Regulations Relevant to XOVOX In Servicing Clients

The banking and insurance industries are subject to some of the world’s most stringent and prescriptive records retention requirements. And it is getting more challenging every day, particularly for voice data.

In each country, there are multiple levels of regulations; in the US, for example, you have individual states AND the Federal government. This is compounded for international companies. Further, there are also industry-specific privacy and recording standards. 

Here are some of the regulations that XOVOX has helped organizations comply with over the past two decades. 

Regulation Jurisdiction Industry Record Type Requirements

Dodd-Frank USA Financial Services All records that relate to swaps Five years retention
ECPA (Electronic Communications Privacy Act) USA All Electronic communications, which includes voice recordings Strict requirements when preserving and disclosing voice recordings
FINRA (Financial Industry Regulatory Authority) USA Financial Services Electronic communications, including voice recordings, for broker-dealers and other financial institutions Various rules governing the retention and supervision of electronic communications
FTC Act (Federal Trade Commission Act) USA All Voice recordings that involve consumer interactions Compliance with various consumer privacy and data security requirements
HIPAA (Health Insurance Portability and Accountability Act) USA Healthcare Voice recordings containing protected health information (PHI) Strict requirements for storage, access, and disclosure
Sarbanes-Oxley Act (SOX) USA All publicly listed corporations All records related to financial transactions, which includes voice recordings related to financial reporting Seven years retention
SEC 17a-4 USA Financial Services Broker-dealer voice recordings Retention of three years total, with first two years in an easily accessible location
CCPA (California Consumer Privacy Act) USA All business collecting personal information on California residents Personal information, which may include voice recordings Compliance with data subject access requests (DSARs) and deletion requests related to voice recordings; ensure secure storage and retrieval
FCA (Financial Conduct Authority) UK Financial Services Recorded telephone conversations Six months retention
FSC (Financial Services Commission) S. Korea Financial Services Voice recordings related to trading of financial investment instruments Ten years retention
PCI DSS (Payment Card Industry Data Security Standard) Global Any company collecting or processing credit card information Voice recordings which capture credit card information during customer interactions Strict requirements for secure storage and handling
GDPR (General Data Protection Regulation) EU All businesses that collect personal information on EU residents Voice recordings containing personal data Strict requirements for handling, including the right to erasure and data subject access requests (DSARs)
MiFID II (Markets in Financial Instruments Directive) EU Financial Services Transaction-related voice recordings and electronic communications Retention of at least five years
NAFR (National Administration of Financial Regulation, formerly CBRC) China Financial Services Sound recordings relating to sales of wealth management products Various rules governing the retention of transaction records
ASIC (Australian Securities and Investment Commission) Australia Financial Services All relevant electronic and telephone communication records Seven years retention

Recent Posts

XOVOX Adds Support for Genesys PureConnect

XOVOX, the leader in voice recording extraction and data migration, can now extract audio recordings and metadata from the Genesys PureConnect platform. With this new capability, XOVOX can help companies…

XOVOX Now Supports VPI Empower Extraction

XOVOX, the leader in voice recording extraction and migration, announces a new capability to extract audio recordings and metadata from the VPI Empower platform. With this new capability, XOVOX can…

Podcast: Strategies for Migrating Voice Recordings

Andy Stevens, XOVOX President, recently participated in an episode of Archive360’s “Data Governance 360 Podcast”. In Episode 44: Modernizing Unified Communications: Strategies for Migrating and Governing Legacy Audio Channels, Andy…

White Paper: Voice Logger Retrieval Techniques

Many businesses and agencies use voice loggers to record telephone traffic, but retrieval of the archived recordings can be difficult, especially in bulk. Andy Stevens, XOVOX Founder and voice  data…

Structured vs. Unstructured Data – Part 2

In the first part of our Structured vs Unstructured Data conversation, we talked about Defined vs. Undefined Data and Qualitative vs. Quantitative Data. In our second installment, we discuss differences…