Call Recording Consent in the US: A Practical Guide for Service Businesses

If you record customer calls — to capture addresses, for quality, or for training — consent law applies to you. The rules in the United States are not uniform, and getting them wrong carries real penalties. This is a practical overview, not legal advice; confirm specifics with a lawyer for your states of operation.

One-party vs all-party consent

Federal law and most states follow "one-party consent": only one participant (which can be you) needs to know the call is recorded. A significant minority follow "all-party consent" (often called two-party consent), where every participant must be informed and agree.

All-party consent states have historically included California, Florida, Illinois, Pennsylvania, Washington, Massachusetts, Maryland, Montana, New Hampshire, Connecticut, Oregon (for in-person), Nevada (by interpretation), and Delaware. The exact list and nuances change, so treat this as a prompt to verify, not a final answer.

The interstate trap

A call between a one-party state and an all-party state is the common pitfall. The safe operating rule for any multi-state business is simple: behave as if all-party consent always applies. It is the lowest-risk default and removes the need to detect each caller's location in real time.

How to obtain consent in practice

• Use a clear recorded notice at the start of the call: "This call may be recorded for quality and service purposes."
• Let the caller continue the call as the act of consent, and keep the notice on the recording itself.
• For outbound calls, state the notice before any substantive conversation.
• Document your process — the script, when it plays, and that it is logged — so you can show consistent practice.

Beyond consent: handling the data

Consent to record is only the first obligation. Once you have the audio you also have privacy duties: limit who can access it, retain it only as long as needed, redact sensitive data, and be ready to delete it on request. Recordings can contain payment details or personal information a caller volunteers — minimizing and protecting that data is part of doing this responsibly.

How processing tools fit in

When you send recordings to a processing service, you remain the party responsible for lawful recording — the service is your processor. Choose tools that support this posture: that do not train AI models on your recordings, that redact obvious sensitive patterns, that enforce short retention, and that let you export and delete data. HearLoc is built around these defaults — transcripts are redacted automatically, recordings are processed and discarded, and customer audio is never used to train models — so your compliance program has fewer gaps to fill.

This article is general information and not legal advice. Consult qualified counsel for your jurisdictions.