DB2 Magazine Chinese version: support for compliance call records

Since Alexander Graham Bell invented the telephone in 1875, people have wanted to record and retrieve calls. Although this basic desire has not changed, the reasons for recording and effectively retrieving calls are clearly different. Compared with the past, companies today are recording calls because they face more legal, financial, regulatory, auditing, compliance, customer service, and data analysis reasons.

Freeform Dynamics, a survey conducted in 2006, found that almost nine-tenths of IT executives working in financial services said compliance requirements were critical to their businesses. However, only a few people are confident of their ability to be in key compliance areas, including document management and archiving and retrieval systems (Freeform Dynamics interviewed 100 financial services IT directors in the UK).

As laws such as the European Data Protection Act and the Freedom of Information Act require companies to provide employees and members with the right to access corporate data related to them-including call histories-the need to capture, index, and archive call records becomes stronger than ever. Recording calls is strictly routine. However, the indexing and management of these records is critical for the enterprise.

Consider a company with 200 employees, the company that uses an enterprise-class call-logging system. The European Data Protection Act gives these employees the right to access all the phone records that are relevant to them. It is almost impossible to comply with this law for almost every company that currently has a call-recording solution.

Even if only one or two employees are required (not to mention all 200 employees) to provide such data, the amount of time, money, and effort spent on finding, identifying, retrieving, and delivering all of the phone records associated with a particular employee from a bad index, typically a tape based telephony recording solution, is also staggering.

For banks and financial firms, the legal and compliance laws that involve calling records are worse. Management bills designed for the financial sector, such as the Sarbanes-Oxley Act, the Basel II Act, and the European financial Instruments market Regulation (MiFID), are required to capture corporate-specific financial information and ensure that it is not modified or deleted. When company-specific information includes call histories, it is extremely difficult to rely on traditional call-recording solutions to comply with such regulations.

When to delete?

In addition to capturing and retaining call records for legal and compliance reasons, organizations need to control the lifetime of data they archive in order to comply with enterprise data destruction requirements and also to control the cost of data storage.

Enterprises have come to realize that, in addition to capturing and retrieving business information (including call records) during the legal period, the ability to seize the earliest opportunity to delete such information is also extremely needed.

While the common way to store call information is to keep calls permanently, this practice has begun to change. Part of the impetus behind this change is the growing need to deal with event-based reservations. For example, if the collateral is quickly paid back, the related call records can be deleted earlier than expected. During the lifetime of the call log, events may occur that change the record's retention policy: for example, a customer closes an account, an employee leaves the company, or a retention policy changes.

In addition to legal requirements, managing growing data storage is a thorny issue. Think about it, a minute of call records requires 100KB of storage space, and many companies have hundreds of customer service agents each day dealing with calls that are critical to the business. The need for data storage has thus become considerable (up to 4GB per day).

Permanently archiving all calls and business data is not a viable option, since it is too costly to do so, both in terms of compliance and finance.

A New World Call log

A call recording solution to succeed in supporting compliance, it must provide:

Business Data Index

Static User access constraints

Definition and management of retention policies (for time based retention and event-based retention)

Prevent deletion during a defined record retention

Complete record deletion after retention period

Suspend deletion of call records based on external events such as audit or court orders

Archiving on compliant storage devices

While these requirements are new to the call logging landscape, most businesses that use enterprise content Management (ECM) solutions for business information in documents, e-mail, digital images, and other formats are no strangers to these requirements. ECM systems can also be used as a tool for archiving call records.

ECM solutions, such as DB2 Content Manager, must support business data indexes from the first day. In ECM solutions, it is inconceivable to capture only calls without indexing business data. If you do not index business data, you can only find calls based on the original fields, such as dates and times. In contrast, indexed fields allow various searches, such as customer name, number, policy, call reason, call result, agent, and so on.

ECM Solutions must also prove their value in terms of security and user access control. Most ECM solutions provide data object-level security, which enables it to control access to individual business call records.

For most ECM solutions, the idea of record management and data control is an evolutionary step. Records management solutions, such as DB2 Records Manager, provide the ability to control data deletion and define call history retention policies.

If you combine records management capabilities with business data indexes, it is simple and powerful to define call history retention rules based on event retention, which is a big asset for most companies. Records management directly solves the problem of knowing how long a record should be archived and when it should be deleted.

ECM Solutions also provide the ability to use a variety of storage devices, such as one-write multiple-read (WORM) optical and tape devices and new compliance-focused devices, such as IBM's Data Retention (DR550).

All of these solutions are within the area of responsibility of the IT department, which means that they are regularly monitored, backed up, and optimized for disaster recovery.

Conclusion

The combination of call-logging solutions and records management capabilities radically alters the way in which these records are captured, archived, and managed, providing a compliant recording solution for the needs of the 21st century.