That's according to a new survey from call recording company Veritape, which found that only 39% of call centre managers know the industry rules surrounding how to store customer information once a call has been recorded.
As an example, a mere 3% of those surveyed wiped credit card numbers from recordings of phone calls - leaving a huge amount of sensitive data sitting unedited and available on the servers of the nation's call centres.
Global industry standards for call centres do exist. They're drawn up by the Payment Card Industry Data Security Council, the body that also governs how data is handled by shops and websites. The standard includes forbidding the storage of the weird little three-digit code that the operator always requests from the back of your credit card.
The survey also found that of the 97% who did not comply with the audio recording rules, 18% said it would be too difficult or expensive to do so; 6% were working to become compliant; and 11% were ignoring the issue. How responsible of them.
Such an attitude is really not helpful in an era when most transactions require a huge degree of trust. In the days of cash it was easy - you handed over a crumpled bit of paper and you got something back. End of story. These days you're constantly dishing out your account details to unknown operators over the phone, or sending them across uncharted connections to sit on potentially vulnerable servers.
It's of particular concern when CIFAS, the UK's Fraud Prevention Service, says that 60,000 UK residents have fallen victim to ID fraud so far this year. That's a 36% increase on the same period last year. Meanwhile 97% of employees believe that their company does not completely protect customers' identities.
Perhaps we should just all return to the ways of paper. At least you know where you are - and who - with cash. But it may be tricky to roll it up and shove it down the phone when you're trying to buy a train ticket.