Alex is Sprintlaw's co-founder and principal lawyer. Alex previously worked at a top-tier firm as a lawyer specialising in technology and media contracts, and founded a digital agency which he sold in 2015.
Contents
If you run a business in New Zealand, “recording” probably comes up more often than you’d expect. Maybe you want to record customer service calls for training, install CCTV after a break-in, or keep a video record of deliveries leaving your warehouse.
All of that can be legitimate business practice. But New Zealand’s recording rules can feel confusing because different issues apply depending on what you’re recording (audio vs video), how you’re recording it (overt vs covert), and what you’re planning to do with the recording (training, security, performance management, evidence in a dispute, marketing content, and so on).
Below, we break down the practical side of NZ recording laws for small businesses, including phone call recording, recording meetings, workplace surveillance, and the key privacy rules you need to build into your day-to-day operations.
What Do People Mean By “NZ Recording Laws”?
In practice, “NZ recording laws” isn’t one single law. Recording can touch several areas at once, including:
- Privacy law (especially the Privacy Act 2020) which focuses on whether you’re collecting personal information fairly, securely, and for a legitimate purpose.
- Criminal law concepts around surveillance and interception (for example, there are offences around intercepting private communications when you’re not a party to them, or using certain covert surveillance methods in prohibited ways).
- Employment law, because workplace monitoring can affect trust and confidence, good faith obligations, disciplinary processes, and health and safety.
- Contract and consumer law, because your terms, customer notices, and complaint-handling processes can change what’s reasonable and what customers expect.
- Evidence and dispute risk, because “can I record this?” is different from “will it help me (or hurt me) later if there’s a dispute?”.
The key idea is: it’s usually not the act of recording alone that creates the problem-it’s the lack of transparency, the way the recording is used, poor storage/security, or collecting more than you need.
From a business perspective, a good “recording approach” should do three things:
- Reduce risk (privacy complaints, employment disputes, reputational damage).
- Support legitimate business goals (safety, training, quality assurance, preventing theft or fraud).
- Be consistent (clear internal rules and a repeatable process, not ad-hoc decisions).
When Can Your Business Record Phone Calls?
Call recording is one of the most common questions we see from small businesses-especially if you have a sales team, take bookings, handle customer complaints, or run a support line.
As a starting point, in New Zealand it’s generally lawful for someone to record a conversation if they are a party to it (sometimes described as “one-party consent”). That said, businesses still need to manage privacy, fairness, and how recordings are used and stored.
Many businesses record calls for legitimate reasons, such as:
- training and coaching staff;
- quality assurance and compliance;
- confirming instructions or orders;
- managing disputes (for example, “what was agreed on the phone?”); and
- preventing fraud and improving customer safety.
Where businesses often slip up is not the “why”, but the “how”. A low-risk approach under NZ recording laws is to build transparency into your call flow and privacy documentation.
1) Be Clear With Customers Upfront
While telling people isn’t always strictly required in every scenario, in most business contexts the safest and most practical approach is to let customers know the call is being recorded before the recording happens. A short notice at the start of the call (or a recorded pre-message) is common and generally what customers expect.
If your team is unsure what to say, you can implement a standard script, such as:
- “Just letting you know, this call may be recorded for training and quality purposes.”
- “This call is recorded to help us improve our service and resolve issues quickly.”
If you want a deeper dive into the practical do’s and don’ts for businesses, call recording laws is a helpful reference point when setting up your process.
2) Don’t Record More Than You Need
A common issue is collecting sensitive information on recorded lines without thinking through the consequences. For example, customers might disclose:
- health information (even casually);
- financial details;
- address and security details; or
- complaint information about another person.
If you don’t need that level of information to provide your service, you should actively steer the call away from it, or set up processes that avoid recording that part (for example, secure payment portals rather than taking card details over a recorded phone line).
3) Store Recordings Securely (And Don’t Keep Them Forever)
Under privacy principles, businesses should take reasonable steps to protect the personal information they hold. Practically, that means:
- restricting access to recordings to people who genuinely need it (not “everyone can listen”);
- using strong passwords and access logs;
- choosing reputable storage providers; and
- having a retention/deletion schedule (for example, delete after 30/60/90 days unless needed for an active dispute).
This is also where your written privacy documentation matters. If you collect personal information (including via recordings), having a clear Privacy Policy can help you set expectations and reduce misunderstandings about what you collect, why you collect it, and how long you keep it.
Can You Record Conversations Or Meetings At Work?
Many business owners want to record internal conversations for legitimate reasons-especially if you’re dealing with:
- training sessions;
- toolbox talks and safety briefings;
- client meetings attended by staff;
- remote work meetings (video calls); or
- high-risk conversations like investigations, grievances, or performance meetings.
This is where NZ recording laws overlap heavily with employment law. Even if recording is technically lawful (for example, where the recorder is a participant), doing it the wrong way can damage trust and create major risk in an employment dispute.
Best Practice: Be Open And Get Agreement
For most workplaces, the safest approach is:
- tell people you want to record (before the meeting starts);
- explain why (for example, accurate notes, training, accessibility, or record-keeping);
- give an alternative if someone is uncomfortable (for example, detailed minutes, or recording only the presenter portion); and
- confirm how it will be used and who will have access.
If you record as part of a routine process (for example, recording training sessions for new hires), it’s worth building that into your workplace documentation so everyone is on the same page from day one. Many businesses capture this in an Employee Privacy Handbook and in broader Workplace Policy documents.
Be Careful In “High Stakes” Employment Meetings
If you’re recording something like:
- a disciplinary meeting,
- a performance management meeting,
- a restructuring/redundancy consultation, or
- a bullying/harassment investigation meeting,
you should slow down and get advice on process first. In employment situations, it’s not only about the recording itself-it’s also about fair process, good faith, and whether your approach could be seen as intimidating or undermining the relationship.
Even where recording might help you prove what was said, a covert or poorly handled recording can backfire and become the focus of the dispute.
Are CCTV And Workplace Cameras Legal In NZ?
CCTV is extremely common for small businesses-retail shops, hospitality venues, warehouses, gyms, professional practices, and even office spaces. Generally, workplace cameras can be lawful when used for legitimate purposes like security, health and safety, and loss prevention.
But “legal” doesn’t mean “anything goes”. Under NZ recording laws and privacy expectations, cameras should be set up in a way that is reasonable and proportionate.
If you’re deciding whether (and how) to install cameras, it’s worth reading workplace cameras considerations first, because camera placement and notice are often where businesses get caught out.
Where Businesses Commonly Get CCTV Wrong
Some of the most common CCTV pitfalls include:
- No signage or notice (people should generally be told they are being recorded).
- Recording in sensitive areas where privacy expectations are high (for example, bathrooms, changing rooms, shower areas). As a general rule, avoid these areas entirely.
- Using cameras for “performance monitoring” by default rather than for a clear, justified purpose.
- Leaving footage accessible to too many people, or storing it insecurely.
- Keeping footage indefinitely with no retention policy.
A Practical CCTV Setup Checklist
If you want something you can implement quickly, this checklist is a good starting point:
- Define the purpose (security, safety, incident investigation, theft prevention).
- Choose appropriate locations (entry/exit points, stock rooms, cash handling areas).
- Avoid private areas (bathrooms/changing rooms).
- Put up clear signage at entrances and other relevant areas.
- Limit access to footage to specific roles (for example, owner/manager only).
- Set a retention period and stick to it (unless footage is required for an active incident).
- Document the rules internally so staff know what to expect.
If you also record audio via CCTV (less common, but some systems allow it), be extra cautious. Audio recording tends to be treated as more intrusive, and you should make sure your purpose and notice are crystal clear.
How Does The Privacy Act 2020 Affect Business Recordings?
For most small businesses, the Privacy Act 2020 is the core legal framework that will shape how you record and use audio/video. Recordings often contain “personal information” because they can identify an individual (voice, face, name, customer complaint details, employee conduct, etc.).
That means you should treat recordings like any other personal information you collect-just in a different format.
Collection: Have A Real Reason (And Be Fair About It)
A simple way to think about privacy compliance is:
- Are you collecting this recording for a legitimate business purpose?
- Are you collecting it in a fair and reasonable way?
For example, a security camera watching the shop entrance is usually easy to justify. A hidden camera aimed at a staff member’s workstation “just in case” is much harder to justify and can create employment risk as well as privacy risk.
Notice: Tell People What You’re Doing
Privacy compliance isn’t just paperwork-it’s about avoiding nasty surprises. Even if a recording might be lawful without express consent in some situations, businesses will usually reduce risk by giving clear notice about what they’re doing.
If you record customers or staff, you should generally provide notice that includes:
- what is being recorded (audio, video, phone calls);
- why you record it (security, training, quality);
- how it will be stored and protected; and
- how long you keep it.
This notice might appear in different places depending on your business:
- signage in your premises (for CCTV);
- a recorded pre-message on phone lines;
- a clause in your customer terms; and/or
- internal staff policies and onboarding documents.
Use And Disclosure: Don’t Repurpose Recordings Casually
A classic small business trap is collecting a recording for one reason, then using it for another later. For example:
- You install CCTV for theft prevention, then use the footage to monitor productivity.
- You record support calls for “training”, then use a clip in marketing content.
- You record a client meeting to take notes, then share it widely internally.
Before you repurpose a recording, pause and ask: Would the person recorded reasonably expect this use? If not, you may need to stop, de-identify the content, seek consent, or get tailored legal advice.
Security And Retention: Treat Recordings Like Valuable (Sensitive) Data
Recordings can be extremely sensitive and damaging if mishandled-particularly where they include customers’ complaints, employees’ conduct, or footage inside your premises.
Good privacy practice includes:
- access controls (role-based access, audit logs where possible);
- security hygiene (password management, multi-factor authentication);
- breach preparedness (knowing what you’d do if recordings were leaked); and
- retention schedules (automatic deletion is your friend).
Access Requests: People May Ask For Copies
Because recordings can be personal information, individuals may request access to information you hold about them. In real terms, that might mean:
- a customer requests the recording of a phone call;
- a customer requests CCTV footage of an incident in your store; or
- an employee requests a recording used in a workplace process.
Access requests can be tricky, especially when recordings include other people (for example, other customers in the background of CCTV footage). This is one of those areas where getting advice early can save you a lot of time and stress.
How Do You Put Recording Rules Into Practice In A Small Business?
Knowing the rules is one thing. Implementing them in a way that works in a busy business is another.
Here’s a practical, business-first way to operationalise NZ recording laws without turning your day-to-day into a compliance project.
Step 1: Map Where Recording Happens In Your Business
Write down every place you record (or might record) information:
- phone system (incoming/outgoing calls);
- CCTV (front-of-house, back-of-house, warehouse);
- meeting recordings (Zoom/Teams/Google Meet);
- body-worn cameras (if relevant);
- vehicle dashcams (if you have a fleet);
- screen recordings (support sessions, training demos).
Step 2: Define The Purpose For Each Type Of Recording
A short purpose statement helps you stay consistent and prevents “scope creep”. For example:
- Call recordings: training, quality assurance, and dispute resolution.
- CCTV: safety and security, theft prevention, and incident investigation.
- Meeting recordings: note-taking and internal training (where agreed).
Step 3: Build Notice Into Your Customer And Staff Touchpoints
Notice doesn’t have to be complicated. It just has to be consistent.
- For customers: a short call message, clear CCTV signage, and a Privacy Policy that reflects what you actually do.
- For staff: onboarding documents and internal policies, such as an Employee Privacy Handbook and a broader Workplace Policy framework.
Step 4: Decide Who Can Access Recordings (And Why)
This is where many businesses accidentally create risk. If “everyone” can access recordings, it’s very hard to show you’re handling personal information responsibly.
A common and workable approach is:
- managers can request access for defined reasons (complaints, investigations);
- only nominated admins/owners can retrieve and export recordings; and
- any sharing outside the business requires approval.
Step 5: Create A Retention And Deletion Rule
Pick a timeframe that makes sense for your business and then implement it consistently. For example:
- call recordings deleted after 60–90 days unless flagged;
- CCTV footage deleted after 14–30 days unless required for an incident; and
- training recordings reviewed and deleted/replaced periodically.
The “right” number depends on your industry, your risk profile, and how often recordings are genuinely needed. If you’re unsure, that’s a good time to get tailored advice.
Key Takeaways
- NZ recording laws aren’t just one set of rules-recordings can involve privacy law, employment law, and practical dispute risk all at once.
- Phone call recording is often lawful for legitimate business reasons (and is generally permitted where you’re a party), but you should usually provide clear notice, minimise what you collect, and store recordings securely.
- Recording workplace conversations or meetings can create employment risk if handled poorly, so aim for transparency, clear purpose, and documented internal rules.
- CCTV and workplace cameras are commonly used for security and safety, but placement, signage, access controls, and retention rules are critical.
- The Privacy Act 2020 will usually apply to recordings because they often contain personal information-so you need to collect fairly, protect securely, and avoid using recordings for unrelated purposes.
- Policies and processes matter: consistent scripts, signage, retention periods, and internal access rules can prevent problems before they start.
If you’d like help getting your recording practices right (including call recording notices, CCTV setup rules, and privacy documentation), you can reach us at 0800 002 184 or team@sprintlaw.co.nz for a free, no-obligations chat.
