Call Recording Laws in Australia: What Your Business Needs to Know

Australian businesses can legally record phone calls without telling the other party, in every state and territory, under a principle called one-party consent. This guide covers the federal and state laws that apply to call recording in Australia, the Privacy Act obligations that kick in the moment you save a recording, and the practical steps your business should take before turning call recording on. This is not legal advice for your specific situation, but it is the plain-English foundation you need before you talk to a solicitor, or before you let your VOIP provider switch on a feature that carries real legal weight.

The short answer: If your business is a party to the call, you can record it. That is true whether you make the call or receive it. What you cannot do is record a private conversation between two other people without their knowledge. And once you have saved a recording, the Privacy Act applies, which means you need to handle, store, and eventually delete that recording responsibly.

The Federal Law: Telecommunications (Interception and Access) Act 1979

The primary federal law governing call recording in Australia is the Telecommunications (Interception and Access) Act 1979. The key rule is this: it is legal to record a phone call if at least one party to the call consents to the recording.

In a business context, that party is you, or your business. If you are on the call, or your business system is recording the call as it passes through your phone system, the one-party consent threshold is met. You do not need the other person's permission.

This applies to:

• Calls your business makes outbound to customers, suppliers, or anyone else
• Calls your business receives inbound from customers, suppliers, or anyone else
• Calls handled through your business phone system, even if a staff member is on the other end

What is illegal under federal law is recording a private conversation between two other people where you are not a party. Think of a business owner secretly recording a conversation between two employees in a meeting room, or intercepting calls made between two customers. That requires a court order or is otherwise prohibited without consent from all parties to that specific conversation.

For the overwhelming majority of business call recording scenarios, the one-party consent rule means you are on solid legal ground at the federal level.

State Laws: All Eight States and Territories Use One-Party Consent

A lot of the confusion around call recording in Australia comes from the fact that each state and territory has its own surveillance and listening devices legislation, on top of the federal law. Business owners often hear there are state laws and assume the rules must be complicated or stricter. In practice, as of 2026, all Australian states and territories are one-party consent for telephone call recording when you are a party to the call.

Here is the state-by-state summary:

New South Wales: Surveillance Devices Act 2007. One-party consent. If your business is on the call, you can record it.

Victoria: Surveillance Devices Act 1999. One-party consent. Same rule applies.

Queensland: Invasion of Privacy Act 1971. One-party consent. If you are a party to the call, recording is lawful.

Western Australia: Surveillance Devices Act 1998. One-party consent.

South Australia: Listening and Surveillance Devices Act 1972. One-party consent.

Tasmania: Listening Devices Act 1991. One-party consent.

Australian Capital Territory: Listening Devices Act 1992. One-party consent.

Northern Territory: Surveillance Devices Act 2007. One-party consent.

Every jurisdiction in Australia arrives at the same answer for business call recording: if your business is a party to the call, you can record it without telling the other party. The state laws add a layer of complexity in name only. The practical outcome is consistent.

Important note: state laws may use slightly different definitions and have specific provisions around how recordings can be used or disclosed afterward. If you are planning to use a recording as evidence in legal proceedings, share it with a third party, or publish it, you should get legal advice about the specific use case. The one-party consent rule covers the act of recording. It does not automatically cover every possible downstream use.

Why You Should Notify Callers Anyway (Best Practice vs Legal Requirement)

Just because you legally can do something does not mean it is always the right call for your business. There are several reasons why most businesses choose to notify callers that their calls may be recorded, even though the law does not require it.

Professional reputation. "This call may be recorded for quality and training purposes" is an established business norm. Customers expect it from professional organisations. If a caller is surprised to later find out their call was recorded, that can damage trust, even if it was entirely legal. The notification heads off any surprise and signals that your business operates transparently.

Dispute resolution. If you ever need to use a recording as evidence in a dispute, having an on-record notification that the call was being recorded strengthens your position considerably. A recording made without notification, while legal, can attract more scrutiny in a legal or mediation context.

Staff relations and trust. If you are recording calls that staff members make and receive, notifying your staff is not just courteous, it is a legal requirement in some states under workplace surveillance laws (more on this below). Notification builds a culture of accountability rather than a culture of secret monitoring.

International callers. If your business takes calls from customers in California, the EU, the UK, or other jurisdictions with all-party consent rules, notification removes the legal uncertainty. US states like California require all parties to consent to a recording. EU customers have rights under GDPR around how their data, including call recordings, is handled. A simple upfront notification covers you across multiple jurisdictions simultaneously.

The single most practical step you can take right now: add a call recording notification to your auto-attendant or IVR greeting. Something like: "Thank you for calling [Business Name]. Calls may be recorded for quality and training purposes. To continue, please hold or press 1 for [department]." That one sentence, played automatically before every inbound call, covers you legally, professionally, and internationally. It takes about 10 minutes to configure in most VOIP systems and most providers can assist you.

How to Set Up a Call Recording Notification on a VOIP System

Most modern VOIP phone systems, including hosted PBX solutions, have an IVR (Interactive Voice Response) or auto-attendant feature. This is the same system that plays "press 1 for sales, press 2 for support" when callers ring your main number. It is the right place to insert your call recording notification.

The process varies slightly by provider, but the general steps are:

1. Log into your VOIP provider's management portal or PBX admin interface
2. Navigate to the auto-attendant or IVR settings for your main inbound number
3. Upload a short audio recording, or use text-to-speech if your system supports it, with your notification message
4. Set this greeting to play before any call routing occurs
5. Test by calling your own number from an external phone

Standard phrases that work well:

• "This call may be recorded for quality and training purposes."
• "Calls to this business may be recorded. By continuing, you consent to this recording."
• "Thank you for calling [Business Name]. To maintain service quality, this call may be recorded."

If your system does not have an auto-attendant, your VOIP provider should be able to configure a simple inbound announcement that plays before the call connects to a staff member. If they cannot help you with this, it is worth asking the question directly, as this is a standard feature of any quality business VOIP service. See our guide to VOIP call quality in Australia for more on what to expect from a business-grade phone system, including call recording as a standard feature.

The Privacy Act: Where the Real Legal Obligations Live

Here is the part most VOIP providers and MSPs do not tell you when they turn on call recording as a default feature: the recording itself is not the main legal risk. The storage, handling, and disposal of that recording is where your Privacy Act obligations begin.

Under the Privacy Act 1988 (Commonwealth), a call recording that contains any information about an identifiable individual is classified as "personal information." That means it falls under the Australian Privacy Principles (APPs), which apply to most Australian businesses with a turnover above $3 million, to all health service providers regardless of size, and to several other categories.

Australian Privacy Principle 11 (APP 11) requires you to take reasonable steps to protect personal information from misuse, loss, interference, unauthorised access, modification, or disclosure. For call recordings, this means:

• Recordings should be stored securely, with access restricted to staff who have a legitimate reason to review them
• Recordings should not be accessible to the general public or shared with unauthorised third parties
• If recordings are stored in the cloud, you should understand where that data sits geographically and what the provider's own security practices are
• Recordings should be deleted when there is no longer a business reason to keep them

Retention periods. There is no single universal rule across all industries. The general principle is: keep recordings for as long as there is a legitimate business reason, then delete them. Reasons to retain include: open disputes or complaints, active legal matters, or compliance requirements specific to your industry. Reasons to delete include: the call was routine with no ongoing relevance, the customer relationship has ended, or you have reached the maximum period your privacy policy specifies. Many businesses set a default retention window of 90 days for routine calls, with longer retention only for specific flagged recordings.

For businesses in financial services: ASIC has specific requirements under the AFSL framework. Some communications, including call recordings, may need to be retained for up to seven years. If your business holds an Australian Financial Services Licence, or if you provide financial advice, credit services, or insurance, you need to get specific legal advice about your call recording retention obligations. This is an area where a general guide is not enough.

Employee Call Recording: Different Rules Apply

Recording customer calls is one thing. Recording calls made or received by your employees is a separate issue that brings workplace surveillance laws into play, and this is where things get genuinely more complex.

In New South Wales, the Workplace Surveillance Act 2005 requires employers to give employees written notice before carrying out any surveillance. This includes phone call monitoring and recording. The notice must be given at least 14 days before surveillance begins, or when the employee starts work if they are a new hire. Recording employee calls without this notice is prohibited under NSW law, even though recording a customer call without notice is permitted.

Other states have their own workplace surveillance rules, though the frameworks differ in structure. Victoria, Queensland, Western Australia, and South Australia each have relevant legislation. The specifics around employee notification requirements, what counts as covert surveillance, and what the consequences of non-compliance are vary by jurisdiction.

The practical upshot for small businesses: if you are turning on call recording for your team, you should:

1. Update your employment contracts or staff handbook to include a workplace monitoring clause
2. Provide written notice to all current staff before activating recording
3. Include the monitoring policy in onboarding documentation for new staff going forward
4. Speak to an employment lawyer or HR adviser if you are unsure what is required in your state

This is one area where getting legal advice specific to your situation is genuinely important. A solicitor who specialises in employment law can review your setup and confirm you are compliant in your state, typically for a modest fixed fee.

International Callers: US, UK, and EU Rules Are Different

Australian law governs what happens in Australia. But if your business receives calls from customers in other countries, those customers may have rights under their own jurisdiction that affect how you can record and store those calls.

United States. The US is a patchwork of federal and state rules. At the federal level, one-party consent applies, similar to Australia. But 11 US states, including California, Connecticut, Florida, Maryland, and Washington, require all parties to consent to a recording. If you record a call from a California customer without their knowledge, you may be exposing your business to liability under California law. The notification approach solves this: if the caller hears "this call may be recorded" and continues, that constitutes consent in most US jurisdictions.

European Union. GDPR (General Data Protection Regulation) applies to the personal data of EU residents, regardless of where the company processing that data is based. A call recording that contains information about an EU customer is subject to GDPR. This means you need a lawful basis for the processing, typically legitimate interests or the customer's explicit consent, you need to be transparent about how the data is used, and you need to be able to fulfil access and deletion requests from EU customers. If your business regularly interacts with EU customers and records those calls, a privacy lawyer with GDPR experience is worth consulting.

United Kingdom. Post-Brexit, the UK operates under UK GDPR, which largely mirrors EU GDPR. Similar considerations apply.

For most small Australian businesses that deal primarily with Australian customers, international compliance is not a pressing concern. If you have an international customer base, or if you are growing in that direction, it is worth factoring into your privacy policy and call recording procedures.

How VOIP Call Recording Works in Practice

Understanding the legal side of call recording is one thing. Understanding how your VOIP system actually handles recording is important for managing your obligations in practice.

Most hosted VOIP and cloud PBX systems offer call recording as a built-in feature. The way it typically works:

Automatic recording of all calls. The most common business setup. Every inbound and outbound call is recorded automatically. Recordings are stored in the cloud on the provider's servers, accessible via the management portal. This is the simplest to manage operationally but requires the strongest storage and retention hygiene.

On-demand recording. Staff can trigger recording mid-call by pressing a key or activating a button in the softphone app. This gives more control but relies on staff discipline, and means some calls that should be recorded may not be.

Per-extension or per-number recording. Some providers let you set recording rules at the extension level: sales extensions record all calls, support extensions record on demand, management extensions do not record. This level of granularity is useful for businesses with different compliance needs across teams.

Download and export. Business-grade VOIP systems let you download recordings as audio files, typically MP3 or WAV, or export them to an external storage system. This matters for retention management: if you want to keep certain recordings beyond the provider's default storage window, you need to download and archive them yourself.

Where are the recordings stored? This is a question worth asking your VOIP provider directly. Most Australian business providers store recordings on servers in Australia, but some use US or offshore cloud infrastructure. If data sovereignty matters for your business, or if you handle sensitive customer data, confirm the storage location before activating the feature.

Call recording is a standard feature of any well-configured business VOIP system. Our guide to the best VOIP phone systems for Australian small businesses covers the full feature set to look for when choosing a provider. If you have not yet set up a business VOIP system and are trying to understand what is included, that is a good place to start.

Practical Business Scenarios: When Call Recording Matters Most

Call recording is not just a compliance checkbox. For many small businesses, it is one of the most useful operational tools available. Here are the scenarios where it earns its place:

Dispute resolution. A customer disputes what was agreed over the phone. You have the recording. This is the single most common reason small businesses rely on call recording as a business protection tool. Without it, it is your word against theirs.

Quality monitoring. You want to know how staff are handling customer enquiries. Recording gives you objective data. You can identify training gaps, inconsistent messaging, or staff who need coaching, without relying on customer complaints alone.

Training new staff. Real calls, with identifying details removed where appropriate, are far more effective training material than scripted role-plays. New staff can hear how experienced colleagues handle common situations.

Compliance evidence. Regulated industries including finance, legal, health, and real estate often need to demonstrate that disclosures were made, consent was obtained, or advice was given correctly. A recorded call is contemporaneous evidence that is very difficult to dispute.

Order and instruction accuracy. Trades businesses, suppliers, and service businesses often receive orders or specific instructions over the phone. A recording eliminates ambiguity about what was requested and what was agreed.

The business case for call recording is strong. The legal and Privacy Act requirements are manageable. The gap is awareness, and most VOIP providers close that feature without explaining any of this context.

Regulatory Context: What Governs Call Recording in Australia

Call recording sits at the intersection of several regulatory frameworks. Here is a brief map of what applies to whom:

Telecommunications (Interception and Access) Act 1979 (Cth): The primary federal law. Governs who can intercept and record phone communications. One-party consent rule. Applies to all Australian businesses.

State and territory surveillance/listening device laws: Supplement the federal law. All are one-party consent for calls where your business is a party. Specific rules on disclosure and use of recordings vary.

Privacy Act 1988 (Cth) and Australian Privacy Principles: Govern how personal information, including call recordings, is collected, stored, used, and disclosed. Apply to many businesses based on size, sector, or the type of information handled.

Workplace surveillance laws (state-specific): Govern the recording and monitoring of employee calls. NSW Workplace Surveillance Act 2005 is the most prescriptive. Other states have their own frameworks.

ASIC AFSL obligations: For financial services businesses. Stricter record-keeping and retention requirements on communications.

GDPR / UK GDPR (international): Applicable if you handle personal data from EU or UK residents. Extraterritorial reach means Australian businesses are not immune.

The ACMA (Australian Communications and Media Authority) regulates telecommunications carriers and carriage service providers in Australia. ACMA rules around 1300 numbers, number porting, and telecommunications standards are covered separately in our guide to ACMA and 1300 number regulations in Australia.

What Most Businesses Get Wrong About Call Recording

These are the most common mistakes businesses make when it comes to call recording in Australia.

Mistake 1: Thinking it is illegal to record without telling people. This is the most widespread misconception. It is not illegal in Australia for a business to record a call it is party to without notifying the other party. The myth seems to originate from US all-party consent states or from conflating the legal position with best practice. The law is clear: one-party consent at federal and state level. While notification is best practice, it is not a legal requirement for most Australian businesses recording customer calls. Many businesses have been avoiding a useful tool based on a misunderstanding.

Mistake 2: Treating employee and customer calls the same way. Customer call recording operates under one legal framework. Employee call recording is governed by workplace surveillance laws that are significantly more stringent. Activating blanket call recording across your team without reviewing your obligations under the relevant state workplace surveillance law is the most common way businesses get into trouble. The recording may be legally defensible. The failure to notify staff may not be.

Mistake 3: Ignoring the recordings once they exist. Many businesses turn on call recording, log into the portal to review a call once or twice, and then forget the recordings exist. Recordings accumulate. After 12 months, you may have thousands of hours of customer conversations sitting in cloud storage with no defined retention policy, no access controls, and no deletion schedule. This is a Privacy Act liability waiting to be triggered. Set a retention policy the day you activate call recording, and stick to it.

A Note on VOIP and Emergency Calling

Call recording on VOIP systems works differently for 000 emergency calls. In Australia, calls to 000 are handled by the Triple Zero emergency network, which has its own recording and logging infrastructure managed by carriers. Your business VOIP system's call recording feature may or may not capture 000 calls, depending on how your system is configured and whether 000 calling is correctly set up through your provider.

This is a separate but important consideration for any business running on VOIP. If a staff member ever needs to call 000 from your business phone system, you want to be confident that call connects correctly and that emergency services receive your location information. Our guide to 000 emergency calling on VOIP in Australia covers the specific requirements and common failure points in detail.

Your Next Steps

Here is a practical checklist for getting your call recording setup legally and operationally sound:

Before you activate call recording:

• Check whether your VOIP provider has call recording as a feature and whether it is currently on or off by default
• Ask your provider where recordings are stored (data centre location, retention period, access controls)
• Review your Privacy Act obligations: does your business handle personal information from customers? Almost certainly yes. If your turnover is above $3 million or you are a health service provider, the APPs apply fully.
• Draft a call recording retention policy: how long will you keep routine recordings, who can access them, and how will you delete them?
• If you have staff who will have their calls recorded, consult an employment lawyer or HR adviser about your workplace surveillance obligations in your state

When you activate call recording:

• Set up a notification in your auto-attendant: "This call may be recorded for quality and training purposes"
• Update your privacy policy to reflect that calls may be recorded and how recordings are used and stored
• Notify staff in writing if their calls will be recorded (mandatory in NSW under the Workplace Surveillance Act 2005, recommended practice everywhere else)
• Test that recording is working correctly by making a test call and reviewing the recording in your management portal

Ongoing:

• Review recordings periodically for quality and training purposes
• Apply your retention policy: delete recordings that have passed their retention window
• If a customer or staff member makes a privacy request about their call recording, respond within the timeframes the Privacy Act requires
• If your business grows to include international customers, revisit your compliance position with a privacy lawyer

If you are evaluating a new VOIP system and want to understand how call recording fits into the full feature set, our guide to the best VOIP phone systems for small business in Australia walks through what to look for. And if you are ready to get a personalised recommendation for your specific business situation, including call recording setup, you can get a free recommendation here.

This article is general information only and does not constitute legal advice. Laws in this area can change, and the rules that apply to your specific business depend on your industry, the states you operate in, the size of your business, and who your customers are. If you have specific concerns about your call recording practices, consult a solicitor who specialises in privacy and telecommunications law in Australia.

Is it legal to record phone calls in Australia without telling the other person?

Yes, in most business scenarios. Under the Telecommunications (Interception and Access) Act 1979 and state surveillance laws, Australia operates on a one-party consent basis. If your business is a party to the call, you can legally record it without notifying the other party. This applies in every state and territory. The common belief that recording without notification is always illegal is a myth in the Australian context. Notification is best practice and is strongly recommended, but it is not a legal requirement for recording customer calls in most circumstances.

Do I need to tell employees their calls are being recorded?

Yes, and in some states this is a strict legal requirement, not just best practice. In New South Wales, the Workplace Surveillance Act 2005 requires employers to give employees at least 14 days written notice before monitoring or recording their calls. Other states have their own workplace surveillance frameworks with varying requirements. Regardless of the legal minimum in your state, giving employees clear notice that calls may be recorded, and including this in employment contracts or your staff handbook, is the right approach both legally and for maintaining staff trust and morale.

How long should my business keep call recordings?

There is no single universal retention period that applies to all Australian businesses. The general rule under the Privacy Act is to keep personal information, including call recordings, only for as long as there is a legitimate business need. For most small businesses, 90 days is a reasonable default for routine calls. Keep recordings longer when there is an open dispute, a legal matter in progress, or a specific compliance requirement in your industry. Financial services businesses with an AFSL may need to retain some communications records for up to seven years under ASIC rules. Whatever period you choose, document it in a written retention policy and actually enforce it.

Can I record calls from international customers?

Under Australian law, yes. But the laws of the caller's country may also apply. US states including California, Florida, Maryland, Connecticut, and Washington require all parties to consent to a recording. EU and UK customers have rights under GDPR that affect how their personal data, including call recordings, can be processed and stored. The safest approach for businesses with international customers is to use a call recording notification in your auto-attendant. If a caller hears the notification and continues, that typically satisfies consent requirements in most jurisdictions. For EU or UK customers specifically, consult a privacy lawyer if recording is systematic and regular.

Does the Privacy Act apply to call recordings?

Yes. Once a call recording contains information about an identifiable individual, it is personal information under the Privacy Act 1988 (Cth) and the Australian Privacy Principles apply. This means you must take reasonable steps to protect recordings from unauthorised access or misuse (APP 11), you must be transparent about how recordings are handled (APP 1), and you cannot use the recordings for purposes unrelated to why they were collected without the individual's consent (APP 6). The Privacy Act applies directly to businesses with a turnover above $3 million, to all health service providers, and to several other categories. Smaller businesses should check whether they fall under an applicable exemption or threshold.

What is the standard call recording notification phrase used in Australia?

The most commonly used phrase is: "This call may be recorded for quality and training purposes." Variations include adding "by continuing, you consent to this recording" or "to maintain service quality, this call may be recorded." The notification should be brief, placed at the beginning of every inbound call before the caller is connected to staff, and delivered via your auto-attendant or IVR. There is no legally mandated wording, but the phrase should be clearly audible and give callers the opportunity to disconnect if they object before the call substantively begins.

My VOIP provider turned on call recording as a default. What do I need to do?

This is more common than it should be. Start by logging into your provider's management portal and checking whether call recording is active. If it is, and you were not aware of it, take the following steps: first, add a call recording notification to your auto-attendant so callers are informed going forward; second, check where recordings are stored and what the provider's retention period is; third, notify any staff whose calls are being recorded; fourth, draft a simple internal policy covering how recordings are accessed, retained, and deleted. The recording itself is almost certainly legal under one-party consent, but the absence of a notification, staff awareness, and a retention policy creates unnecessary risk.