Call Recording Laws: A Practical Guide

December 6, 2019

Sara Howshar

So you’re thinking about recording calls for coaching, training, and other purposes? Maybe you’re already recording or you’re evaluating partners. Juggling the obvious benefits of call recording with how to implement and getting team buy-in, you’re also probably concerned with compliance.

Well, you’re in luck. Call recording compliance is a top priority of ours. And so is plain-language transparency.

We know how important it is to stay compliant, so below we’ve shared a plain-language guide on call recording laws and how to apply them using best practices.

Intro to Call Recording Laws #

Call recording laws differ at the federal, state, and international levels. It is generally legal to record calls as long as you follow the applicable laws governing call recording. But we all know it can be tricky to keep track of the laws across different geographies and to come away with practical best practices that apply to your business.

We’re here to help with your research. We’ve done a deep-dive on One-Party and Two-Party consent laws, as well as compliance issues under the GDPR.

Top Use Cases for Recording Calls #

There are many reasons to record calls, though most revolve around using the recordings as coaching and QA tools to drive higher quality customer experiences.

The types of calls we see most often recorded in Conversation Intelligence platforms are:

  • Customer service and support calls
  • Sales calls
  • Client meetings
  • Webinars
  • Lectures
  • Employee training

Want to know if you are compliant when recording calls wherever you're at? Here’s a quick overview of how call recording law works and some of our best practices.

US Federal Call Recording Laws #

The federal law in the U.S. (18 U.S.C. § 2511(2)(d)) requires Single-Party Consent for call recording, so long as the consenter only does so after having full knowledge that the conversation will be recorded.

How Call Recording Works in the US (Federally) #

Party A can record a call as long as s/he is in the room, present on the call, or can reasonably overhear the conversation.

This is known as Single-Party Consent. Under Single-Party Consent, Party A is the only party who is required to know that a call is being recorded.

Basically: If you are calling a prospect and you know that the call is being recorded – and you’re on the call – you’re in the clear for Single-Party Consent.

Things to Avoid (Read: Illegal) #

Party A is not permitted to record a call to which he/she is not participating, from outside of the room or that Party A cannot reasonably overhear.

To do otherwise is essentially wire-tapping, which is illegal.

Basically: You can’t record a call that you are not part of.

Chorus.ai Best Practices #

We recommend – and offer – Two-Party Consent out of the box to ensure the widest possible compliance.

US State Call Recording Laws #

How Call Recording Works in the US (States) #

There are 13 states which require Two-Party Consent permit passive consent. More details on exact state-based rules below.

Basically: Most states across the U.S. require Single-Party Consent.

Things to Avoid (Read: Illegal) #

In Two-Party consent states, you cannot record a call if you did not go through reasonable effort to alert attendees that you will be recording the call by providing either an audio or visual cue.

Basically: If you are calling a person in a Two-Party consent state, you have to let everyone know that the call is being recorded.

Chorus.ai Best Practices #

We recommend treating every state as a Two-Party Consent state and display either an audio or visual cue to every attendee on the call to get implicit consent.

Basically: We like to keep the visual cue up for the length of the call because some participants may have their sound muted when they first join.

Call Recording Laws by State #

Single-Party Consent is the most common throughout the U.S.

Call Recording Laws Single-Party States

Single Party Consent States are:

Alabama, Alaska, Arizona, Arkansas, D.C., Georgia, Hawaii, Idaho, Indiana, Iowa, Kansas, Kentucky, Louisiana, Maine, Michigan, Minnesota, Mississippi, Missouri, Nebraska, New Jersey, New Mexico, New York, North Carolina, North Dakota, Ohio, Oklahoma, Rhode Island, South Carolina, South Dakota, Tennessee, Texas, Utah, Virginia, West Virginia, Wisconsin, and Wyoming.

Two Party Consent States

Two Party Consent States are:

California, Connecticut, Delaware, Florida, Illinois, Maryland, Massachusetts, Michigan, Montana, New Hampshire, Pennsylvania, and Washington State.

Mixed Consent States

There are a few states (such as Oregon, Nevada and Vermont) that either have somewhat obscure regulations (Nevada) or no regulation at all (Vermont).

Each participant of the call is protected (and must comply with) the law which governs their location. Because of this, multiple laws may apply to the same recorded conversation.

Call Recording in Europe & The GDPR: #

How Call Recording Works in Europe and With GDPR #

There are some EU nations that permit Single-Party Consent and others which require Two-Party Consent.

Under the GDPR, data controllers must have a legal basis to process (collect, store, share, etc.) the personal data of EU residents. In the absence of some other legal basis outlined by the GDPR, controllers must obtain the active consent of the data subject before collecting his/her personal data.

Basically: This is the strictest set of regulations requiring explicit, active consent from all parties

Things to Avoid (Read: Illegal) #

Personal Data that is collected from an EU resident without an appropriate legal basis for doing so will be in violation of the GDPR, thereby making the data controller (and related vendors they are engaged with) vulnerable to fines and other penalties required by the GDPR.

Basically:
If you want to avoid being subject to fines or penalties, you must follow the GDPR to the letter. (Meaning active Multi-Party consent)

Chorus.ai Best Practices #

Under the GDPR, recording parties must get the active consent of data subjects, unless they have some other legal basis to do so. (These legal bases are rare.)

Basically: You must ask the party being recorded to take an action such as a verbal confirmation or by clicking a button that confirms his/her agreement to the recording.

Call Recording Law International

International Call Recording Laws #

In most jurisdictions around the world, call recording generally requires Two-Party Consent.

Below we’ve attempted to illustrate a sampling of the call recording laws for predominantly English-speaking countries.

  • UK and Ireland: Two-Party Consent
  • South Africa: Two-Party Consent
  • Canada: Two-Party Consent, though Party A must also explain to Party B why the call is being recorded
  • Australia: Call recording is illegal in most cases, including for monitoring customer calls and employee training. Call recording may only be permitted for purposes of obtaining a warrant and monitoring criminal activity
Call Recording Law Cheatsheet

How Chorus Ensures Call Recording Compliance #

Chorus boasts several options in terms of recording notice cues to ensure compliance with whichever regulation you’re trying to comply.

This flexibility allows you to choose the method of call recording cues that work best for you.

How Call Recording Compliance Works at Chorus.ai
#

At Chorus, compliance is a top priority. To enable you and your teams to maintain call recording compliance, we have thought through the different ways in which you're most likely to schedule a meeting - and enter into a recorded call.

Here's a breakdown of how we enable compliance in calendared calls (with and without Zoom) and cold calls.

Chorus.ai In the US #

  • For calendared calls with Zoom
    • During the entire call, there is persistent text stating that the call is being recorded on Chorus, along with a blinking recording button.
    • Every new user who joins the call hears an audio alert that the call is being recorded that is only audible to them.
    • Despite the fact that Party A is not required to notify Party B of the recording in One-Party states, we recommend that you notify them anyway
  • For calendared calls without Zoom
    • Participants receive a written alert that the call will be recorded in the calendar invite.
    • The call leader can also announce that the call is being made from a recorded line as new participants join.
    • These features can be disabled for calls within Single-Party Consent states, but we recommend keeping them on.
  • For Cold Calls
    • If you’re recording cold-calls, we recommend coaching BDRs to announce: “Hi [NAME] - this is [NAME] calling from a recorded line. I’m calling about X...” from the very start of the call.
    • If Party B remains on the line, he/she has passively consented.
    • This disclosure isn’t required in Single-Party Consent states. (But not a bad “across the board” policy)

Chorus.ai In Europe and Under the GDPR #

  • For calendared calls with or without Zoom
    • Once our platform determines Party B’s location through his/her IP address, a landing page is triggered Party B is presented with the option of clicking on a “Join this Meeting With Recording” button or a “Join this Meeting Without Recording” button.
    • Remember: The EU requires Party B to perform an action to consent to the recording.
    • If a Party B does not consent, he/she will still be joined onto the call, but Chorus drops off.
  • For Cold Calls
    • We recommend taking more measures to ensure compliance when recording cold calls in Europe as there are more regulations that need to be followed.
Call Recording Law Compliance2

Call Recording Questions to Consider with Your Legal Team #

This is by no means an exhaustive list (we’re not a legal firm, after all) but we hope it helps you better define your internal call recording protocols.

  • Where can we operate on the basis of One-Consent, and where must we obtain Two-Consents?
  • How will we alert prospects with visual, auditory, written, or verbal cues in Two-Party Consent states?
  • How will we get active consent from people in countries that are governed by the GDPR?
  • Are consents in emails permitted? If so, under what conditions?
  • How do we handle consents during cold calls?
  • Are we archiving consents in a manner compliant with applicable laws and regulations?

What to Watch Out for When Evaluating Call Recording Partners #

As you’re evaluating Conversation Intelligence partners, you may notice that almost all systems are built to be compliance capable but are rarely compliance optimal.

  • Compliance-capable systems include the option to switch on and off certain compliance safety measures. Your recordings are able to be compliant, but your users aren’t incentivized to keep these compliance levers switched on.
  • Compliance-optimized systems are designed to balance compliance requirements with the user experience – the goal is to deliver a fully compliant product without compromising the user experience. Your users are then incentivized to keep the compliance levers switched on by choosing the compliance cues that are suited best for the call.

Here are some examples of compliant capable (but not optimal) situations you might encounter:

  • Repeated audio announcements. These systems announce, “This call is being recorded,” to the entire room every time new users join the call, rather than only announcing to the new attendees.

    Why this isn’t optimal: This can be distracting for participants as it interrupts the conversation flow. It may not provide the best possible Customer Experience, and users may be more inclined to switch off this feature.
  • Email notifications. Some systems send email notifications that a call will be recorded right before the start of the call, rather than placing email notifications in the calendar invite.

    Why this isn’t optimal: This is a grey area. Meeting participants are more likely to miss email notifications or never open the email before the meeting begins.

    Chorus Best Practice: We find that placing your visual cue in the calendar invite is more compliant, as users must open the invite to accept it and/or join the meeting.

Questions to Ask Your Potential Call Recording Partners #

Below are a list of questions that you should consider asking call recording providers when you’re evaluating their compliance:

  • How do you recommend obtaining active consents from EU-based attendees? Is this an automated feature within your platform?
  • How do your visual cues work? How do you ensure compliance if the notification email is not opened prior to the meeting?
  • How do your audio cues work?
    • Does your audio cue play for each new participant or at the start of the meeting?
    • How do you ensure that the audio or visual cues made available on your platform are not disruptive to the meeting experience?
  • What are your call recording best practices in One-Party Consent / Two-Party Consent states, and in the EU?
  • How do you handle consents for cold-calls?

Our Take On Call Recording Laws and Call Recording Compliance #

There is opportunity after opportunity to confuse or misunderstand the call recording laws. They continue to shift as technology improves, and as our world grows smaller.

We’re committed to the development and progress of this technology - and we are committed to the safe, compliant, and privacy-respectful implementation of this technology. We’ll continue to update this summary as changes occur.

Be vigilant and do your due diligence! Check with your legal team and do your research.

Reach out to your CSM and make sure that your call recording and conversation intelligence partners are doing everything they can to make sure you’re compliant.

In case you're still curious...

Call Recording Laws Glossary of Key Terms #

Say we have 2 participants on a call: Party A and Party B...

Data Controller:
A data controller is just that: the party who is recording, collecting, and sharing or controlling the data collected from a recorded call.

Party A and B:
For the purposes of this guide, we’ll refer to 2 parties on a call, the caller e.g. a vendor or seller (Party A) and the receiver of the call e.g. the customer or prospect (Party B).

Single-Party Consent:
Single-Party Consent means that one party (Party A) can record a call as long as Party A is in the room or can reasonably overhear the conversation. In a case of Single-Party Consent, Party A does not need the other party’s consent to record the call.

Two-Party Consent:
Two-Party Consent means that Party A must obtain Party B’s prior consent to record a call. This consent may be given in a passive or active way by Party B.

Passive Consent:
Passive consent is when a participant (Party B) passively consents to call recording after he/she receives an audio, visual, written or verbal cue that the call is being recorded and decides to stay on the line without objecting to the recording.

For example: Say you’re an Account Executive calling a prospect. Your prospect hears an audio cue (“This call is being recorded.”). If they stay on the call with you, they’ve given passive consent.

Throughout the rest of this article, we will simply refer to visual cues as the means by which passive consent is requested and obtained.

Active Consent:
Active Consent (also known as “affirmative consent” under the GDPR) mandates that a caller must take an affirmative action to consent after receiving an audio or visual cue that the call is being recorded.

The consent may be in the form of:

  • Verbally saying “Yes, you can record the call.”
  • Clicking a button that says something like “Yes, it’s okay to record this call,” on a landing page before joining.

Bear in mind that just as an active consent can be given, it can also be revoked. This is why companies must design a broad-based privacy program that addresses the many requirements and considerations under the GDPR.

GDPR:
The General Data Protection Regulation (aka, the GDPR) was enacted in May 2018. It is a regulation that was set out to protect the data privacy of EU residents from third parties located anywhere in the world which are collecting and processing such data.

The GDPR is most concerned with empowering EU residents to decide who, when, how and why their personal data gets processed.

For example: Unless a third party data controller has some other (very strictly controlled and designated) legal basis to collect personal data as detailed under the GDPR, the data controller must obtain the individual’s explicit consent.

The GDPR has added an additional layer of regulation to the caller personal data that can be collected by a call center or over a recorded line. So, not only must a company be aware of the general recording laws (One Party/Two-Party), it must also have policies in place to be sure it is compliant with GDPR.

Are You Ready to Experience Chorus?

Start driving tangible performance improvements in your Revenue Org today.