Call Recording Laws for Businesses: What You Need to Know Before You Press Record

Call Recording Laws for Businesses — Call recording is a standard feature in modern cloud phone systems, and the business case for using it is strong: quality assurance, dispute resolution, training, compliance documentation. But recording a phone call without understanding the legal framework around it creates real liability exposure. The rules vary by state, by industry, and by call type — and "I didn't know" is not a defense.

Federal Law: One-Party Consent as the Baseline

Under federal law (the Electronic Communications Privacy Act), recording a telephone conversation requires the consent of at least one party to the call. In practice, this means if you are a party to the call, you can record it under federal law without notifying the other party. This is called "one-party consent."

However, federal law is the floor, not the ceiling. Individual states can and do impose stricter requirements — and some states require all parties to consent before recording begins.

Florida's Law: One-Party Consent State

Florida is a one-party consent state under Florida Statute § 934.03. If you are a party to the conversation, you can record it without notifying the other party. For businesses operating entirely within Florida calling other Florida-based parties, this means you can record calls for QA or documentation purposes without a disclosure.

However, there are important caveats:

• Interstate calls — if you're calling someone in a two-party consent state (California, Washington, Maryland, and others), you must comply with the stricter state's law. A Florida business calling a California customer must provide notice and get consent before recording.
• Industry-specific regulations — HIPAA, financial regulations (FINRA, SEC), and legal privilege rules impose requirements that go beyond state wiretapping laws.
• Best practice vs. legal minimum — even in one-party consent states, disclosing that calls may be recorded ("this call may be recorded for quality and training purposes") is standard practice and reduces risk.

Two-Party Consent States: Where You Need to Pay Attention

If your business makes or receives calls from customers in any of these states, you need disclosure and consent before recording:

• California, Connecticut, Florida (for some scenarios), Illinois, Maryland, Massachusetts, Michigan, Montana, Nevada, New Hampshire, Oregon, Pennsylvania, Washington

The safest approach for any business with a national or multi-state customer base: treat every call as requiring disclosure. A simple verbal notice at the start of the call — or an automated message before the call connects — covers you in all jurisdictions and adds only seconds to the interaction.

HIPAA and Healthcare Call Recording

Healthcare businesses and any organization that handles Protected Health Information (PHI) face an additional layer of requirements. If recorded calls contain PHI — patient names, appointment information, clinical details — those recordings are subject to HIPAA's Security and Privacy Rules.

This means recorded calls must be stored with appropriate access controls, encrypted at rest, and subject to your organization's HIPAA data retention and disposal policies. It also means your cloud phone platform and call recording storage vendor need to be covered under a Business Associate Agreement (BAA).

Setting Up Compliant Call Recording in Your Cloud Phone System

Most modern UCaaS platforms — RingCentral, Microsoft Teams Phone, 8x8, Zoom Phone — support automated call recording with configurable disclosure announcements. The right configuration for your business depends on your state, your industry, and your customer base geography.

At Leonidas, we configure call recording as part of UCaaS deployments with compliance requirements built in from the start. If you're not sure whether your current recording setup is compliant with the requirements that apply to your business, a free assessment is a good place to start the conversation.