Federal floor
One participant can consent under federal law.
The federal ECPA rule generally permits recording when one party to the conversation consents. A business should not stop there because states can set stricter rules.
call-recording.com compliance guide
A practical U.S. overview for teams that record customer calls: the federal baseline, stricter state consent rules, interstate and remote-work risk, regulated-industry overlays, and the controls a recording program should have before calls are captured.
Federal floor
The federal ECPA rule generally permits recording when one party to the conversation consents. A business should not stop there because states can set stricter rules.
State overlay
All-party consent states require notice and consent from every participant before a recorded conversation continues.
Interstate calls
When callers sit in different states, the conservative approach is to honor the strictest consent rule that could apply to any participant.
Operations
A repeatable recording notice, role-based access, retention controls, and audit logs are easier to defend than ad hoc verbal disclosures.
The Electronic Communications Privacy Act is the main federal wiretap statute businesses meet when they evaluate call recording. Its consent rule is usually described as one-party consent: if the recorder is a participant, or if one participant has given prior consent, federal law generally does not prohibit the recording unless the interception is for a criminal or tortious purpose.
That federal rule does not wipe out state law. States can require more notice, more consent, or different treatment for telephone, mobile, electronic, or private conversations. A recording program that only asks whether federal law permits recording can still create state-law exposure.
A single participant can authorize the recording. The other caller may not need a separate disclosure under that jurisdiction's recording law, though notice can still be good business practice.
Every participant should be told that the call is recorded and allowed to decide whether to continue. Clear opening announcements are common because continued participation after notice can help show implied consent.
State consent watchlist
The states below are the jurisdictions most often treated as all-party consent, heightened-consent, or ambiguous-enough-to-treat-as-all-party for business telephone recording. All other states and DC generally follow a one-party-consent model for telephone calls, subject to context-specific exceptions.
Treat CA as a strict all-party-consent jurisdiction for customer calls. CIPA statutory damages and class-action economics make automated notice important even for routine business calls.
Criminal law can look like one-party consent, but private telephone-call civil liability can require a recorded warning, recorded verbal consent, or written consent from all parties.
Because DE authorities and courts are not perfectly aligned, conservative programs usually follow the stricter all-party approach when a DE participant is on the call.
FL generally requires consent from every participant for telephone and electronic communications, and violations can carry criminal consequences.
IL recording risk turns on private communications. When the call is not clearly public, get notice and consent before recording.
MD requires all parties to consent to recording many telephone and electronic communications; criminal penalties can be significant.
MA is one of the most sensitive jurisdictions for undisclosed audio recording. Do not rely on being a participant in the call as a complete answer.
MT is commonly treated as an all-party-consent state for business call recording. Use clear notice before the call continues.
NV statutes can read as one-party consent, but courts have treated telephone-call recording more strictly. Use all-party notice to avoid the ambiguity.
NH is usually treated as requiring every participant to consent before a private telephone conversation is recorded.
PA wiretap law is especially important for businesses because being part of the call does not automatically make undisclosed recording safe.
WA generally requires all participants to consent, but consent can be obtained through a reasonably effective recorded announcement before recording.
Interstate calls
The hard cases start when a business records from one state while the customer, patient, vendor, or employee is somewhere else. The California Supreme Court's Kearney decision is the classic warning: a business located in a one-party-consent state could still face California's all-party-consent rule when recording California clients.
That is why a national call recording policy usually does not try to route consent logic by headquarters. It assumes any participant may be in a stricter jurisdiction and plays an upfront recording disclosure on every recorded call.
Remote work
Before remote work became normal, many businesses could map recording rules to a handful of offices or call centers. Now an agent may work from home in CA, take a temporary assignment in PA, travel through MA, or support customers from a state the company never considered part of its operating footprint.
The practical response is to keep a current state roster for employees and contractors who participate in recorded calls, document how temporary relocation is handled, and avoid allowing recording policy to depend on manual state-by-state judgment by the agent.
Cost of failure
Federal wiretap violations can carry criminal penalties and civil liability. State law can add statutory damages, attorney-fee leverage, class-action economics, and in some jurisdictions felony exposure. CA's CIPA framework is especially attractive to plaintiffs because statutory damages can be available without a showing that the caller suffered actual economic harm.
Businesses also pay in attention and credibility. A recording-disclosure class action forces legal, security, marketing, and customer-facing leaders to explain a preventable operations gap. A short automated announcement is much cheaper than that investigation.
Regulated industries
Some industries must preserve business communications, protect special categories of data, or prevent certain data from entering recordings at all.
Broker-dealers and related firms may face SEC and FINRA books-and-records rules for emails, instant messages, business social posts, and certain telephone conversations. Off-channel texts and chat apps have produced major SEC enforcement actions.
HIPAA may not require recording, but once a recording contains protected health information it must be handled as PHI, and vendors that process it may need business associate agreements and safeguards.
PCI rules prohibit storing sensitive authentication data such as CVV values and PIN data after authorization. Contact centers taking cards need controls that keep prohibited data out of audio, logs, and transcripts.
Operating checklist
A compliant posture is part legal review and part repeatable operations. The goal is to make the policy easy to follow and easy to audit.
Play a clear notice before recording starts or before the recorded conversation continues.
Define who records, which queues or call types are covered, and when on-demand recording is allowed.
Limit playback, download, export, and deletion to people with a documented business need.
Track policy changes, recording access, exports, deletion, and retention activity.
Set retention by use case and regulatory obligation, then enforce deletion or legal hold consistently.
Know where recordings live, how they are encrypted, and which jurisdictions require local or regional handling.
Document what is recorded, why, how notice is delivered, who can access it, and how long it remains.
Maintain a current map of states where agents and recorded participants may be located.
Call Observe
For national teams, the simplest policy is usually universal disclosure, centrally managed recording rules, and audit evidence that the system followed the policy.
Reference notes
This guide is general information for business planning. It is not legal advice, and recording or monitoring programs should be reviewed with qualified counsel for every jurisdiction where employees, customers, or call participants are located.