California call recording law: why one-party consent is not enough

California requires all-party consent to record phone calls, not one-party. Violators face $5,000 per call in damages. Here's exactly what the law requires.

LeadCompliant Team
23 min read
In This Article

Last updated 2026-07-09

Person holding smartphone during a recorded phone call in a home office
Person holding smartphone during a recorded phone call in a home office

TL;DR

California is an all-party (two-party) consent state under Penal Code Section 632. Recording a phone call without telling every participant is a crime. The federal one-party consent rule under 18 U.S.C. 2511 does not override California law. Penalties run up to $5,000 per recorded call in civil damages, plus criminal charges. Any business recording calls with California residents has to give notice and get consent.

No. California does not follow one-party consent. Get this wrong and every recorded call with a California resident becomes a potential $5,000 claim.

Under California Penal Code Section 632, every party to a confidential communication has to consent before the call is recorded. [1] The federal wiretapping statute at 18 U.S.C. 2511(2)(d) allows recording when one party consents, but that federal floor does not preempt California's stricter rule. States can require more than federal law. California does. [2]

Say you're based in Texas. Your compliance lead says "we're a one-party consent state," and you record a call with a prospect in Los Angeles without disclosing it. You just violated California Penal Code Section 632. Where the caller sits does not matter. What matters is where the other party is. California courts have applied the statute to out-of-state parties recording calls with California residents more than once.

The statute covers "any confidential communication." A telephone conversation is presumed confidential unless the circumstances clearly show neither party expected privacy. Most business calls qualify: sales calls, debt collection calls, customer service calls. Courts have been consistent on that point.

For how all-party and one-party states differ across the country, see our overview of call recording consent laws one-party all-party overview.

What does California Penal Code Section 632 actually say?

The operative language in Section 632(a) reads: "Every person who, intentionally and without the consent of all parties to a confidential communication, uses an electronic amplifying or recording device to eavesdrop upon or record the confidential communication" is guilty of a crime. [1]

A few words in that sentence matter a lot for outbound sales teams.

Start with "all parties." Not one. Not the majority. All. If your call has three people on it and two consent but one does not, you're still in violation.

Next, "confidential communication." Section 632(c) defines this as any communication where one party reasonably expects it will not be overheard or recorded. The definition includes telephone calls, in-person conversations, and electronic communications. Courts have held that routine business calls, including sales prospecting calls, are confidential unless the caller announces otherwise at the start. [8]

Then "intentionally." You do not have to intend to break the law. You just have to intend the act of recording. An automatic call recording tool you forgot was turned on still meets this element. That trips up more teams than you'd think.

Section 632.7 extends similar protection to cellular and cordless calls, closing a gap that existed when the original statute was written for landlines. [1] That section does not require the communication to be "confidential" in the defined sense. The prohibition applies to any recording of a cellular call without consent.

For the California Attorney General's read on how these statutes get enforced, the california attorney general recording phone calls consent law article covers the enforcement posture in detail.

What are the penalties for illegally recording a call in California?

The per-call structure is what makes this brutal for high-volume teams. One bad script, multiplied across a dialer, turns into seven-figure exposure fast.

On the criminal side, a first violation of Section 632 is a misdemeanor carrying up to one year in county jail and a fine up to $2,500. A second or later violation can be charged as a felony with up to three years in state prison. [1] Prosecutors rarely chase businesses on criminal charges for accidental recording, but it happens in egregious cases involving deliberate eavesdropping.

The civil side is where the real risk lives. Section 637.2 gives any injured party the right to sue and recover the greater of actual damages or $5,000 per violation. [1] "Per violation" generally means per recorded call. If your dialer recorded 200 calls with California residents over three months without proper disclosure, your potential exposure is $1,000,000 before attorney's fees.

Plaintiff firms and class action shops actively hunt for Section 637.2 cases. The damages are statutory, so plaintiffs do not have to prove any actual harm. That's what makes these cases so attractive to litigators. California Invasion of Privacy Act (CIPA) class settlements have reached into the millions. [3]

Here's how California's civil penalties stack up against the federal Wiretap Act and two other all-party states:

JurisdictionCivil penalty per violationCriminal exposurePrivate right of action
California (Pen. Code 632)$5,000 or actual damages (greater of)Misdemeanor / felonyYes
Federal Wiretap Act (18 U.S.C. 2520)$10,000 or actual damagesUp to 5 years federal prisonYes
Florida (Fla. Stat. 934.03)$100/day or actual damagesFelonyYes
Michigan (MCL 750.539c)Actual damagesFelonyYes

Note: Florida and Michigan figures come from the state statutes cited. Confirm current numbers with state counsel before you rely on them. [4][5]

Civil penalty per recorded call by jurisdiction Statutory minimum civil damages available to a private plaintiff, per violation Federal Wiretap Act (18 U.S.C. 25… $10k California (Pen. Code 632 / 637.2) $5,000 Florida (Fla. Stat. 934.03) $100 Michigan (MCL 750.539c) $0 Source: California Penal Code 632/637.2; 18 U.S.C. 2520; Florida Stat. 934.03; Michigan MCL 750.539c

How do you legally record a call with a California resident?

The concept is simple: disclose the recording before it starts, then get consent. The mechanics are where teams blow it.

The cleanest method is an oral disclosure at the very top of the call, before any real conversation. Something like: "This call is being recorded for quality and training purposes. By continuing, you consent to the recording." That has to come before the caller shares any personal information or discusses anything private. A disclosure buried two minutes into a pitch does nothing for you under the statute.

For inbound calls, an automated message before the agent picks up works well. "Your call is being recorded" in the IVR greeting, before a human connects, is the standard approach.

For outbound calls placed by live agents, the agent has to say it out loud at the top. Build it into the script as the first line after the greeting. If your call center software can monitor script compliance, use it.

For fully automated outbound calls, the disclosure and consent requirement overlaps with TCPA rules. See robocall consent requirements federal law for how those federal requirements interact with state recording law.

Written consent works too. If you record video calls on a platform like Zoom or Google Meet that shows a recording indicator and makes participants accept it, some have argued that indicator plus the platform's terms count as constructive notice. California courts have not uniformly agreed. Get an explicit verbal or written acknowledgment when you can.

One thing that does not work: a recording clause in a contract the customer signed six months ago, with no reminder at the start of the call. Courts have found that insufficient when the customer had no reason to expect recording at that specific moment.

Does it matter where your company is located, or where the caller is?

California's reach is the part that surprises most out-of-state businesses. Only the recorded party's location matters, and if they're in California, California law follows the call.

California courts have applied Section 632 when the California party was the one being recorded, even where the recording company sat entirely outside the state. [3] The leading case is Kearney v. Salomon Smith Barney, Inc. (2006), where the California Supreme Court held that a Georgia brokerage recording calls with California customers had to comply with California law. The court reasoned that California's interest in protecting its residents' privacy outweighed the burden on out-of-state businesses. [3]

So if your sales team in Ohio runs an auto-dialer into California, California recording law governs those calls. Your home state's one-party rule is not a shield.

Some companies try a "reciprocal state" argument: our state allows recording, so California should defer. California courts have rejected it. Penal Code Section 632 has no comity exception.

If you're building a compliance program, apply California-standard disclosures to every recorded call, no matter where you think the other party is. You usually cannot verify a mobile user's physical location in real time. Defaulting to all-party consent across the board removes the guesswork and the risk.

How is California's law different from other two-party consent states?

Roughly 11 states require all-party consent to record phone calls, and California is the strictest of them. The mix is what does it: a private right of action, statutory damages with no proof of harm required, an active plaintiffs' bar, and a broad definition of "confidential communication." [6]

Florida is the closest comparison. Florida Statute 934.03 also requires all-party consent and carries criminal penalties. [4] But Florida's civil damages are structured differently, and its courts have sometimes read "confidential" more narrowly. For the Florida framework, see our guide to florida call recording law two-party consent statute 934.03.

Michigan requires all-party consent under MCL 750.539c but has seen far less class action activity than California. [5] For a full Michigan breakdown, the michigan call recording laws article covers the nuances.

Arizona sits on the other side of the line as a one-party consent state, which makes for a sharp contrast if you operate in the Southwest. See arizona call recording law one party consent for how that simpler framework works.

The other all-party states as of 2024 are Connecticut, Illinois, Maryland, Massachusetts, Montana, New Hampshire, Oregon, Pennsylvania, and Washington (plus Florida and Michigan, above). Requirements and enforcement intensity vary. Some have no private right of action. Some carry smaller statutory damages. California is at the strict end of nearly every dimension.

For the full state-by-state picture, the california call recording laws hub page puts the California framework in broader context.

California courts read consent to require actual knowledge that a recording is happening, more than a vague sense that calls sometimes get recorded. [3]

The FTC and FCC have their own consent definitions for TCPA and telemarketing, but those do not transplant into a Penal Code Section 632 analysis. California's criminal and civil courts apply the common-law meaning of consent: informed, voluntary agreement.

Oral consent at the start of a call is the gold standard. The person says, out loud, "yes, I understand this call is being recorded," or simply stays on the line after an unambiguous disclosure that gave them the chance to hang up. Courts have accepted implied consent when the disclosure is clear and the party keeps talking.

Here's the detail people miss: the disclosure has to be unambiguous. "This call may be monitored" is not the same as "this call is being recorded." Some courts have found that "may be monitored" fails to put the other party on notice of actual recording. Use language that states plainly the call is being recorded, not that it might be.

Business-to-business calls get the same analysis. Section 632 has no exception for calls between commercial entities. A B2B sales call with a California buyer follows the same rules as a B2C call.

Emailed consent before a call ("by accepting this meeting, you consent to recording") has stronger footing inside a written contract. But for a cold call, you cannot collect email consent from someone whose details you do not already have. For outbound prospecting, oral disclosure at the top of the call is the practical answer.

Does the California recording law apply to text messages and other electronic communications?

Section 632 covers "confidential communications" broadly, and that includes some electronic communications. The California Supreme Court has held the statute reaches beyond phone calls to other forms of electronic messaging in certain contexts. [3]

Text messages are murkier. Courts have found texts are not always "confidential communications" under Section 632, because people generally understand a text can be saved and forwarded. Separately, CIPA and Penal Code 502 cover unauthorized access to electronic communications in other ways.

For outbound sales teams, the main recording exposure is voice calls, not SMS. Texting raises its own federal (TCPA) and state issues, but the Section 632 recording-consent question lands squarely on voice.

Email sits outside the phone-call recording analysis too, though other privacy statutes may reach it depending on the facts.

If your team records video calls, like sales demos over video conferencing, those recordings are covered. A video platform's automatic recording notice usually satisfies the disclosure requirement, as long as it appears before substantive conversation and before anyone shares private information. Confirm your specific platform's posture with California privacy counsel.

How should sales teams structure their call recording compliance process?

The steps are not complicated. They have to be consistent. Inconsistency is what builds class action exposure.

Start by deciding whether you need to record at all. Plenty of teams record for quality assurance and coaching. Some record to document commitments. Both are fine, but recording creates legal obligations. If call-scoring tools that keep no full recording can hit your QA goals, that's worth a look.

If you do record, run a uniform disclosure policy. Every outbound call opens with the disclosure before any selling. Put it in the script as the literal first line, before the opener, before the pitch. Test your agents on it. Listen to calls and verify.

For dialer-based outbound, check whether your telephony platform can play an automated pre-call disclosure before connecting the agent. Several do. If yours cannot, that's a gap worth closing.

Document the consent process. If litigation comes, you'll want to show a court your disclosure script, your training records, and your QA audits confirming agents followed it. "We had a policy" is much weaker than "here are 90 days of call-monitoring scores showing agent compliance."

LeadCompliant's compliance kit includes a call recording disclosure script template and a policy checklist built for outbound sales teams. It's a practical starting point, not a substitute for state-specific legal review.

For multi-state teams, map your contact database by likely state of residence. Apply California-standard disclosures to every California area code at minimum, and consider applying them everywhere. A three-second disclosure costs you nothing. A class action settlement costs a lot.

What happens if you get sued under California's recording law?

CIPA litigation is busy. Plaintiff firms that specialize in it file regularly, often as class actions covering everyone who got a recorded call from the defendant during a set period. [3]

Here's the usual arc. A plaintiff gets a recorded call without adequate disclosure, learns about CIPA through a law firm ad or their own research, then files or joins a class action. The complaint typically alleges violation of Penal Code 632 and 632.7, seeks $5,000 per class member per recorded call, and asks for injunctive relief.

Defense costs alone can run into six figures before any settlement talk. Class certification is often the most contested phase. Certify a class of, say, 10,000 people who got recorded calls, and theoretical damages hit $50 million. That kind of number creates enormous pressure to settle.

CIPA settlements have run from low six figures for small defendants with limited call volume to multi-million dollar deals for larger companies. Nobody publishes a reliable average. Outcomes turn on call volume, the quality of your consent records, and the defendant's ability to pay.

If a demand letter lands or you're served with a CIPA complaint, retain California privacy litigation counsel right away. Do not respond to the plaintiff's attorney without counsel. Do not delete call records, because that creates spoliation risk. Preserve everything.

The best defense is a documented consent process that pre-dates the suit. Courts have dismissed CIPA claims when defendants produced clear evidence that disclosures were given and the party kept talking. Retroactive compliance does nothing if you cannot show what happened on the calls in question.

The statute has a narrow set of exceptions, and almost none of them help a business.

Public officials doing their jobs get some carve-outs. Law enforcement recording under a valid warrant operates outside Section 632. Emergencies with imminent danger to life can create an exception, though courts read it narrowly.

If a call is not a "confidential communication," the statute does not apply. If both parties are in a public place where neither expects privacy, and the call is conducted so it could clearly be overheard, a court might find the communication non-confidential. In practice this rarely touches phone calls, because someone calling from their own device in a private spot has a reasonable expectation of privacy.

The "public interest" exception gets argued for investigative journalism. It is not available to businesses.

There is no business-purpose exception. "We record for quality assurance" is not a defense to Section 632. It's a reason you want to record. It is not consent.

Some businesses argue that a recording disclosure in their platform's terms of service is prior consent. Courts have been skeptical when the recorded person never saw or agreed to those specific terms, or when the terms were buried in a clickwrap agreement with no clear notice of recording.

So here's the honest bottom line: there is no workable exception for outbound sales calls. Disclose and get consent. Every call, every time.

Frequently asked questions

California is an all-party (two-party) consent state under Penal Code Section 632. Every participant in a phone call has to consent before the call is recorded. Federal law allows one-party consent, but California's stricter rule applies to any call involving a California resident, regardless of where the other party is located.

What is the penalty for recording a phone call without consent in California?

Civil penalties under Section 637.2 are $5,000 per recorded call or actual damages, whichever is greater. Criminal penalties for a first violation include up to one year in county jail and a $2,500 fine. A second violation can be charged as a felony with up to three years in state prison. Private plaintiffs can sue without proving actual harm.

Do I have to disclose call recording if my company is based outside California?

Yes. The California Supreme Court held in Kearney v. Salomon Smith Barney (2006) that out-of-state companies recording calls with California residents have to comply with California Penal Code Section 632. Your home state's one-party consent law does not protect you when the person on the other end of the call is in California.

What is the difference between California Penal Code 632 and 632.7?

Section 632 covers recording of confidential communications and requires the communication to be one where a party reasonably expects privacy. Section 632.7 extends recording protections specifically to cellular and cordless phone calls without the confidentiality requirement. A cellular call does not need to be 'confidential' to be protected under 632.7; all-party consent is required regardless.

Probably not on its own. Some courts have found that "may be recorded" does not clearly tell the other party that recording is actually occurring. California courts want an unambiguous disclosure that the call is being recorded. Language like "this call is being recorded for quality purposes" is clearer and safer. The party must then have a real chance to disconnect before substantive conversation begins.

Can I record a call with a California resident if they are calling me?

Yes, but you still need to disclose and get consent before recording starts. An inbound call does not grant automatic permission to record. Playing an automated disclosure at the start of your IVR, before the caller is connected to an agent, satisfies the requirement. Callers who stay on the line after the disclosure are treated as having given implied consent.

Does California's recording law apply to text messages and chat?

Section 632 applies to confidential communications broadly, including some electronic communications. Text messages are a grayer area, because courts have found people generally do not expect texts to be private the way phone calls are. The clearest application of the statute is to phone calls, both landline and cellular. For SMS compliance questions, the TCPA framework governs most of the relevant requirements.

Is a recording disclosure in my sales contract enough to cover me for future recorded calls?

Generally no. Courts have found that a recording consent buried in a contract signed months ago is not sufficient notice for a specific call where the person had no reason to expect recording. Best practice is a fresh verbal disclosure at the start of every recorded call. The cleaner your per-call consent documentation, the stronger your defense if you're sued.

What is the California Invasion of Privacy Act (CIPA)?

CIPA is the common name for the set of California statutes protecting privacy in communications, mainly Penal Code Sections 630 through 638. It includes the call recording rules in Sections 632 and 632.7, the pen register and trap-and-trace rules, and eavesdropping prohibitions. CIPA provides both criminal penalties and a private civil right of action at $5,000 per violation, which makes it a frequent basis for class action lawsuits.

How does California's recording law interact with TCPA consent?

They are separate frameworks that require separate consent. TCPA consent (under 47 U.S.C. 227) governs whether you can make the call or send the text at all, especially for automated dialers and prerecorded messages. California Penal Code 632 governs whether you can record the call once it's happening. TCPA consent does not give you recording consent, and vice versa. You have to satisfy both independently.

Can employees record their own work calls in California?

Only with all-party consent. California employees cannot record calls with customers, vendors, or coworkers without disclosing the recording and getting consent. Section 632 has no employment exception. An employee who secretly records a work call to document misconduct may still be violating the statute, even if the intent was self-protection. California courts have addressed this in whistleblower contexts with mixed results.

What disclosures are required for AI call recording or AI notetaking tools on sales calls?

The same all-party consent rules apply. If an AI tool records, transcribes, or analyzes a phone call in real time, a disclosure has to be given before the call starts. Tools like Gong, Chorus, or Otter.ai do not exempt you from Section 632. The disclosure obligation falls on the party enabling the recording, which means your company is responsible for telling the other party before your AI tool captures the conversation.

California carries the highest class action risk because it combines a private right of action, statutory damages of $5,000 per call with no proof of harm, and a very active plaintiffs' bar. Florida and Illinois also see active CIPA-equivalent litigation. Michigan and Oregon have all-party consent laws but less class action history. Pennsylvania's law has produced some litigation but not at California's volume. California is the top enforcement priority for any multi-state outbound team.

Sources

  1. California Legislative Information, Penal Code Sections 630-638 (California Invasion of Privacy Act): California Penal Code Section 632 requires all-party consent to record confidential communications; Section 637.2 provides $5,000 per violation civil damages; Section 632.7 covers cellular and cordless calls
  2. U.S. Department of Justice, 18 U.S.C. 2511 (Federal Wiretap Act): 18 U.S.C. 2511(2)(d) permits recording when one party consents under federal law, but states may impose stricter standards
  3. California Supreme Court, Kearney v. Salomon Smith Barney, Inc., 39 Cal.4th 95 (2006): California Supreme Court held that out-of-state companies recording calls with California residents must comply with California Penal Code Section 632; court also addressed the confidentiality presumption for business calls and the CIPA private right of action
  4. Florida Legislature, Florida Statutes Section 934.03 (Security of Communications Act): Florida requires all-party consent to record phone calls under Fla. Stat. 934.03, with criminal penalties for violations
  5. Michigan Legislature, MCL 750.539c (Eavesdropping statute): Michigan requires all-party consent to record private conversations under MCL 750.539c, with felony criminal penalties
  6. National Conference of State Legislatures, State Wiretapping and Electronic Surveillance Laws: Approximately 11 states require all-party consent to record phone calls as of 2024; California is among the most aggressively enforced due to its private right of action and statutory damages
  7. California Courts, Judicial Branch, Penal Code Section 632 case summaries: California courts have applied Section 632 to routine business and sales calls, finding them to be confidential communications under the statute
  8. California Attorney General, Privacy Enforcement and Protection: The California Attorney General's office has authority to enforce CIPA and related privacy statutes; criminal referrals are possible for willful violations
  9. U.S. Congress, Electronic Communications Privacy Act, 18 U.S.C. 2510-2522: The federal Electronic Communications Privacy Act sets a one-party consent floor that states may exceed; California has done so through Penal Code Section 632

Disclaimer: LeadCompliant is a compliance review tool, not a law firm. We do not provide legal advice. Consult with a TCPA attorney for legal guidance on specific compliance questions. Compliance scores, audits, and risk assessments are informational only.

LeadCompliant Team

LeadCompliant provides expert guidance and tools to help you succeed. Our content is reviewed for accuracy and kept up to date.

Related Articles

Related Glossary Terms

LeadCompliant
Build My Kit