If you plan to record phone calls on Twilio, or record video communications, you need to comply with certain laws and regulations. Below is some general information on the laws and regulations that relate to call recordings, as well as some best practices to consider when recording calls through Twilio. The word “call” is used broadly here to mean any verbal communication between two or more remote participants, including over a phone, VOIP, or video application.
Notice: This information is not legal advice, and Twilio recommends that you consult with your legal counsel to make sure that you are complying with all applicable laws in connection with calls you transmit and receive using Twilio. Ultimately, you are responsible for ensuring that your use of Twilio complies with all applicable laws and regulations. Please also refer to our Terms of Service and Acceptable Use Policy for more information.
Laws Relating to Call Recordings
In the United States, there are laws and regulations at the federal and state level that apply to recording calls, including California’s Invasion of Privacy Act and similar laws. Certain federal and state laws require that you have the consent of at least one of the participants before recording a call. Other states have laws that require you to obtain consent from every participant before recording a call. There are also laws outside the United States, such as in the European Union, that require you to get the consent of participants before recording a call.
In addition to legal requirements regarding consent, there may also be laws governing how you use, disclose and secure your call recordings depending not only on where your participants are located, but also on business sector specific laws or industry standards.
Determining which laws apply to recording a call can be complicated when participants are in multiple states or countries, or if you cannot be sure about the location of one or more call participants. For these reasons, it is important to familiarize yourself with the laws and standards that will apply to your specific call recording use case to make sure that you record calls in a legally compliant manner.
Some Best Practices for Call Recording
Getting Consent: Twilio requires its customers to comply with all applicable laws. Because the consent laws vary and it can be difficult to determine the location of a call participant, it is best practice to comply with the strictest consent laws and obtain consent from all participants before recording a call. In doing so, it is best practice to provide a clear explanation to all call participants that you may or will record the call. It is also best practice for you to disclose to your users prior to recording that you are using a third party communication provider (e.g., Twilio) to record and store your communications with them.
The right way to obtain consent will depend on your use case and your relationship to the call participants being recorded. A common way many customers do this is to play a message before the call recording is started in which it is disclosed to the participants that the call will be recorded. You can build this into your call flow on Twilio using the TwiML <Say> or <Play> verbs. This, however, is only one way that you might obtain consent. The right approach for your use case will depend on your specific situation and should be decided in consultation with legal counsel familiar with your business.
You should keep adequate records of how you obtained consent. You should also respect a participant’s choice not to be recorded. Twilio provides voice call recording controls that support the starting, stopping, pausing and resuming of voice call recordings.
If you are using Twilio to manage and record communications between your users (e.g., Twilio Proxy), more information can be found here.
Storage, Use, and Sharing: You should secure your call recordings appropriately based on the level of sensitivity of the information in those recordings. You may want to enforce HTTP basic auth to access media using your AccountSid and Authentication token via the voice settings page in the console. And, if your recordings contain particularly sensitive or highly confidential information, you may want to use our voice call recording encryption feature which allows you to use your public key to encrypt voice call recordings on Twilio. Additional information on security features can be found in the product documentation.
Further, you should make clear to your users how you plan to use and/or share recordings (or any information derived from them)—for example, by including this information in your publicly-posted privacy notice. And, you should make sure that you only use and share those recordings in a way that is consistent with what you told your users and all applicable laws. Finally, you should not keep call recordings you don’t need. Information on deleting call recordings can be found here.