Marketing Team
In the fast-paced world of business, a customer’s verbal agreement over the phone often seals a deal or authorises a transaction.
From a telesales agent securing a new subscription to a customer service representative getting permission to update personal details, these conversations happen thousands of times a day across Singapore.
But in the event of a dispute, when a customer claims they never agreed, how can a business prove that consent was actually given? While verbal consent is legally valid under Singapore’s Personal Data Protection Act (PDPA), it carries a significant evidentiary burden that requires robust processes to be defensible.
Is Verbal Consent Legally Valid?
Yes, the PDPA recognises that an individual’s consent can be given verbally. The law does not mandate that all consents must be in writing. This allows for flexibility in business operations, particularly in sectors like telemarketing or customer service, where interactions are primarily conducted over the phone.
However, the key challenge lies in the burden of proof. According to the Personal Data Protection Commission (PDPC), the organisation that is collecting, using, or disclosing the personal data is responsible for ensuring that the consent it obtains is valid.
This means if a customer disputes having given consent, the organisation must be able to provide evidence that it was obtained in accordance with the Act. A simple claim that “they agreed on the phone” is not sufficient.
Making Verbal Consent Defensible
To make verbal consent legally sound, businesses must have a systematic way of capturing and proving it. The most common and effective method is to record the phone conversation in which consent is obtained.
It is a critical legal requirement that the individual must be notified at the beginning of the call that the conversation will be recorded and for what purposes, such as “for quality assurance and verification.”
Beyond recording, using a clear and unambiguous script is essential. The script should mirror the clarity of a written form.
It must clearly explain what personal data will be collected, the specific purposes for its use, and then ask for an explicit and affirmative agreement from the individual, such as, “Do you consent to this?”
Documentation and Confirmation Are Essential
A recording on its own may not be sufficient. Clear and robust internal processes should support it. Businesses should keep detailed records showing when and how verbal consent was obtained from each customer.
These records should note the date and time of the call, the name of the staff member who handled it, and a reference to the specific call recording for quick retrieval.
Best practice is to follow verbal consent with written confirmation. This can take the form of an automated email or SMS sent immediately after the call, summarising the agreed terms.
Such confirmation not only creates a transparent and verifiable paper trail but also gives the customer a chance to review the agreement and an easy way to withdraw consent if they change their mind. This approach strengthens both accountability and trust.
Knowing the Limits of Verbal Consent
While convenient, verbal consent is not appropriate for all situations.
For collecting particularly sensitive personal data, such as detailed health information, or for seeking authorisation for complex services with intricate terms and conditions, relying solely on a phone call is a high-risk approach.
It can be difficult to ensure the individual has truly understood all the implications. In these circumstances, the more prudent and defensible method is to direct the customer to a written form, whether physical or online.
This allows them the time and space to read the details thoroughly before providing their consent, significantly reducing the risk of future disputes and demonstrating a higher standard of care.
Ultimately, while the PDPA allows verbal consent, a simple claim of “I told you over the phone” will not withstand scrutiny without credible evidence.
Organisations that put in place a structured process for recording, scripting, documenting and confirming verbal agreements will not only meet legal requirements but also strengthen customer confidence and trust in an era where privacy awareness is at an all-time high.
Disclaimer
The information contained herein is provided for general informational purposes only. While every reasonable effort has been made to ensure the accuracy of the information, inadvertent errors or omissions may occur. No representations or warranties, express or implied, are made regarding the accuracy, completeness, or suitability of the information provided. The authors expressly disclaim any and all liability arising from, or in connection with, any errors or omissions. Recipients are advised to seek independent legal counsel for advice pertaining to their individual circumstances.
