Skip to main content
Touch blog

Data security – are your call recordings secure?

The need to ensure that call and digital recordings are stored securely is a universal obligation for businesses in the Asia-Pacific region, even though there may be local differences in the regulations governing personal data and financial transactions.

The Asia-Pacific region has a broad range of different, ever-changing compliance regulations making it difficult for organisations to ensure they keep pace. One of the over-arching requirements, however, is the need to maintain absolute data privacy and security. Touch Call Recording Service can help you to ensure that all your data security requirements are met across multiple channels.

Asia-Pacific has a unique set of problems when it comes to compliance – such a large region inevitably has a complex system of often differing and individual state compliance regulations. It makes it difficult for organisations doing business in the region to keep up with the ever-changing requirements for compliance.

Unfortunately, that situation continues to get increasingly complex – according to Morrison Foerster , between 2021 and the end of 2023, the region’s privacy laws will have grown around 25% over that period, while more mature privacy regimes, including Singapore continue to evolve.

Perhaps the single strand that runs between them all – whether that’s MiFID II, the Singapore Personal Data Protection Act (PDPA), or any other regional variations and requirements – is the need for data security. For example, one of the main components of such regulations is the need to securely store all communications for a specified, mandatory time period. Personal data must also be securely stored and, even in the event of a right-to-be-forgotten request, all data must be maintained privacy.

A further layer of complexity is that calls (fixed and mobile), and personal data must be collected across multiple channels, all of which much be stored securely, maintaining privacy, according to each compliance regime. Security and privacy must span all channels.

Multi-channel, cloud-hosted solution

Touch Call Recording Service is a comprehensive, multi-channel, managed service that has been helping our existing customers to meet financial, personal data, and other compliance requirements for more than a decade. It requires no costly or time-consuming on-premise deployments and enables organisations to quickly, securely, and cost effectively meet all aspects of their compliance security and privacy requirements.

The Touch Call Recording Service is maintained as part of an ISO27001 certified information system. It is located across two geo-redundant sites with one production site and one disaster recovery site. Data is mirrored across both, ensuring there are no interruptions to your service should the worst happen.

All recordings undergo a two-stage encryption process, according to ETSI TR 102 661. First, a new, random secret key is generated for each data file (AES, 256 bits). Then the secret key is encrypted with an RSA asymmetric encryption algorithm with key length of 2,048 bits.

The encrypted, secret key is then stored in the database together with reference to the encrypted data file, which means that no content is stored in the database, only metadata.

Secure storage and access

Access to, and retrieval of, files from the database is enabled by an easy-to-use, intuitive web interface. Access can be assigned only to those with permissions rights. The database solution also assures the integrity of stored data and provides full traceability for database operations.

The actual query (type of query and search parameters) is logged in the database together with the specific session ID that refers to an individual web user’s account. Touch Call Recorder and Storage has additional benefits. As well as ensuring compliance, it enables audit trails, documentation, dispute resolution, training, and the ability to gain more value from all your communications.

Flexibility is also key. You can increase or decrease your capacity requirements as your team grows, or as market demands change. Furthermore, Touch is highly focused on its technology and compliance roadmap – we have experience of ensuring that our service rapidly incorporates any amendments to existing compliance regulations, and is compatible with the introduction of new regulations, meaning you don’t have to worry about it.

To find out how Touch can help you to ensure that all your call and data recordings are securely stored and meet all data privacy challenges. Contact us now.
Explore touch call recording

Touch call recording

Key factors to consider when planning your call recording strategy

The obligation for organisations to record fixed and mobile calls, as well as digital communications, has grown dramatically in recent years in order to comply with regulatory mandates, enhance staff training and development, and create a richer set of auditable records, across all communication sources.

Are you meeting your Dodd-Frank compliance obligations?

The Dodd–Frank Wall Street Reform and Consumer Protection Act is a US federal law enacted in 2010 that overhauled financial regulations with the aim of preventing the financial crisis from occurring again. While it does not directly apply to Asia and Singapore, organisations in the region still need to ensure they comply. What do you need to do and how can Touch help?

touch logo

Get in touch