Think about this for a second—when was the last time you left a meeting and said to yourself, “I’m not sure if I’ve captured everything perfectly. I wish I could go back and listen to the conversation again?”
Happens often, right? Even when you think of recording a meeting, this question perhaps looms over your mind—Can I record meetings? Is it even legal?
The short answer is: Yes, it is indeed legal to record virtual meetings and calls.
The long answer is—there are nuances to it, depending on factors such as geographic location, reasons to record the meeting, security aspects, and more.
Through this blog post, we look at the call recording laws across different states & countries. We’ll discuss which ones among them are one party or two party consent states—and the specific compliance and legal requirements to keep in mind while recording virtual calls or meetings.
Disclaimer: We’re not legal experts. This post is an effort to consolidate and simplify the various recording laws across the world for easy understanding.
Firstly, when to record, and when not to record?
Recording meetings is one of the most helpful ways of making sure you make the most out of your conversation. Here are a few reasons why you should be recording your next meeting:
- To ensure no critical information is lost in thin air
- You have a reliable source of information to go back to
- Keep people in the loop in case they missed the meeting
- Review your meetings and improve yourself
- Keep track of discussions related to a particular topic or project and more.
When not to record a meeting
While it is perfectly legal to record meetings or calls, certain situations have legal sensitivity when it’s best not to record. And if you have to record those meetings, you need to limit access to those recordings to the concerned parties. For example:
- Legal reasons: The laws for recording meetings are not universal. Certain states within the same country might require you to obtain consent from both parties, whereas, in other states, it could be legal to record with the consent of one party alone.
- Privacy sensitive conversations: In case of private conversations such as performance reviews and other 1:1 feedback meetings, you can record the conversation with their consent and restrict the access to the meeting participants alone.
How long can you retain the recordings?
Like assets organizations maintain their storage systems, audio and video recordings also require secure storage. However, the complexities and requirements regarding recording storage policies differ across industries.
For instance, the meeting recording of a conversation between a patient and a healthcare professional is categorized as a healthcare record. Since these conversations typically contain patient health information and personally identifiable data, HIPAA rules apply to those recordings, and the data requires encryption at rest. So, if you need to share the recordings, they require password protection and should be shared only with other authorized users.
Depending on organizations and on a case-to-case basis, you may at times need to keep the recordings for 6-10 years. And before you record any conversation, you need consent from one or more parties.
Different types of consent for recording meetings & calls
Recording virtual meetings typically refers to recording conversations on web conferencing apps such as Zoom, GoogleMeet, Webex, etc. In comparison, recording calls means recording conversations on the phone and using dialers such as Aircall, RingCentral, Kixie, etc.
From a legal standpoint, the most important factor to understand before recording a meeting or call is consent. So, for starters, if you want to record a conversation, let the participants know in advance that you plan to record the meeting and obtain their consent.
There are four types of consent:
One-party consent:
One-party consent or single-party consent means that you can record a call or meeting as long as you have consent from one of the parties in the meeting. You don’t need explicit consent from the other party. Most of the countries in the United States allow one one-party consent.
Two-party consent:
Two-party consent means all parties have to be informed the call is being recorded, and the party recording the conversation must obtain prior consent from the other party. The consent may be given actively or passively. Countries that follow the two-party consent rule include the United Kingdom, Canada, India, Germany, Australia, and Romania.
Active consent:
Active consent typically involves sending out a visual or audio cue to the meeting participants suggesting that the conversation would be recorded. The participants (other parties) need to actively give you their consent by either clicking an approval button or verbally giving their consent to record.
Passive consent:
Passive consent refers to the scenario where the meeting participant receives the audio or visual cue. For example: the announcement that says, “This meeting is being recorded” while in the meeting, and the participants don’t object to the recording. If the participants are willing to continue the meeting knowing it’s being recorded, they’ve passively given you their consent.
Now that we understand how ‘seeking consent to record meetings’ works, let’s look at the recording laws across countries.
Recording laws in the United States (US)
In the US, the Electronic Communications Privacy Act (ECPA) guides the recording of calls. It includes video conference meetings and calls because the ECPA primarily governs acquiring aural transfer (any transfer containing the human voice from the point of origin to reception) through electronic communication channels.
The ECPA states that it is illegal to record a call without the consent of at least one party. As discussed above, the consent sought need not always be ‘active consent.’ But that said, different states have developed variations of the recording laws, which are either similar or more stringent in nature.
Let’s take North Carolina as an example—it is a one-party consent state. That means a meeting participant can actively or passively imply consent to a meeting recording as long as they’re notified that the meeting or call is recorded.
On the contrary, states such as California and Florida are two-party consent states, meaning both parties must consent before recording the meeting. It means you need to share the intent to record the meeting in advance. The notification can be in the form of emails, audio disclaimer announcements, clickable CTAs, etc. Also, in this case, the meeting attendees can actively or passively give their consent.
Here’s a snapshot of the states in the US based on the governing recording law:
One-party consent states:
Here is a list of 37 states (+DC) considered one-party consent states. In addition, Connecticut can also, at times, be regarded as a one-party consent state because there are different laws for in-person conversations and phone/online conversations.
- Alabama
- Alaska
- Arizona
- Arkansas
- Colorado
- District of Columbia
- Georgia
- Hawaii
- Idaho
- Indiana
- Iowa
- Kansas
- Kentucky
- Louisiana
- Maine
- Minnesota
- Mississippi
- Missouri
- Nebraska
- Nevada
- New Jersey
- New Mexico
- New York
- North Carolina
- North Dakota
- Ohio
- Oklahoma
- Rhode Island
- South Carolina
- South Dakota
- Tennessee
- Texas
- Utah
- Vermont (there’s no recording law per se, hence the Federal law applies)
- Virginia
- West Virginia
- Wisconsin
- Wyoming
Two party consent states (all-party consent):
A two party consent state is where both or all parties should consent to the recording of a conversation. This is in contrast to a one-party consent state, where only one party needs to consent to the recording. Following states require you to obtain consent from two or all parties to record a conversation:
- California
- Delaware
- Florida
- Illinois
- Maryland
- Massachusetts
- Michigan
- Montana (requires notification only)
- New Hampshire
- Oregon (One party consent for electronic conversations; two-party consent for in-person conversations)
- Pennsylvania
- Washington
- Connecticut (Two party consent for electronic conversations; one-party consent for in-person conversations)
Mixed Consent States
There are several states that either have ambiguous recording laws or none at all. Vermont, for example, does not have a call recording law, while Hawaii and Nevada are one-party consent states but still require two-party consent to record conversations.
Connecticut requires all-party consent for electronic recordings and one-party consent for in-person conversations. Oregon, on the other hand, follows one-party consent for electronic recordings and two-party consent for in-person conversations.
Illinois requires consent from all parties to record, transmit, or listen to non-electronic private conversations. Michigan and South Dakota require one-party consent until the recording party is a participant in the conversation.
Regions may also have separate laws when it comes to recording phone calls, video meetings, or in-person conversations, so ensure that you’re well-versed with specific regulations in your state/area/location before recording conversations.
Recording laws in the European Union (EU)
The recording laws don’t change drastically in the EU, but we can certainly say that the EU has some of the most stringent recording laws. As long as your organization operates in the EU member states or has customers in the EU, you’re required to follow the rules outlined in the European Union’s General Data Protection Regulation (GDPR).
GDPR states you need to justify the need to record a call or meeting and obtain unambiguous consent from all parties before recording the conversation. The law works very similarly to the two-party consent states in the US.
Some acceptable reasons to record meetings as per GDPR:
- The recording is necessary for the fulfillment of a contract in which the party is involved.
- The recording is done for the fulfillment of legal obligations.
- The recording is necessary to protect the interests of one or more parties.
- The recording is in the public’s interest or done in official authority.
- The recording is in the legitimate interest of the recorder as long as such interests are not overridden by the interests of other parties to the call or conversation.
Data retention, storage and protection requirements:
The law clearly states that all recordingData retention, storage, and protection requirements:
The law clearly states that all recordings can only be stored for as long as it is necessary to fulfill the purposes for which the data were collected or processed. However in cases of public interest, scientific or statistical, or research purposes, the data can be stored for more extended periods.
While you retain the recordings, you need to:
- Pseudonymize (ensure the personal data cannot be linked to a specific individual) and encrypt all personally identifiable data.
- Ensure the confidentiality, integrity, availability, and resilience of processing systems and services, thus protecting from unauthorized access.
- Guarantee the availability and access to personal data on time in case of a physical or technical incident.
- Have an established process for regularly testing, assessing, and evaluating the effectiveness of security measures.
Right to access recordings
The participants of the calls and meetings have the right to access the recording and also request more information on:
- The purpose of the information gathered and processed
- Categories of personal data concerning them
- The parties that’ll have access to the recording
- How long the data would be stored (if possible)
- The existence of automated decision-making, including profiling and meaningful information about the logic involved, significance, and possible consequences of such processing for the data subject.
Right to request erasure
GDPR also allows the data subjects to request the erasure of the data concerning them, and it needs to be erased without any delay. The data subjects can request deletion of data if:
- The data is not collected from them.
- The data is no longer needed for the purposes they were collected or processed.
- They withdraw consent for the processing.
- The recording has been illegally processed.
- The personal data involves children.
Recording laws in the United Kingdom
Post-Brexit, most of the EU regulations that applied to the UK were no longer applicable. The UK introduced its own data legislation law called UK-GDPR, however, the call recording laws remained largely unchanged from before.
Though, for anyone to record calls in the UK, they also have to comply with the Data Protection Act 2018 and the Human Rights Act 1998—other than the UK-GDPR. These laws safeguard your personal data, establish recording guidelines for businesses and the government, and ensure your data is stored securely.
Recording laws in Canada
Canadian recording laws are straightforward. They have a ‘two-party/ all-party consent’ mandate. So, when you record a conversation involving a Canadian meeting participant, you need to:
- Obtain consent for recording in advance (actively or passively)
- Share the purpose of recording in advance
- Seek consent from every meeting participant
Recording laws in Australia
Across Australia, it’s perfectly legal to record meetings and calls as long as you have two-party consent by informing them in advance. In case of outbound cold calls, you need to let them know at the beginning of the conversation that you will be recording, and the participants have the right to request to be transferred to a non-recording line.
Certain territories, such as Queensland, allow one-party consent for recordings. However, if you’re situated in New South Wales, remember that the Surveillance Devices Act 2007 applies to you, and it’s illegal to use a recording device without all participants' consent.
Recording laws in South Africa (RICA Act)
In South Africa, call recordings are regulated by the Regulation of Interception of Communications and Provision of Communication-Related Information Act of 2002 (known as RICA). Unless you’re a party to the conversation, have written consent from one of the parties, or are conducting a discussion pertaining to the business (where specific exceptions apply), recording a call in South Africa would be considered unlawful.
However, being party to the conversation broadly means either you’re a part of the conversation (virtually or in person) or invited to the meeting/call, which means you can go ahead and record calls or meetings without any hassle.
Compliance aspects to look for when evaluating call recording software
As you get to evaluating call recording software for recording and analyzing calls and meetings across dialers and web conferencing tools, you’ll notice that pretty much everyone adheres to compliance. But then, most platforms are compliance capable and not necessarily compliance optimal.
Compliance capable solutions
Compliance capable solutions refer to a product’s capability to comply with the regulations, but they might not necessarily incentivize the users to keep those compliance levers switched on.
Not every user will remember and switch on or off a compliance safety measure. And this is where compliance-capable solutions miss the mark by not balancing the capabilities with user experience.
Here’s an example: As discussed earlier, one of the mandates for obtaining consent is to make a mandatory announcement saying, “This meeting is being recorded” when someone joins the meeting. A compliance-capable solution announces every time someone joins the meeting to the entire room, instead of announcing only the new attendees. From a user experience standpoint, you don’t want to interrupt the conversation flow of people in the middle of a meeting.
Compliance optimized solution
Compliance-optimized solutions balance compliance requirements and user experience quite well. They deliver the goal of being fully compliant without making the user perform a lot of manual steps.
For example:
- The mandatory announcements are made only to individual attendees and not to the whole group in the meeting or call
- Instead of sending a separate email notifying the intent to record the call (which can get missed), compliance optimized solutions ensure visibility by placing the cue within the calendar right where they accept the meeting.
5 questions to ask your vendor before buying their call recording software
Below is a list of questions that you should consider asking call recording providers when you’re evaluating their compliance:
- What are your call recording best practices in One-Party Consent / Two-Party Consent states?
- Is obtaining consent from your attendees across geographies an automated feature your platform offers?
- How do you ensure compliance if the meeting participant hasn’t opened the notification email before the meeting?
- How do you announce the recording disclaimer?
- How do you handle consent for cold calls?
How does Avoma comply with call recording laws?
At Avoma, we take compliance seriously. While it’s your responsibility to comply with the regulations and seek consent, Avoma offers ways to automate and enable the process.
1. You can enable the following notifications to seek consent from your participants:
- Email reminders to participants, along with a consent disclaimer
- In addition to the email, you can include the consent disclaimer that the meeting will be recorded as a resource for both parties—right within the calendar. It’s hard to miss because it’s right above the meeting acceptance buttons.
2. For more clarity, we recommend you explicitly name the bot, so it’s clear that the bot has joined the call to record. Example: You can name it – ‘Avoma Recorder.’
3. When you record meetings natively using a conferencing tool, you’ll always see a constantly blinking red button indicating that the call is recorded.
4. If you’re recording the meeting natively using Zoom or Google Meet, every new meeting participant joining the call gets an audio alert/announcement that the meeting is being recorded. The announcement is heard only by the new meeting participant without interrupting the conversation flow of existing participants.
And if you choose to record using the Avoma Bot, you have to enable the audio announcement, and your meeting participants will start hearing the announcements.
5. The meeting recording is accessible to both parties as long as they are Avoma users. And in case of sharing the meeting with a non-Avoma user, you can control the access permission on what they get to see.
6. Regardless of the meeting participants being from a single-party or two-party consent state, we recommend that you proactively notify all of them and seek consent.
7. In case of a cold outbound call made from a dialer, we recommend the SDRs and BDRs explicitly announce that the call is being recorded right at the beginning of the call. For example, they can say something like, “Hey! This is John Doe from Acme Inc., and I’m calling from a recorded line.” And if the called party continues to stay on the call, it means that they have passively consented. This disclosure isn’t required in single-party consent states, but we recommend standardizing the process across the board.
Summing up…
We hope this blog post gives you a good perspective on the legal aspects of recording meetings and calls worldwide. With Avoma, we make it easy for you to ensure compliance with the call recording laws by automating the process—and are committed to keeping up with the changes and updates.
We also ensure that this post is continuously updated as the changes occur.