The Law, Risk and Practice of Recording Telephone Conversations in Australia

I had a conversation recently with a gentleman from a company called LenderOptions (not their real name) where I disclosed sensitive details only because I believed the no other party would listen to the call record. I later learned that the company CTO - a chap with a less-than-stellar industry reputation - listened to the call made to me from one of their virtual mobile numbers - an act that relegates a simple personal recording into the category of illegal wiretapping - a criminal offence that carries significant penalties. It was a few days later that one of our own clients questioned the legality of the recordings I make of every call, regardless of whether the call is made or received via company VOIP or my own mobile handset. This article seeks to address the legalities of recorded calls - something that is commonplace in the financial industry for reasons of note-taking, compliance, and accountability.

Legal Disclaimer: Nothing in this article constitutes legal advice. First, I've studied law but I'm not a lawyer... although I did work a stint as a Police Prosecutor for a short time. This combination makes me dangerously stupid when it comes to legal matters. Nothing in this article comes close to legal advice, so ensure you consult your own legal representation for guidance that is best for you. Our own lawyers read over this article and contributed heavily to text before publication, and their changes are published in full.

My Call Was Also Recorded: The irony of my criticism of the call noted above is that I also recorded the call... but I absolutely didn't share it, and would never make it available in a shared CRM. I took this case to my lawyer that used other brokers to assess and identify an ongoing pattern of malfeasance - a necessary step before we considered AFCA and AMCA options (something we'd never normally do, but the data security of this mob is particularly poor, and the data dumps of their client data are regularly posted to the dark web).

Everything is Recorded: The problem (if we can call it a 'problem') is that everything is recorded, and to assume otherwise is negligent. However, as a passive participant, we lean on legislation to ensure that recordings made without our knowledge aren't illegally misused or distributed in any way.

Video and Audio Hearsay: Video footage is considered hearsay (non first-person) evidence in criminal law. Historically, a courtroom would collectively roll its eyes when any suggestion that the video wasn't real or doctored. Not anymore. Tampering with or manufacturing evidence was once a challenge, but it is now a five-second prompt, meaning that the veracity of any video must be challenged whenever used, and this AI evolution has put pressure on prosecutors to ensure a bullet-proof chain of custom and integrity of the evidence chain. As we described a couple of years ago, the integrity of audio now has to be challenged in the same way. AI has defeated audio, and we have to expect technology will be used maliciously for fake phone calls. This article tends to focus on how call-recordings might be used to support a legal position, but not unlike video - and despite the audio conversation supported by first-person testimony - we have to lean on contemporaneous notes and CRM records to support audio authenticity. This whole concept is outside the scope of this video, but it's certainly something that'll have to be tested in case law.

AI Licence Upload in Forms: We've used for a few years that allows a user to take a photograph of a licence before relevant data populates a form, and this transaction introduces a range of privacy considerations. Completely and utterly unrelated to conversational audio recordings, the AI OCR licence tool does start to expose the privacy implications of similar services. Our tools are self-hosted and always actioned on the same server that the website is hosted, but we've seen others send the image to offshore services for processing, potentially exposing sensitive details. The same tool is used for virtually any file upload type. We're more vulnerable now than we ever were in the past when it comes to data protection. The broad relevance of what I've just described is that our call transcripts are managed in the same way. Any personal details uploaded are encrypted and not directly viewable by us.

In short, the Telecommunications (Interception and Access) Act 1979 (Cth) at the federal level, makes it generally illegal to intercept a live telephone call without the knowledge of all parties. However, once the call is received and you’re a party to it, the interception law no longer applies. Instead, state and territory listening device laws will apply. However, as we'll describe, most local legislation permits single-consent recordings if is reasonably necessary to protect your lawful interests, and not made for the purpose of communicating or publishing it beyond the participants, and publishing includes storage in a CRM, or VoiP control panel accessible via more than a single person.

In a digitally-driven and AI-first world, a "third-party" does and will include any type of cloud-hosted service (so anything not managed entirely in-house, or anything that isn't localised on a personal handset). Any recording that vacates a localised environment must be declared and consent needs to be obtained, and consistent with the Privacy Policy 1988, certain information cannot and should not be recorded (even if consensually obtained, meaning the recording is paused when required).

TL;DR Summary: Even where local law might permit one-party recording, giving callers notice is a low-cost mitigation that reduces legal and reputational risk. In most cases, calls can be made for compliance and legal purposes without all parties consent, but vacating this caveat leaves you liable for a big world of hurt.

Our VoiP and AI call services will always provide a recording advising of the recording, and we'll have clients acknowledge that all calls will be recorded when they come on board (our system won't let us proceed with them until this link is clicked), and this is done to protect both sides.

Introduction

Recording a telephone call is rarely a purely technical act. It is a fact-sensitive legal act that sits at the intersection of criminal law, privacy, evidence and employment obligations. If you record without properly considering the law you expose yourself and your organisation to criminal sanction, civil liability and the very real risk that whatever you record will be excluded from legal proceedings or used against you.

The short practical rule that every lawyer gives at the start is blunt: don’t record unless you are clear on the legal basis to do so, and if you intend to reuse or publish the recording, document the legal justification and obtain consent where possible. The detailed law that follows explains why.

Two Bodies of Law You Must Always Consider

1. Federal interception law (third-party interception / access): The Telecommunications (Interception and Access) Act 1979 (the TIA Act) makes it an offence to intercept telecommunications in transmission without lawful authority. Its primary target is third-party interception (telco tapping, wiretaps) rather than a participant recording their own call, but it remains a critical statutory background to telephone-recording practice.

2. State and territory surveillance / listening-device laws: Each Australian jurisdiction has its own legislation that regulates the use of "listening devices" and the recording of private conversations. The effect varies from state to state. Some statutes permit a participant to record; others require all-party consent; all typically criminalise use or publication of a recording obtained in contravention of the Act.

Representative statutes include:

• New South Wales - Surveillance Devices Act 2007 (NSW)
• Victoria - Surveillance Devices Act 1999 (Vic)
• Queensland - Invasion of Privacy Act 1971 (Qld)
• Western Australia - Surveillance Devices Act 1998 (WA)
• South Australia - Surveillance Devices Act 2016 (SA)
• Tasmania - Listening Devices Act 1991 (Tas)

Because the statutory detail diverges by jurisdiction, the critical threshold question is: where was the recording made or received (and which law governs conduct)? That question determines consent rules, permitted uses and criminal exposures.

Consent: The Core Statutory Dividing Line

State laws typically define a "private conversation" and then restrict the use of listening devices to record that conversation save in prescribed circumstances. The result is that:

• In jurisdictions such as New South Wales and South Australia, the law generally requires all parties' consent to record a private conversation. Recording without the requisite consent may be a criminal offence, and publication or communication of that recording may itself be separately prohibited.

  The Exception to the Rule: Under the Surveillance Devices Act 2007 (NSW), the law makes it generally illegal to record a private conversation, even if you are a participant, unless specific conditions are met. Section 8(3) provides two key exceptions: all parties consent (whether express or implied), or the recording is reasonably necessary to protect your lawful interests, and not made for the purpose of communicating or publishing it beyond the participants.

  It's the "lawful interests" component that is tested over and over in various courts, and more often than not, the law leans in the direction of those making the recording.

  In the case of my call with the (fictitious) LenderOptions, their use of the recording was clearly a breach of law, and one that is aggravated because of the details I disclosed, and the nature of inherent Privacy obligations in the finance space. Publishments are severe, and we've historically seen even mild violations result in industry expulsion.

• In other jurisdictions (for example Queensland and parts of Western Australia) there are exceptions that allow a participant to record the conversation, but even there the use, publication or disclosure of recordings obtained without proper consent is tightly controlled and may lead to criminal or civil consequences.

• The Commonwealth TIA Act makes it an offence for a person who is not a party to the communication to intercept it (i.e. third-party interception), and it also affects how service providers, employers and others may lawfully access communications. The TIA Act therefore operates as an overlay to state laws.

Practical takeaways: if you are physically or legally located in a jurisdiction which requires all-party consent (for example, NSW), do not record a telephone call without telling the other party and obtaining consent. Where you are in a jurisdiction that permits a party to record, recording may still create downstream probative and publication problems — always consider notification or obtaining express consent if you intend to rely on or publish the recording.

Victoria: Under the Surveillance Devices Act 1999 (Vic), it is legal for participants to record a private conversation without notifying the other parties. As long as you're a party to the conversation, no consent is required. However, third parties must obtain the consent of all parties.
Section 6 states it is unlawful to record a private conversation if you are not a party—unless you have the express or implied consent of each party.

Admissibility of Call Recordings in Court

Even assuming you lawfully record a call, that does not guarantee the recording will be admitted into evidence. The Evidence Acts give courts a discretion to exclude evidence that was "improperly or illegally obtained." Section 138 of the Evidence Act 1995 provides the balancing test: evidence obtained in contravention of the law may be excluded unless the desirability of admitting it outweighs the undesirability of how it was obtained.

Australian courts have grappled with this problem repeatedly. Representative authorities illustrate the approach:

• Cases where courts admitted covert recordings because the maker reasonably believed they needed to protect a lawful interest. Those decisions show recordings made without consent can nonetheless be tendered where necessity and proportionality are demonstrated.
• Cases involving institutional investigations or serious misconduct where courts have admitted recordings for public interest or protective reasons, subject to rigorous judicial scrutiny.

Courts will exercise the section 138 discretion by looking at: the seriousness of the illegality; whether admitting the evidence would encourage law-breaking; the probative value of the material; and whether there were alternatives. The jurisprudence therefore refuses to adopt a bright-line rule; admissibility is fact-sensitive.

Practical takeaways: don't record with the game plan "I’ll get it in court later" unless you have a robust factual justification and you accept the risk the recording will be excluded and may expose you to criminal or civil processes.

Publication, Distribution and Workplace Rules

Even where a recording is lawfully made, the publication or distribution of the content may be separately prohibited by the surveillance statutes; many Acts make it an offence to communicate or publish a private conversation obtained via a listening device unless a statutory exception applies.

Employers must also guard against breaches of privacy law and workplace obligations:

• Secret workplace recordings are a common source of disciplinary and legal claims. Even if a staff member’s covert recording is technically permissible where they are a party, the use of the recording may breach employment obligations (good faith, confidentiality) and expose the employee to misconduct processes or dismissal.
• Courts have been unsympathetic to employees who covertly record in the workplace when the recording undermines trust.

Practical takeaways: establish a clear call-recording policy for staff (covering notification, retention, purpose, access control and publication) and ensure it is communicated. If calls are recorded for quality assurance or compliance, disclose the recording to callers (a banner or audible announcement) and retain records demonstrating lawful purpose and secure handling.

Technical Realities, Mobile Phones, Localised Recording, and Cloud Services

Local mobile recordings: A party can record to a mobile phone using the native voice recorder or a call-recording app. The law treats the physical means (phone, recorder, app) as a "listening device" for the purpose of the state Acts. The act of recording via a mobile device does not magically evade surveillance law — it is the person's legal status (whether they are a party to the conversation and whether the jurisdiction permits one-party recording) and intended use that matters.

Call-recording services and cloud providers: Using a third-party service (VoIP provider or cloud recorder) raises additional legal and contractual issues:

• Are you effectively engaging a third party to intercept or store communications (bringing the TIA Act and privacy law into play)?
• Where are the servers located? Cross-border storage may trigger foreign disclosure laws and complicate privilege and production obligations.
• Who has access in the provider's organisation, and what are the retention policies? Poor controls can create major discovery and privacy headaches.

Practical precautions: if you use a cloud recorder get a written data-processing agreement, limit retention, apply encryption and make sure callers are notified if required by law.

BM Policy: As detailed again shortly, any call recording made by BM is only done so with two-party consent, and only actioned via our VoiP systems. All data is only ever stored in Sydney - never ever offshore. All recordings are encrypted and only unlocked on the basis of former authentication. If you choose to store recordings on OneDrive, Google Drive, Amazon, or any other distributed cloud storage - something we heavily advise against doing - you accept full risk.

BM Call Transcripts: Any audio recording that is made into a transcript in Yabber, or any recording that is summarised with AI in Yabber, is performed locally via our own STT API or BeNet AI - not on a network or external API, but wholly locally, so the data is never passed through any external networks. This was done to comply with applicable laws, and it should be the industry standard.

Transcripts, AI Summaries and Admissibility issues

Transcripts: A transcript is at best derivative of a recording. If the recording is properly obtained and admissible, a transcript can be tendered as an aid to the tribunal — but courts will want the underlying audio if authenticity or accuracy is pressed. If the recording may be challenged, rely on the original audio and the chain of custody, not merely a transcript. Courts have required authentication (speaker identification, provenance) before accepting transcript evidence.

AI summaries and automated transcription: The use of automated speech-to-text and AI summaries is convenient but raises issues:

• Accuracy and completeness. AI may mis-transcribe and produce hallucinations or errors that misrepresent the speaker’s words. Where critical, always validate transcripts against the original audio.
• Privilege and confidentiality. Feeding audio into an external AI service may waive confidentiality if the service provider processes the data for model training or has access to content. Check provider terms and use enterprise or on-premise solutions where confidentiality is essential.
• Admissibility. An AI summary is an interpretative product; courts will prefer the primary audio and expert verification of transcripts. Use AI output as an internal efficiency tool but preserve originals and human-checked transcripts for evidentiary use.

Practical precautions: if you will rely on transcripts for compliance or litigation, use reputable transcription providers that offer speaker-verified transcripts and chain-of-custody certification and avoid feeding sensitive material into public AI models.

AI Transcripts: Creating AI transcripts via any third-party AI service potentially (and very likely) results in a breach of legislation. In many cases, not only is the data sent to an offshore location, but as we've seen recently, various Open AI (ChatGPT) conversations are now exposed in Google (and other) Search (distribution doesn't care about your intent, and it doesn't reward stupidity). With the recently unveiling of our updated BeNet AI model, it's fully hosted by business. No sensitive data should ever be shared with any AI system.

Publication, Privacy and Defamation

Publishing a recording (or a transcript) can raise parallel civil risks:

• Defamation: republication of defamatory statements in a recording can attract defamation claims. A covert recording that repeats unverified allegations can create additional risk.
• Privacy torts and statutory claims: some jurisdictions and contexts (for example, the workplace) permit civil claims for misuse of private information or breaches of privacy laws arising from recording and publication of private conversations.

Journalists, Whistleblowers and Public Interest

Journalists sometimes rely on covert recordings; courts and regulatory bodies have, at times, admitted such material where there was a strong public interest. But the existence of a public-interest justification is no shield from civil or criminal exposure. The courts must balance public interest against the rule of law and privacy; outcomes are fact-sensitive.

Compliance Checklist, What To Do Before You Hit Record

For an organisation or professional considering call recording, consider this checklist:

1. Identify jurisdictional law - where the recorder is located, where the other party is located, and which state law governs.
2. Decide purpose - compliance, training, dispute avoidance or evidentiary use; purpose will shape retention and disclosure.
3. Seek consent where feasible - best practice is to obtain express consent and record that consent. An audible prompt “calls may be recorded for quality and training” is common and lowers risk.
4. If recording covertly, document lawful interest - legal teams should capture contemporaneous reasons if they are relying on a lawful-interests exception.
5. Protect data - encryption at rest and in transit; strict access controls; retention & deletion schedule; contractual protections with third-party providers.
6. Limit distribution - only authorised people should hear or see recordings and transcripts. Publication is a separate legal act with its own risks.
7. Plan for litigation - preserve originals and chain of custody; keep raw audio, metadata and logs. Don’t rely solely on an AI summary.

Practical Examples (Short)

• Client negotiations in Queensland: A participant records a negotiation on their phone. Queensland’s law permits a party to record, but the participant must be careful when publishing or relying on it: statutory restrictions on publication and the TIA Act overlay apply.
• Internal HR investigation in NSW: Secret audio recorded by an employee in NSW of a private meeting will, in most cases, be unlawful without all-party consent. Even if recorded, transmission or publication may be an offence; the admissibility of the recording in disciplinary proceedings is uncertain and may attract criminal or civil consequences.
• Commercial fraud suspicion (civil claim): A litigant secretly records a counterpart making admissions about a contract. Some authorities show that where the recording was reasonably necessary to protect lawful interests, a court may admit the recording despite its covert nature - but this is not a blanket rule.

Sample Policy Language (Short Form)

Sample Policy Language: “Calls may be recorded for quality, compliance and training. By continuing this call you consent to the recording and its retention for up to [X] months. Recordings will be stored securely and accessed only by authorised staff for legitimate business purposes."

Even where local law might permit one-party recording, giving callers notice is a low-cost mitigation that reduces legal and reputational risk.

Final Legal Balance — Caution, {roportionality and Documentation

The law that governs recording telephone calls in Australia is neither uniformly permissive nor uniformly prohibitive. It is a patchwork of federal interception controls and state surveillance statutes, calibrated by judicial discretion over admissibility. The legal and reputational stakes are high:

• criminal sanctions and fines are real in a number of jurisdictions;
• admission to court is discretionary and will be decided under statutory evidentiary rules and related authority;
• publication may trigger defamation and further criminal or civil exposure.

If you are a professional, an in-house counsel, a compliance officer, or a journalist planning to record calls, the pragmatic roadmap is simple: ask the legal question early, document the lawful basis (consent or necessity), adopt robust technical and retention safeguards, and treat AI transcripts as draft working tools only - keep the originals.

Primary Sources and More Information

• Telecommunications (Interception and Access) Act 1979 (Cth)
• Surveillance Devices Act 2007 (NSW)
• Surveillance Devices Act 1999 (Vic)
• Invasion of Privacy Act 1971 (Qld)
• Surveillance Devices Act 1998 (WA)
• Surveillance Devices Act 2016 (SA)
• Listening Devices Act 1991 (Tas)
• Evidence Act 1995 (s 138) - discretionary exclusion of improperly or illegally obtained evidence
• Representative case law on admissibility and covert recordings

Conclusion

As it applies in NSW, and similarly in other states, recordings are generally permitted when "all parties consent (whether express or implied), or the recording is reasonably necessary to protect your lawful interests", and the "implied" language leans on a standing contract, and the "reasonably necessary" is language that can be leveraged to justify about anything.

In the finance industry, it is incumbent upon us (and legally mandated) to act in the best interests of our client, and taking all appropriate measure to remain accountable to their process justifies localised recordings, transcriptions, and general notes, the latter of which may or may not be permitted as inclusions in your CRM (this depends on your own legal advice). To this end, a blanket early disclaimer or acknowledgement (and occasional reminders) may all be what's necessary to justify your actions... but making any recording and then sharing or distributing it - even to a cloud service where direct security is outside your control - is fraught with challenges.

We store our own call recordings and those of our clients, but they're encrypted and secure, but we don't store recordings that aren't part of standard two-party consent VoiP practice. Unlike the 'McDonald's Man' (a name that the 'LenderOptions' CTO has earned among peers for reasons unknown to me), we absolutely do not store one-party consent recordings in any of our system, and we don't allow their upload into personal libraries, and we certainly don't support illegal distribution. When a recording is made via a mobile handset, we provide an obligatory mention of the recording once I accept the popup notification on my personal handset.

We're moving towards an AI-first world. Like it or not, the technology afforded to us now and agent-based AI support improves workflow to a point where the benefits of artificial agents can't be ignored. This migration into technology-first operations wasn't even conceived at the time legislation was written, so it's opened up loopholes and black-holes that potentially expose our business to a new breed of unknown nastiness. As a consumer, we have to treat every phone call was if it were an email - everything is recorded, and to assume otherwise is nuts, and as a business owner, to not record interactions is crazy.