This practical guide explains the Canadian consent rules for recording business calls, which tools and features help you comply, and how to set everything up — with simple scripts and checklists. It is general information, not legal advice.
Why consent for call recording matters
Canadians increasingly act on privacy concerns. In a 2025 national survey by the Office of the Privacy Commissioner of Canada, 78% refused to provide a business with personal information over privacy concerns and 41% stopped doing business with a company after a breach (OPC, May 8, 2025).
Clear, respectful consent notices reduce call abandonment, build trust and protect you from fines.
For small businesses, recorded calls are useful for training, quality assurance and resolving disputes. Consent tools do two jobs at once: they keep you onside with privacy rules and make the consent moment quick and friendly for customers.
Explore Small Business Chatbot — built for SMBs with voice and chat agents that can announce, capture and log consent automatically.
The law in plain English
Criminal Code (recording itself)
Canada’s Criminal Code allows one‑party consent to record a private conversation. If you are a participant in the call, the recording isn’t a crime; secretly recording other people’s calls (that you’re not on) is illegal and can carry up to five years in prison (Criminal Code, s. 184).
Privacy laws (business obligations)
As a business, recording a customer call means you’re collecting personal information. You must obtain meaningful consent, explain the purpose, and offer an alternative if the caller objects. This comes from Canada’s private‑sector privacy regime (PIPEDA and substantially similar provincial laws). The OPC’s “Recording of Customer Telephone Calls” guidance (2018) outlines these steps clearly.
Key takeaways you can rely on
- Tell callers at the start that the call is recorded and why (e.g., quality assurance, training, dispute resolution).
- Offer a reasonable alternative if they don’t agree (e.g., unrecorded call, email, or in‑person option). OPC guidance recognizes this approach.
- Use recordings only for the stated purpose; if you later want to use them for something else (e.g., marketing), get fresh consent.
- Keep recordings only as long as necessary, secure them, and document your retention policy.
Note: In Alberta, BC and Quebec, provincial private‑sector privacy laws apply within the province; elsewhere PIPEDA applies. Cross‑border storage and interprovincial transfers can trigger federal rules even in those provinces.
What to look for in a call‑recording consent tool
Must‑have features
- Front‑of‑call announcements (IVR or human prompt) with multi‑language support and configurable scripts.
- Consent capture options: DTMF keypad (e.g., “Press 1 to continue”), verbal “yes,” or continued‑call implied consent with logged timestamp.
- Proof of consent: store the exact prompt version, date/time, caller ID, and acceptance method in an auditable log.
- Purpose controls: tag each recording with its approved purpose(s) and auto‑block unapproved use.
- Retention & deletion: policy‑driven auto‑purge (e.g., 30/90/180 days) with legal‑hold exceptions.
- Access controls: role‑based permissions and encryption at rest/in transit.
- Export & access: fulfill access requests without exposing third‑party information.
- Audit trail: immutable logs of who listened, exported or deleted a recording.
Nice‑to‑have for SMBs
- CRM/calendar integrations to push consent proof and transcripts to deals or tickets — see our integrations.
- Redaction of payment data or other sensitive snippets.
- Smart routing: skip recording for payment flows; resume after.
- Bilingual voices that sound natural to reduce hang‑ups.
- Self‑serve script versioning so compliance can update prompts without engineering.
Small Business Chatbot pairs an AI voice agent with a consent‑first workflow: it announces recording, captures and logs consent, tags purpose, and syncs proof to your CRM. That way, you get better customer experience and clean compliance records without extra manual steps. See what teams say on our customer reviews page.
Implementation checklist and sample scripts
Quick setup checklist
- Pick your consent method: DTMF press, verbal “yes,” or implied by continuing after the notice.
- Write a short intro prompt that states the purpose(s) accurately.
- Offer at least one alternative (unrecorded callback, email or web form).
- Turn on consent logging and bind the log to each audio file.
- Set a retention rule (e.g., 90 days) and enable automatic deletion.
- Restrict access to recordings; require sign‑in and reason codes to play/export.
- Train staff to use the script and handle objections gracefully.
- Test the flow from a customer’s phone and document the result.
Sample scripts you can use
Inbound IVR (implied consent)
“This call will be recorded for quality, training and to help resolve issues. To continue, stay on the line. For an unrecorded option, visit our website chat or press 9 to request a callback.”
Inbound IVR (express keypad)
“We record calls for quality and training. Press 1 to continue with recording, or press 9 for an unrecorded option.”
Agent‑led (verbal)
“Before we continue, I want you to know our call may be recorded for quality and training. Is that okay?”
Keep the purpose accurate. Don’t say “quality” if you’ll also use recordings for coaching or dispute resolution — list the real purposes.
Call your number from a mobile and landline. Confirm the prompt plays before collection of personal information, consent is captured, and the consent log shows date/time, prompt version and acceptance method.
Province‑by‑province quick reference
Remember: the Criminal Code allows one‑party consent to record, but privacy laws govern how businesses must obtain and document consent and what you can do with the recording.
| Jurisdiction | Which privacy law applies | Notable points for SMBs |
|---|---|---|
| Quebec | Act respecting the protection of personal information in the private sector (modernized by Law 25) | Strongest penalties in Canada. Penal fines for companies can reach the higher of $25M or 4% of worldwide turnover. Ensure you can prove consent and secure recordings (Commission d’accès à l’information du Québec). |
| Alberta | Personal Information Protection Act (PIPA) | Consent required for collection/use/disclosure unless a PIPA exception applies. Offence fines up to $100,000 for organizations. If you use service providers outside Canada, you must tell people how to access your policies and who to contact (Government of Alberta). |
| British Columbia | Personal Information Protection Act (PIPA) | Consent and reasonable purpose standard. Offence fines up to $100,000 for organizations. Maintain policies, safeguards and response processes (BCLaws – PIPA). |
| Ontario and other provinces/territories without a private‑sector act | Federal PIPEDA | Follow the OPC’s call‑recording guidance (2018): inform at the outset, state purposes clearly and offer an alternative if the caller objects. Keep uses limited to the purposes stated. |
Criminal Code reference for one‑party consent: s. 184.
Everyday operations: retention, access and security
Retention and deletion
- Set a default retention window (e.g., 90 days) aligned to your purpose; keep longer only if needed for an active dispute or legal hold.
- Auto‑purge expired files and log deletions.
- Document your retention schedule in your privacy policy.
Access requests
- Be ready to provide customers with access to their own recordings on request; mask third‑party data as needed.
- Track requests and response dates; keep a standard secure delivery process.
Security safeguards
- Encrypt at rest and in transit; restrict playback to authorized roles.
- Log every listen, export or delete with user, time and reason.
- Separate production access from analytics; use redaction for sensitive fields.
- Have a breach response plan (who does what in the first hour).
Frequently asked questions for Canadian call recording
1) Do I need explicit “yes” to record, or is staying on the line enough?
Both approaches can work. If you inform the caller at the start and clearly state purposes, continued participation can be treated as implied consent. The OPC’s call‑recording guidance recognizes verbal, keypad and implied consent when notice and purpose are clear (OPC, 2018).
2) Is Canada an all‑party or one‑party consent country?
Under the Criminal Code it’s one‑party consent to make the recording. But businesses must also meet privacy‑law duties (PIPEDA or a provincial PIPA/Law 25): give notice, get meaningful consent, limit use and secure the data. See s. 184 for the criminal rule.
3) What’s special about Quebec’s Law 25?
Quebec strengthened privacy obligations and penalties. For serious violations, companies can face the higher of $25M or 4% of worldwide turnover. Make sure your prompts are accurate, alternatives exist, and your retention and security are documented (CAI – Sanctions).
4) Can I store call recordings outside Canada?
Generally yes, provided you remain accountable and transparent. In Alberta, if you use a service provider outside Canada, you must tell people how to access your policies and who to contact about the overseas service provider (Government of Alberta).
5) How long should I keep recordings?
Only as long as needed for the stated purpose (e.g., training or dispute resolution). Many SMBs choose 30–90 days. Have a policy, stick to it, and auto‑delete when time’s up. Keep longer only under legal hold or explicit regulatory need.
6) Do I have to play a “beep” tone?
No Canadian law requires a beep. What’s required is meaningful consent: timely notice, clear purposes, and an alternative if the caller objects.
7) What if a caller refuses consent?
Offer a reasonable alternative (unrecorded callback, email or in‑person). Train agents to route politely. Log refusals to show you honoured the choice.
