other readily available literature informing staff that interceptions may take place.

The persons who use a system are the people who make direct use of it. Someone who calls from outside, or who receives a call outside, using another system is not a user of the system on which the interception is made.

5. Interceptions outside the scope of the Regulations

If businesses wish to make interceptions for purposes outside the scope of the regulations, they will need to gain consent of the sender and the intended recipient of the communication.

e.g. Interceptions for purposes such as marketing or market research;

e.g. Interceptions for any other purposes that fall outside the list in Section 3 above.

6. Gaining consent for an interception outside the scope of the Regulations

The Regulation of Investigatory Powers Act authorises interceptions in cases where the interceptor has reasonable grounds to believe that he has the consent of both the sender and the intended recipient of the communication.

If businesses need to intercept communications for purposes outside the scope or the Regulations, they could take a number of steps to ensure that they gain the consent of staff and outsiders:

e.g. the business could insert a clause in staff contracts by which employees consent to calls being monitored or recorded;

e.g. the call operator could ask outsiders at the start of a call whether they consented to their call being monitored or recorded;

e.g. the business could begin calls with a recorded message stating that calls might be monitored or recorded unless outsiders requested otherwise.

We believe that, as a minimum, a business would need to give outsiders a clear opportunity to refuse consent to interception and to be able to continue with the call.

7. Warning: The Data Protection Act 1998

Anybody who intercepts a communication will need to be sure that their actions are authorised under the Regulation of Investigatory Powers Act and comply with the requirements of the Data Protection Act 1998.

The Lawful Business Practice Regulations make an exception to the rule established in the Regulation of Investigatory Powers Act that consent is needed before an interception can take place. If a business intercepted a communication in accordance with the Regulations, it would not risk civil liability under the Regulation of Investigatory Powers Act for unlawful interception.

However, businesses should be aware that any interception which involves obtaining, recording or otherwise processing personal data by means of automated equipment (for example recording calls or filtering emails) also falls within the scope of the Data Protection Act 1998. So too does the holding or processing of personal data after the interception has taken place.

8.Further Information

For more information about the Lawful Business Practice Regulations visit the main pages on the DTI website

Other Useful Websites
The Regulation of Investigatory Powers Act(on the Stationery Office website)

Regulation of Investigatory Powers Act webpages (on the Home Office website)

Telecoms Data Protection Directive (97/66/EC) (on the European Commission's Information Society website)

Public Consultation Paper (closed Sept 2000)

Summary of Consultation Responses

Government Contact
For further information on the Lawful Business Practice Regulations contact:

Richard Bartelot
Department of Trade and Industry
Communications and Information Industries Directorate
151 Buckingham Palace Road
London SW1W 9SS
E-mail: richard.bartelot@dti.gsi.gov.uk

For further information on the Regulation of Investigatory Powers Act contact:

The Home Office
Queen Anne's Gate
London SW1H 9AT

Bijgewerkt 9 februari 2009

Doorzoek deze site

Further Information

Retell cannot give you definitive legal advice, you have to contact the appropriate government department or your solicitor for that.

However, as part of our service to our customers we endeavour to collect on our web site relevant information so that Retell can be, as far as possible, a "one stop shop" of both recording equipment and advice on its use.

Please feel free to contact Retell for further information.

Alternatively go to Ofcom's homepage: www.ofcom.org.uk or contact them direct at:

Phone: 0845 456 3000 or
020 7981 3040
Email: contact@ofcom.org.uk
Fax: 0845 456 3333
Post: Ofcom Contact Centre
Riverside House
2a Southwark Bridge Road
London
SE1 9HA
(Note that Ofcom has taken over Ofcom's responsibilities)

and go to the Information Commissioner's Homepage : www.dataprotection.gov.uk or contact them direct at:

Information Commissioner,
Wycliffe House,
Water Lane,
Wilmslow,
Cheshire
SK9 5AF
Tel: 01625 545700

The DTI also has other relevant infomation on their website or contact them direct at:

DTI Enquiry Unit
1 Victoria Street
London SW1H OET
Tel: 020 7215 5000

While as accurate possible and given in good faith Retell cannot accept any liability for reliance by any person on legal information that we pass on.

Naar boven	Heeft u ideeën om uw bezoek aan deze pagina, website of onze producten te verbeteren, dan nodigen wij u uit ons hierover te informeren:
	© Retell 2004
RecallCalls B.V., James Wattstraat 14, 1817 DC Alkmaar, Nederland Tel: +(31)-72-5345004 Fax: +(31)-72-5345001 email: