Speech Analytics - Levels of Security
It's been a few months since you posted this - I hope you have everything figured out. If not, here is my 2 cents.
When it comes to recording calls, certain vendors have single side audio options, which completely removes consumer side information. This is the safest bet, but of course, you can only run QM on collector-side information.
The next option is to have a rock-solid PCI solution. Every major speech analytics vendor respects these guidelines - basically, the software should ignore sensitive data - identifying information, numbers, etc.
You can also explore real-time speech analytics (summary here: http://baltosoftware.com/sales/real-time-speech-analytics). This type of technology actually alerts collectors if they violate QM on call, and you can set it up to not save any information in the post-call.
What are your SLAs? Even if you go with the first, most secure option, you can get pretty good data on collector performance with only collector side audio, since what they say reflects what the customers say. Then you can work backward from successful calls and see what's working.
Anyway, hope this helps!