If your team makes or takes sales calls in Australia, you are almost certainly recording them. What you might not know is that the rules governing those recordings sit across at least four separate frameworks, and the rules aren't uniform state to state. This is a plain-English guide for business owners and compliance leads. It is general information, not legal advice.
Why call recording is regulated at all
Two things happen the moment a phone call is recorded. First, you create a record of what was said, which becomes evidence for the customer, for you, and for any regulator. Second, you capture the voice of a private individual without them being physically present, which is exactly the situation privacy legislation was written to govern.
Australian law responds to that with layered obligations. The Privacy Act deals with personal information. State-based listening-devices legislation deals with the act of recording itself. The Telecommunications (Interception and Access) Act sits above both for calls carried by a network. And Australian Consumer Law sits over the top of everything, because a misleading representation on the call is still misleading regardless of whether it was recorded.
For most sales operations, the practical questions come down to three: are we allowed to record this call, do we need to tell the caller, and what can we do with the recording afterwards.
Consent varies by state
There is no single national rule for whether a party to a phone call needs the other party's permission to record it. State-based listening-devices legislation splits Australia into two rough camps.
-
One-party consent states. New South Wales, Victoria and Queensland allow one party to a private conversation to record it without the other party's consent, provided the recording is not communicated or published. In practice, businesses in these states can lawfully record a call the business itself is participating in.
-
All-party consent states. Western Australia, South Australia, Tasmania and the Northern Territory take a stricter view. The default here is that all parties to the conversation need to consent to the recording. The ACT sits somewhere in the middle depending on the specific statute.
The upshot for a national sales operation is that the strictest rule governs your practice, because you can't reliably know which state a customer is calling from. The safe default is to assume all-party consent applies, and to design disclosure that satisfies it.
What proper disclosure sounds like
Recording disclosure is not a footnote. It is a statement made at the top of the call, before anything substantive is discussed, that gives the caller a genuine opportunity to hang up if they do not want to be recorded. Something in the shape of:
"Just so you know, this call is being recorded for training and compliance purposes. If you'd prefer not to be recorded, let me know now and we can arrange another way to speak."
Two features make that work. It happens early, before the sale conversation begins. It offers an alternative, so the caller has a real choice. What does not work is burying the disclosure in a hold-music preamble that nobody actually hears, or a disclosure so fast and mumbled that the caller has already moved on before it registers.
The best test we know: could a caller who complains three months later plausibly say they didn't know they were being recorded? If yes, your disclosure isn't doing its job.
What you can do with recordings you already hold
Assuming the recording was lawfully made, three restrictions still apply.
-
Use for the disclosed purpose. If you told the caller the recording was for training and compliance, using it for a marketing testimonial without their explicit further consent is a separate breach.
-
Privacy Act obligations. Recorded voices are personal information under the Privacy Act if the person is identifiable, which they generally are on a sales call. That triggers obligations around storage, access, and destruction after the purpose is fulfilled.
-
Communication of the recording. The listening-devices statutes typically prohibit publishing or communicating the recording to third parties without further consent, even in states that allow the recording itself. Sharing recordings across your own business for compliance review generally sits within the original purpose; sending them to an offshore vendor for processing may not.
The Privacy Act's Notifiable Data Breaches scheme also applies. A leak of call recordings that identifies individuals is a data breach, and depending on likely harm, may need to be notified.
Where the audio should live
This is the question that trips up most SMEs that outsource their call recording. If the recordings are stored offshore, or processed offshore by a QA vendor, you inherit two problems: the Privacy Act still governs the data because it originated with you, and the caller's disclosure never covered offshore handling.
The safest posture is onshore storage, onshore processing, and consent disclosure that reflects both. If you use overseas infrastructure, the disclosure at the top of the call needs to be honest about where the recording goes. Most templated disclosures are not.
Common pitfalls we see
A pattern of the same errors comes up on nearly every set of recordings we review during the calibration phase of an engagement.
-
Disclosure at the wrong point in the call. Sometimes it happens after the pitch has already begun, sometimes it never happens because the agent forgets. Full call coverage catches both patterns immediately.
-
Ambiguous consent. "Do you consent to this call being recorded?" tacked on at the end, when the customer is agreeing to everything to get off the phone, is not real consent.
-
Silent recording during transfers. A common technical arrangement records the call throughout an internal transfer, capturing internal chatter the caller never expected. This is not a marginal risk.
-
Third-party voices on the call. A parent overhearing an enrolment conversation, a colleague sitting nearby, someone answering on speaker. Their voice is now in your recording, and their consent probably wasn't obtained.
Fixing these systemically means catching them systemically, which is what full-coverage checking does.
Where a compliance system fits
Recording rules become material the moment you can prove, on any specific call, what disclosure was given and when. That's the shift from "we have a script" to "we have the evidence." A system that runs every recorded call through the same check, and produces the transcript moment showing the disclosure (or its absence), turns recording legislation from a source of risk into a source of defensibility.
The trade-off is the one every SME faces when the volume grows: manual sampling on a large recording library is a lottery, and even a well-drilled team can't listen to 20,000 calls a month. Full-coverage checking is what closes that gap. It doesn't replace the disclosure in the first place, and it doesn't replace legal advice on your specific setup, but it does mean that six months from now, you can produce the trail.
Related reading
- Manual call QA vs AI checking: an operator's honest comparison
- The sales-call claims that get Australian SMEs in trouble
- Learn more about how we apply this in B2B telesales or insurance.
Want to see it applied to your own calls?
We understand how your business handles recording and disclosure today, then design a system that makes the evidence unarguable. Book a free discovery call →
General information about the regulatory environment, not legal advice. Your specific obligations depend on your products, your customers and your jurisdiction.