In response to recent uproar in France involving personal data leaks by call center employees, the French data protection authority (CNIL) conducted inspections at two major call centers and plans to expand the inspections to other companies in order to ensure that such companies are complying with French data privacy laws. Although the CNIL stated that there was room for improvement, the data security at the inspected centers was considered “relatively satisfactory.” According to the CNIL, improvements could be achieved through better “traceability” of how company personnel use databases, such as keeping a log of who has accessed what data. During the investigations, the CNIL also reviewed monitoring of call center workers by employers and noticed that, although it is permitted by law, it is subject to certain restrictions. Not only must employees be informed when their conversations could be monitored, but the recording must also satisfy predefined needs, such as for training or evaluation, and it can only be kept for a limited time period.

TIP: Companies that operate call centers in France should review the advice of the CNIL and ensure that security of data is appropriate and in line with recent recommendations.