The Letter of the Law: Does your VoIP Keep You in Compliance with Federal and Industry Regulations? on

Privacy and protection of personal data aren’t just a customer wish – federal laws require your compliance.

Let’s say your bank or your doctor wants to send you information. Maybe it’s a tax form, or the results of a blood test. Why can’t they just email it to you like everybody else does? Certain industries must comply with strict privacy laws. Federal laws prohibit your bank or doctor from transmitting personal information to you – even if you request it. They must use secure channels.

The same principles apply with VoIP communications. It’s digital data and that digital data could be hacked and stolen. Thus, our government has enacted regulations that require you to comply with certain privacy acts. Here’s a rundown of the major compliance regulations and the industries to which they apply. Do they impact you? More importantly, is your VoIP provider making sure both of you stay compliant?


It’s an acronym for Customer Proprietary Network Information. This is the broadest regulation to be found as it impacts VoIP providers. You probably already know that your provider collects and tracks information about who you call. Did you know that unless you opt out, your VoIP provider could pass along some of this information to third parties for marketing purposes?

A 1996 FCC telecommunications act was updated in 2007 to specifically include VoIP services. Prior to that, this was mainly something that only the wireless provider networks had to comply with. If you don’t have a clear answer, contact your VoIP provider and find out which side of the CPNI fence you’re on.


Here we go with another acronym. This federal act should not be taken lightly. It’s the Children’s Online Privacy Protection Act of 1998, and it prohibits deceptive marketing to children. It also prohibits the collection of their personal information.

With VOIP, your phone system is an Internet connection. It is prohibited from collecting information from anyone known to be under the age of 13, unless you are a nonprofit organization. You don’t want to be on the wrong side of anything that even appears to exploit children. Familiarize yourself with the policies your VoIP provider has in place to comply with COPPA. And they do comply with this act, right?


This act does for health information what COPPA does for children. The Health Insurance Portability and Accountability Act was put in place the same year. While it has a lot of moving parts, general restrictions apply to any health information stored digitally. The act declares that it can only be shared with your permission.

You don’t have to be a doctor or a patient to be impacted by this federal act. Any healthcare provider or insurance company must comply. What are the consequences of running afoul of the act? Let’s say your VoIP provider doesn’t follow both the electronic and physical safeguards required, and your customers’ personal medical information ends up accessible on search engines. Prepare to pay a hefty fine. A couple of medical centers were forced to shell out nearly $5 million after personal data for almost 7,000 patients was inadvertently made public.

The Telephone Consumer Protection Act

It’s more commonly known as the ‘National Do Not Call Registry,’ and you can get into a lot of trouble for bothering someone who’s on this list. Companies were originally asked to police themselves when it came to automatic dialers and robo-calling.

When that didn’t work, the Federal Trade Commission enacted the Do-Not-Call Implementation Act of 2003. Here’s how it works and why you need to make sure your VoIP provider maintains compliance: You have a time window of just 3 months to respond to someone who calls looking for information. You have only 18 months to continue to act upon that relationship.

But if the customer asks you to stop calling, you have to comply immediately. Otherwise, the Federal Trade Commission can fine you up to $16,000 for each instance.

The good news is that there are reasonable exemptions. As a business, you can make calls to other businesses, including cold calls. You can also call to make solicitations for charitable donations and calls to ask you to vote for a political candidate are exempt, as well. Go figure.

Are you comfortable with your VoIP provider’s DNCR policies? Make sure to take it one step further, as certain industries have their own registries. Ask how your VoIP provider can help you with this if you must comply.

The Personal Data Privacy and Security Act

This is the newest legislation to come along, and we have it courtesy of the exponential increase in identity theft. The 2009 legislation requires specific personal privacy security policies for anyone who maintains sensitive personal information for 10,000 or more customers.

It’s likely that your VoIP provider falls into this category. The act requires security activities, but it also holds you accountable if it’s discovered that you’ve covered up a security breach that releases what the act calls “sensitive personally identifiable information.”

You can go to jail for up to 5 years if you’re found guilty of participating in the release of personal information such as names, social security numbers, home addresses, fingerprint/biometrics data, dates of birth, and financial account numbers. The act requires you to notify people if a security breach happens, but it also goes further. You also must help people fix their credit if it is damaged.

There’s an escalation clause, too. You must notify the Secret Service if you’ve spilled the personal information beans on more than 1 million people, or if those people work for the federal government, national security, or law enforcement.

There are 2 levels of culpability here. These acts can directly impact you and your company. Or, they can impact you because you are using VoIP to interact with customers, and it places personal information they share with you in jeopardy. You’ve heard it before: Ignorance of the law is no excuse. Be wise. Ensure that your VoIP provider complies with these privacy acts, and that they are actively participating in helping you comply with them, too.

If your VOIP provider doesn’t measure up to federal compliance standards, it’s time to move on to one that does. CallSprout closely monitors the latest privacy laws and ensures that your business is protected from privacy violations. Review our services to see exactly what we can do for you, and if you’re just considering the move to VOIP, fill out this form to learn how much it can save your organization.

Pin It on Pinterest

Share This

Share this post with your friends!