CallComply
Regulation6 min read8 July 2026

Call recording laws for Australian businesses: what your sales team must say

Australia has no single call recording rule. Here is the plain-English version for businesses that sell over the phone, and the one disclosure standard that keeps you safe in every state.

Most articles about call recording laws in Australia are written for people in a dispute, wondering whether a recording of a phone call will hold up. This one is not. This is for businesses that record sales calls as a matter of course, for training, quality assurance and compliance, and want to know exactly what the law requires them to do about it.

If that is you, here is the short version: yes, you can record your sales calls, but only if you handle notification and consent properly on every call, and only if you treat the recordings correctly afterwards. The detail sits across two layers of law, and the practical answer is simpler than the legal map suggests.

Two layers of law, not one rulebook

There is no single Australian statute called "the call recording law". Two things regulate the recording of a business phone call.

The first is federal. The Telecommunications (Interception and Access) Act 1979 [VERIFY: Act name and current relevance to participant recording] deals with intercepting communications as they pass over a telecommunications network. This is the layer aimed at wiretapping, and a business recording its own calls as a participant, with proper notification, is generally not operating in this territory [VERIFY: confirm participant recording position with lawyer or primary source].

The second layer is state and territory law. Each state and territory has its own surveillance devices or listening devices legislation, and these govern the recording of private conversations by the people in them. This is the layer that actually determines what your sales team must do, and it is where the complexity lives, because the states do not agree.

The consent patchwork

The state laws split into two broad camps. Some jurisdictions allow a private conversation to be recorded if one party to it consents, which in a business context means your own staff member on the call [VERIFY: which jurisdictions currently permit one-party consent, commonly cited as Queensland]. Most require the consent of all parties to the conversation before it can lawfully be recorded [VERIFY: current all-party consent jurisdictions].

Here is why the split does not help you. Your business might sit in one state, your salesperson in another, and your prospect in a third, answering a mobile from anywhere. The law that applies can depend on where the people on the call actually are, not where your company is registered. No sales team can run a per-call legal analysis of which state's surveillance legislation applies before pressing record.

So almost every properly advised Australian business does the same thing: it adopts the strictest standard nationally and treats every call as if all-party consent is required. One standard, every call, no exceptions. That is not just legally cautious, it is operationally simpler, which is usually why it sticks.

What your sales team must say

All-party consent in practice means notification before recording starts, plus a genuine ability to opt out. Concretely:

The caller must be told the call is being recorded before any recording begins. On inbound calls this is usually an automated message before the call connects. On outbound sales calls, where there is often no automated front end, the disclosure has to come from the salesperson's mouth, at the top of the call, before the pitch starts.

The wording matters less than the timing and the honesty. "This call is being recorded for training and quality purposes" does the job. If you are definitely recording, say "is", not "may be". A disclosure that arrives two minutes into the call, after rapport has been built, is not a disclosure that happened before recording started.

The other party needs a real alternative if they object. That might be continuing the conversation unrecorded, switching to email, or being called back on an unrecorded line. What you cannot do is present recording as a condition of being spoken to at all and call that consent.

And this is the part most businesses miss: the legal requirement is per call, not per policy. Having the disclosure in your script does not mean it was said on Tuesday afternoon's forty-third call. If your team makes ten thousand calls a month and you check a sample of them, you do not actually know your notification rate. You know the notification rate of the sample.

After the call: the recording is now regulated data

Recording lawfully is half the job. Once a recording exists, it is personal information, and for most established businesses the Privacy Act 1988 and the Australian Privacy Principles govern how it is collected, stored, secured and eventually destroyed [VERIFY: current turnover threshold for Privacy Act coverage and any small business exemption changes].

Practical consequences: your privacy policy should say that calls are recorded and why. Recordings need to be stored securely, with access controlled, and kept no longer than they are needed. If your team takes card payments over the phone, payment card industry rules add a further layer, because sensitive card data generally must not sit in your recordings at all [VERIFY: PCI-DSS position on recorded CVV data]; pause-and-resume recording or automated redaction is the usual answer.

For businesses in regulated verticals, sector rules stack on top. Financial services firms carry their own record-keeping obligations, and health-related businesses handle sensitive information that attracts stricter consent and storage requirements [VERIFY: specific sector obligations before citing any]. If that is you, the disclosure at the top of the call is the beginning of the compliance job, not the end of it.

The uncomfortable question: can you prove it?

Everything above is well understood by most sales-led businesses. The gap is rarely knowledge. It is evidence.

If a regulator, a complainant or a lawyer asks whether your team disclosed recording on a specific call in March, "it's in the script" is not an answer. The only answer that ends the conversation is the call itself, checked, with the disclosure confirmed and the evidence attached.

Manual QA cannot get you there. A human team reviewing a sample hears a fraction of your calls, and the fraction it hears is not the fraction that generates the complaint. We know this from the inside: in a multi-brand education group we built and scaled across Australia and Canada, a three-person compliance team checked around 5% of calls across more than 50 salespeople. The system that replaced it checks 100% of them, to one consistent standard, with the evidence attached, and compliance went up, not down.

That is the standard worth building to. Not because recording disclosure is the hardest compliance obligation your sales floor carries, but because it is the simplest one to verify on every call, and if you cannot verify the simple one, the harder ones are guesswork.

If you record sales calls and want to know what checking all of them would look like inside your own environment, that is exactly what the discovery call is for.

Book a free discovery call →

General information about the regulatory environment, not legal advice.

Book a free discovery call →