Can an Employer Record Conversations Without Consent? (2026)

Whether your employer can legally record you depends on two stacked legal questions: which state's recording-consent rules apply, and whether any separate employer-monitoring notice statute also governs. Federal law (18 U.S.C. § 2511) sets a one-party consent floor; 10 states require all-party consent; and Connecticut, Delaware, and New York separately mandate written pre-monitoring disclosure.

Information last verified on May 9, 2026. This article has not yet been reviewed by a licensed lawyer.

Jurisdiction scope: This article addresses employer recording of employees under federal law (Electronic Communications Privacy Act, 18 U.S.C. §§ 2510-2522; Stored Communications Act, 18 U.S.C. §§ 2701-2712; National Labor Relations Act, 29 U.S.C. §§ 151-169) and the laws of all 50 US states, with detailed treatment of Connecticut, Delaware, New York, California, Florida, Pennsylvania, and Washington. It does not address Canadian recording law, court-authorized law enforcement wiretaps, or the employee-side right to record employers for Section 7-protected purposes (covered in the US recording laws parent hub). It covers the employer-to-employee direction of monitoring only.

---

The short answer: it depends on state law and the type of recording

In the 36 states and the District of Columbia that follow one-party consent, an employer-manager who is a participant in a conversation may record it without notifying the other parties. That authorization comes from the federal baseline in 18 U.S.C. § 2511(2)(d) and the parallel state statutes that track it. But an employer who places a hidden recorder in a room to capture conversations it is not participating in is committing federal wiretapping regardless of state law. In the 10 all-party consent states (California, Florida, Illinois, Maryland, Massachusetts, Michigan (with a participant carve-out per Sullivan v. Gray, 117 Mich. App. 476 (1982)), Montana, New Hampshire, Pennsylvania, and Washington) and 5 hybrid jurisdictions, every participant's consent is required before recording begins. Three states add a separate layer: Connecticut under Conn. Gen. Stat. § 31-48d, Delaware under Del. Code tit. 19, § 705, and New York under N.Y. Civ. Rights Law § 52-c require advance written notice to employees before any electronic monitoring, regardless of the recording-consent baseline. Video-only surveillance with no audio capture follows different rules and is broadly permitted in common work areas nationwide. No employer, anywhere, may install audio or video recording equipment in bathrooms, locker rooms, or changing areas: that is a crime in every state.

---

Federal law: ECPA, the business-purpose exception, and the Wiretap Act

What ECPA says about employer monitoring

The Electronic Communications Privacy Act of 1986 (ECPA), codified at 18 U.S.C. §§ 2510-2522, is the foundational federal statute for all private recording analysis, including employer monitoring. Title I, the Wiretap Act, prohibits the intentional interception of any wire, oral, or electronic communication. The definition of "oral communication" at 18 U.S.C. § 2510(2) covers only utterances made under circumstances justifying a reasonable expectation of privacy, anchoring the statute in the constitutional framework the Supreme Court established in Katz v. United States, 389 U.S. 347 (1967). For employers, two exceptions dominate the analysis: the business-purpose (ordinary course of business) exception and the consent exception. Both are tools that permit monitoring when properly used; neither is unlimited. A third federal statute, the Stored Communications Act at 18 U.S.C. §§ 2701-2712, governs access to stored emails, chat logs, and cloud files, and applies a separate analytical framework addressed below.

The business-purpose (ordinary course of business) exception: 18 U.S.C. § 2510(5)(a)(i)

The ordinary-course-of-business exception at 18 U.S.C. § 2510(5)(a)(i) excludes from the definition of an "intercept device" any telephone or telegraph instrument, equipment, or facility furnished to the subscriber in the ordinary course of business by a communications service provider. Courts interpret this to mean that an employer using its own telephone system to monitor calls for legitimate business purposes (quality assurance on a call-center line, training, or regulatory compliance) is not using a "prohibited interception device" within the statute's meaning. The key limiting word is "legitimate": courts require a nexus between the monitoring and a genuine business need. Once the personal nature of a call becomes apparent, the employer must stop monitoring immediately. In Lisota v. Heartland Dental, LLC and RingCentral, Inc., No. 25-cv-7518 (N.D. Ill. Jan. 13, 2026), a federal district court upheld the ordinary-course exception for AI-powered transcription and sentiment analysis embedded in a business communications platform, finding the AI functionality integral to the provider's core telecommunications service. Lisota is a district court decision and is illustrative of the current judicial trend, not binding precedent.

The consent exception: 18 U.S.C. § 2511(2)(c) and (d)

The consent exception at 18 U.S.C. § 2511(2)(c) and (d) authorizes interception when one party to the communication has given prior consent and the interception is not for a criminal or tortious purpose. In a one-party consent jurisdiction, the employer-manager's own participation in the conversation satisfies this requirement: the manager is a party and has consented to the recording by making it. In all-party consent states, the consent exception requires that every party has given prior consent before the employer can lawfully record. Employee handbooks, onboarding acknowledgment forms, or call-center scripts that state "this call may be recorded for quality and training purposes" satisfy prior consent for the relevant parties. The consent must be prior: retroactive consent does not cure an unlawful interception under ECPA.

The Stored Communications Act: 18 U.S.C. §§ 2701-2712

The Stored Communications Act (SCA) at 18 U.S.C. §§ 2701-2712 governs data at rest: emails in inboxes, stored chat logs, completed call recordings, and cloud-hosted files. An employer that operates its own email servers qualifies as the "electronic communications service" provider under § 2701(a) and may access stored communications on those systems without violating the SCA. This service-provider exception is well-established. What the SCA does prohibit, however, is employer access to an employee's personal Gmail, iCloud, or social-media accounts without authorization: the employer is not the service provider for those platforms, so the exception does not apply. Accessing a personal account without the employee's consent is a federal crime under § 2701(a), carrying up to one year imprisonment for a basic offense, up to five years if the access was for commercial advantage or malicious reasons, and up to ten years for repeat offenders under § 2701(b).

---

State employer-monitoring notice statutes: Connecticut, Delaware, New York, and beyond

Three states have enacted employer-specific electronic monitoring notice statutes that operate independently of the recording-consent regime. These statutes do not simply define when recording is lawful: they require advance written disclosure of the employer's monitoring practices before any monitoring begins. Compliance is mandatory; violation triggers civil penalties regardless of whether the underlying monitoring was otherwise lawful. These statutes are a separate legal layer that stacks on top of the state recording-consent rules described in the next section.

State	Statute	Monitoring Covered	Notice Method	Penalties
Connecticut	Conn. Gen. Stat. § 31-48d	Computers, telephones, cameras, electromagnetic and photo-optical systems	Prior written notice conspicuously posted; investigation exception for suspected misconduct	$500 first offense; $1,000 second; $3,000 third and subsequent. Enforced by Labor Commissioner; no private right of action
Delaware	Del. Code tit. 19, § 705	Telephone, email, internet	One-time written notice with employee acknowledgment, OR daily electronic notice each time the employee accesses employer email/internet	$100 per violation
New York	N.Y. Civ. Rights Law § 52-c (eff. May 7, 2022)	Telephone, email, internet, any electronic device or system	Prior written notice at hiring; employer must obtain written or electronic acknowledgment; conspicuous posting required	$500 first offense; $1,000 second; $3,000 third and subsequent. Enforced by AG; no private right of action

Connecticut (Conn. Gen. Stat. § 31-48d). Connecticut requires employers to provide prior written notice describing the types of electronic monitoring that may occur. The notice must be conspicuously posted. "Electronic monitoring" covers collection of information on employees' activities or communications by any means other than direct observation, including computers, telephones, cameras, and electromagnetic or photo-optical systems. Connecticut includes one exception: the notice requirement does not apply where the employer has reasonable grounds to believe the employee is engaged in conduct that violates the law or the employer's legal rights, and electronic monitoring may produce evidence of that conduct. Connecticut is also a hybrid recording-consent state: Conn. Gen. Stat. § 52-570d(a) requires all parties to consent to phone-call recordings, while in-person conversations follow a one-party standard. Both obligations apply to Connecticut employers. See Connecticut workplace recording laws for the full framework.

Delaware (Del. Code tit. 19, § 705). Delaware's monitoring notice statute covers telephone conversations and transmissions, electronic mail and transmissions, and internet access and usage. Employers must provide either a one-time written notice with employee acknowledgment, or daily electronic notice each time the employee accesses employer-provided email or internet. A system-management exemption exists for processes performed solely for maintenance and protection of the email or internet system, not targeting specific individuals. The $100 per violation penalty is the weakest deterrent of the three state statutes; compliance cost is minimal relative to litigation exposure. Delaware is also navigated as a hybrid state under all-party consent states for recording-consent purposes.

New York (N.Y. Civ. Rights Law § 52-c). New York's statute, signed November 8, 2021, and effective May 7, 2022, requires employers to give prior written notice to all employees subject to monitoring at the time of hiring. Employers must obtain a written or electronic acknowledgment from each employee, and must conspicuously post the notice in the workplace. The required notice content states that telephone conversations or transmissions, electronic mail or transmissions, and internet access or usage may be subject to monitoring at any and all times by any lawful means. The statute applies to any employer with a place of business in New York, but does not apply to state agencies or political subdivisions. New York is a one-party consent state for recording purposes under the federal baseline, which means the § 52-c notice obligation applies even though the underlying recording does not itself require all-party consent.

Colorado (Colo. Rev. Stat. § 6-1-1301 et seq., as amended by H.B. 24-1130). Colorado does not have a general employer electronic monitoring notice statute comparable to Connecticut, Delaware, or New York. H.B. 24-1130, effective July 1, 2025, added a biometric-specific consent requirement to the Colorado Privacy Act: employers must obtain employee consent before collecting fingerprints, facial recognition data, voiceprints, or other biometric identifiers. Consent cannot be made a condition of employment except for secure-facility access, time-tracking, and workplace safety purposes. Colorado's H.B. 24-1058 separately requires employer notification when AI-driven tools are used in employment decisions, including productivity monitoring and performance scoring. Colorado's scope is narrower than the three-state notice framework: it covers biometrics and AI-driven employment decisions, not general electronic monitoring.

---

Recording-consent rules layered on top: the 36/5/10 framework

The employer-monitoring notice statutes above tell you what written disclosure an employer must give before monitoring. The state recording-consent regime tells you whether the recording itself is lawful without all parties' consent. These are two separate legal layers, and both apply simultaneously. An employer in Connecticut must both post a § 31-48d monitoring notice and comply with the all-party phone-consent rule under Conn. Gen. Stat. § 52-570d(a). An employer in New York must post a § 52-c notice even though New York follows one-party consent and the recording itself requires no employee agreement beyond the manager's own participation. California employers face the strictest recording-consent obligation under Cal. Penal Code § 632 (all-party consent for all confidential communications), but California has no separate employer-monitoring notice statute comparable to the three-state framework.

The authoritative count for the state recording-consent landscape as of 2026 is the 36/5/10 framework: 36 one-party jurisdictions (35 states plus DC), 5 hybrid states (Connecticut, Delaware, Hawaii, Maine, Oregon), and 10 strict all-party consent states. Earlier versions of this page used a 38/11/4 count, which is incorrect. The corrected count treats Connecticut and Oregon as hybrid rather than strict all-party, and Hawaii and Maine as hybrid rather than one-party.

State	Recording-Consent Regime	Employer Notice Statute	Combined Obligation
California	All-party strict: Cal. Penal Code § 632	None (CCPA/CPRA apply to employee personal data separately)	All-party consent required; civil damages up to $5,000 per violation under § 637.2
Connecticut	Hybrid: all-party for phone (§ 52-570d), one-party for in-person	§ 31-48d prior written notice	Both required; most demanding dual obligation after California
Delaware	Hybrid/all-party with interpretive ambiguity	§ 705 one-time or daily notice	Notice plus consent analysis
New York	One-party (federal baseline)	Civ. Rights § 52-c prior written notice at hiring	Notice required even though recording is one-party
Florida	All-party strict: Fla. Stat. § 934.03; third-degree felony	None	All-party consent required
Pennsylvania	All-party strict: 18 Pa. Cons. Stat. § 5704	None	All-party consent required
Washington	All-party strict: Wash. Rev. Code § 9.73.030	None	All-party consent required
Texas	One-party: Tex. Penal Code § 16.02	None	No advance notice or all-party consent required
Colorado	One-party	Biometrics and AI tools only: H.B. 24-1130 (eff. July 1, 2025)	Biometric consent required; general monitoring notice not mandated

For the complete state-by-state breakdown, see the US recording laws parent hub and the all-party consent states guide.

---

NLRA limits on employer recording: when surveillance violates Section 7

Stericycle, Inc. (372 NLRB No. 113, 2023): the current work-rules standard

The NLRB in Stericycle, Inc., 372 NLRB No. 113 (2023), replaced the employer-favorable Boeing categorical standard with a more protective test. Under Stericycle, a facially neutral workplace rule is presumptively unlawful if it has "a reasonable tendency to chill employees from exercising their Section 7 rights" under the National Labor Relations Act. The employer may rebut the presumption by showing the rule advances a legitimate and substantial business interest that cannot be served by a more narrowly tailored rule. Applied to employer recording policies, this means a blanket prohibition on all employee recording in all locations at all times is presumptively unlawful: the employer must narrow the prohibition to specific spaces or contexts where a legitimate confidentiality interest exists. Stericycle is the governing standard as of the date of this article's publication, though the composition of the NLRB Board has shifted under the current administration and this standard may be subject to future revision.

NLRB General Counsel Abruzzo Memo on Electronic Surveillance (Oct. 31, 2022)

General Counsel Jennifer Abruzzo's October 31, 2022 memo, available at the NLRB website, identified specific employer monitoring technologies that may violate Section 7: wearable devices, GPS tracking, RFID badges, keyloggers, screenshot and webcam monitoring software, and systems that automatically discipline workers based on productivity metrics. GC Abruzzo announced her intent to urge the Board to adopt a presumptive-violation framework when an employer's surveillance and management practices, viewed as a whole, would tend to interfere with protected activity. Under this framework, employers must disclose monitoring technologies used, the reasons for their use, and how collected data is utilized, unless special circumstances justify covert monitoring. This memo reflects the enforcement posture of the prior General Counsel. GC Abruzzo's term ended under the new administration, and the current enforcement direction may differ from this memo's stated priorities. The memo remains relevant as a roadmap of monitoring practices that have been identified as potentially unlawful under Section 7 analysis.

NLRB GC Memo GC 25-05: housekeeping rescission of Abruzzo-era enforcement memos (February 14, 2025)

On February 14, 2025, Acting General Counsel William B. Cowen issued GC Memorandum 25-05 rescinding a number of General Counsel memoranda issued during the Abruzzo era. The rescission is a housekeeping move that narrows the Office of the General Counsel's prosecutorial priorities. It is NOT a Boeing-era reinstatement, and it does NOT overrule any Board precedent. Stericycle, Inc., 372 NLRB No. 113 (Aug. 2, 2023), remains the controlling Board standard for evaluating workplace recording rules. Only the Board itself, not a General Counsel memorandum, can overrule Stericycle. Employers analyzing no-recording policies should continue to apply the Stericycle presumptively-unlawful framework until and unless the Board reaches a contrary decision.

NLRB Acting GC Memo GC 25-07: surreptitious bargaining recordings as per se violations (June 25, 2025)

Acting General Counsel William B. Cowen issued GC Memorandum 25-07 on June 25, 2025, taking the position that a party who secretly records a collective-bargaining session commits a per se violation of the NLRA. GC Cowen's memo, available at the NLRB website, directs NLRB regional offices to file complaint alleging a duty-to-bargain-in-good-faith violation under NLRA Sections 8(a)(5) and 8(b)(3) whenever an investigation reveals that any party (employer or union) surreptitiously recorded a bargaining session. The rationale stated in the memo is that "the use of surreptitious recordings during the collective-bargaining process is inconsistent with the openness and mutual trust necessary for the process to function as contemplated by the Act." GC Memo 25-07 is enforcement guidance directing regional enforcement, not a Board decision. It is persuasive authority for understanding current NLRB enforcement priorities but is not binding precedent.

NLRA enforcement in practice: the Apple Inc. case (NLRB Case No. 02-CA-295979)

The NLRB filed complaint against Apple Inc. in Case No. 02-CA-295979 alleging that Apple coercively interrogated an employee about union support, confiscated union flyers from a break room, and selectively and disparately enforced its Solicitation and Distribution Policy. The NLRB Board (May 2024) adopted the ALJ's conclusions that Apple violated Section 8(a)(1). The Fifth Circuit, reviewing the case in July 2025, found that Apple did not coercively interrogate the employee and reversed that portion of the Board's ruling. The Apple case illustrates how overbroad or selectively enforced workplace rules (including those that touch recording and communication) are subject to NLRB scrutiny under the Stericycle standard. It is important to note that the central allegations in this case involved coercive interrogation and union-literature confiscation, not a monitoring policy per se. This case should not be characterized as a ruling on employer monitoring practices.

---

Scenario-by-scenario analysis: what is and is not permitted

Recording disciplinary meetings

Disciplinary meetings (performance improvement plans, termination notices, harassment investigations) are among the most legally fraught workplace recording scenarios. In one-party consent states, the employer-manager who attends the meeting as a participant may record it without informing the employee. In all-party consent states (California, Florida, Illinois, Maryland, Massachusetts, Michigan (with a participant carve-out per Sullivan v. Gray, 117 Mich. App. 476 (1982)), Montana, New Hampshire, Pennsylvania, and Washington), the employer must inform the employee before recording begins. From the employee's side: in one-party states, the employee may also record the meeting without telling the manager. In all-party states, the employee may not record without consent either. The NLRA overlay here is important: in Weingarten situations (union employees' right under NLRB v. J. Weingarten, Inc., 420 U.S. 251 (1975) to a representative during investigatory interviews that may lead to discipline), an employer practice of covertly recording Weingarten meetings may constitute an unfair labor practice even in a one-party consent state, because the covert surveillance could have a reasonable tendency to chill protected concerted activity under the Stericycle standard.

Phone call monitoring: call centers and business lines

Under the ECPA ordinary-course-of-business exception at 18 U.S.C. § 2510(5)(a)(i), an employer operating its own phone system may monitor calls on business lines for legitimate business purposes: quality assurance, training, and regulatory compliance are the clearest examples. The obligation to stop monitoring once a call is identified as personal is well-established doctrine, grounded in the definition of "oral communication" and the reasonable-expectation-of-privacy framework from Katz v. United States, 389 U.S. 347 (1967). All-party state employers (California, Florida, and others) must obtain advance employee consent through signed employment agreements or use a recorded announcement on every call in addition to the ECPA business-purpose authorization. The "this call may be recorded" announcement satisfies consent for external callers but does not substitute for employee consent in states requiring all-party consent for internal communications. Connecticut, Delaware, and New York employers must additionally comply with their state monitoring notice statutes regardless of whether the recording itself requires all-party consent.

Video surveillance: cameras in the workplace

Video-only surveillance with no audio capture is not governed by the Wiretap Act and is broadly lawful in employer-controlled workplaces. No federal statute prohibits video cameras in workplace common areas, hallways, entrances, or production floors. The NLRB's position is that video surveillance directed at protected concerted activity (employees discussing wages, organizing, or filing complaints) may violate Section 7 if the surveillance is targeted, discriminatory, or conducted in a manner that would have a reasonable tendency to chill protected activity under the Stericycle standard. New York Labor Law § 203-c explicitly prohibits employer video recording of employees in restrooms, locker rooms, and employer-designated changing areas without a court order. No employer in any state may place cameras in bathrooms, locker rooms, or changing areas: state voyeurism statutes universally prohibit this, and criminal penalties apply. Connecticut, Delaware, and New York employers must provide written monitoring notice that covers video surveillance.

Email monitoring and computer use surveillance

Employer access to email on company servers falls under the SCA service-provider exception at 18 U.S.C. § 2701(a): the employer, as the provider of the email infrastructure, may access stored communications on those servers without violating the statute. Monitoring keystroke logging, browser history, and screenshots on company-owned devices is broadly lawful under this framework, subject to state electronic monitoring notice obligations in Connecticut, Delaware, and New York. Personal email accounts (Gmail, personal Outlook) accessed via a company laptop are protected by the SCA even when accessed on company equipment: the employer is not the service provider for those platforms. Accessing an employee's personal account without authorization, even on a company device, is a federal crime under § 2701(a).

BYOD (bring your own device) monitoring

BYOD creates the sharpest employer monitoring ambiguity. Employers cannot lawfully monitor personal texts, personal call logs, or personal social media on an employee's personal device without explicit consent set out in a signed BYOD agreement. Mobile Device Management (MDM) software that creates a separate work container on the device, walling off personal data from employer access, is the legally defensible technical architecture. Even with a valid MDM agreement, monitoring must be narrowly tailored to work-related data within the work container. Connecticut, Delaware, and New York require specific written disclosure before any device monitoring, including monitoring under a BYOD arrangement. Colorado requires consent before collecting biometric data from any device, including personal devices used for secure-facility access.

Bathrooms, locker rooms, and private spaces: universally prohibited

Installing audio or video recording equipment in bathrooms, locker rooms, changing areas, or nursing rooms is illegal in every state under state voyeurism and privacy statutes. New York Labor Law § 203-c explicitly prohibits employer video recording in these spaces absent a court order. Federal courts recognize an absolute reasonable expectation of privacy in spaces designed for bodily functions, personal care, or changing clothes, and no employer-employee relationship alters that expectation. California Penal Code § 647(j) classifies installation of recording devices in private spaces as a misdemeanor. No business-purpose exception under 18 U.S.C. § 2510(5)(a)(i), no consent defense, and no employment agreement clause can make bathroom or locker-room recording lawful. This prohibition is uniform across all 50 states.

Off-the-clock and remote-work monitoring

Employer monitoring rights extend to employer-provided devices even after working hours. If an employer issues a company phone or laptop, the employer generally retains monitoring rights over business communications on that device under its device-use policy, subject to the state monitoring notice obligations. Tracking an employee's GPS location via a personal device after work hours, accessing personal social media accounts off the clock, or intercepting personal communications at home falls outside legitimate employer monitoring and carries significant civil and criminal liability under both ECPA and the SCA. For remote workers, the home-office environment introduces additional complexity: a video call through a company platform on a company device is within the ordinary-course-of-business framework; a hidden monitoring application on a personal device used in a private home is not.

---

Recent developments: Stericycle 2023, GC 25-07 on bargaining recordings, and the 2026 AI ECPA ruling

The employer recording landscape changed on three significant fronts between 2023 and early 2026. First, Stericycle (372 NLRB No. 113, 2023) shifted the baseline for workplace rules analysis: blanket no-recording policies are now presumptively unlawful under NLRA analysis, and employers must narrowly tailor those policies to specific legitimate interests. The Stericycle standard may itself be subject to revision given the change in NLRB Board leadership under the current administration, but it remains the governing standard as of May 2026. Second, GC Memo 25-07 (June 25, 2025) created a per se NLRA violation category for surreptitious recording of collective-bargaining sessions. Both employers and unions must now treat covert bargaining recordings as conduct the NLRB will pursue as a duty-to-bargain violation under NLRA Sections 8(a)(5) and 8(b)(3). Third, federal courts began addressing AI-powered monitoring tools: Lisota v. Heartland Dental, LLC and RingCentral, Inc., No. 25-cv-7518 (N.D. Ill. Jan. 13, 2026), upheld the ECPA ordinary-course exception for AI call-analytics functionality embedded in a business communications platform. The district court held that transcription and sentiment analysis built into the platform were integral to the core telecommunications service, not add-on interception devices. Lisota signals that AI-integrated phone systems will generally survive ECPA challenge where the AI functionality is native to the platform, but the case is a district court decision and illustrative only. Employers deploying standalone AI transcription tools added on top of existing phone infrastructure should analyze whether those tools qualify as the employer's own telephone equipment in the ordinary course of business.

---

Private workspaces vs. open-plan offices: reasonable expectation of privacy

The concept of "reasonable expectation of privacy" from Katz v. United States, 389 U.S. 347 (1967), underlies both Fourth Amendment doctrine and the civil-law framework for employer monitoring under ECPA. In a workplace context, courts have generally held that employees retain a lower expectation of privacy in shared work areas, on company-owned devices, and in employer-provided email systems, but a heightened expectation in private offices (particularly for confidential professional conversations), on personal devices, and in any space designed for bodily functions or personal care. The analysis is fact-specific and jurisdiction-sensitive. A private-walled office where an employee regularly holds confidential discussions likely meets the subjective and objective tests from Katz; a cubicle in an open-plan floor where conversations are audible to co-workers likely does not. The Katz framework intersects with ECPA's definition of "oral communication" at 18 U.S.C. § 2510(2): only utterances "uttered by a person exhibiting an expectation that such communication is not subject to interception under circumstances justifying such expectation" are protected. An overheard conversation in a crowded break room may not meet this threshold; a closed-door meeting in a conference room almost certainly does.

The voyeurism overlay operates independently: even where a reasonable expectation of privacy exists, consent or notice can satisfy recording-consent laws, but no consent can authorize installation of recording devices in inherently private spaces. There is no employee waiver that makes bathroom recording lawful.

---

What employees should know: your rights when your employer records you

Employees have several distinct categories of rights in employer monitoring situations. First, in Connecticut, Delaware, and New York, employees are legally entitled to receive written notice of monitoring practices before monitoring begins. Failure to provide that notice violates the applicable state statute and triggers civil penalties against the employer.

Second, under the NLRA, an employer's blanket prohibition on all recording in all locations cannot lawfully prevent employees from recording workplace conditions to document safety violations, wage theft, or union organizing activity: that recording is protected concerted activity under Section 7, and a rule that would prohibit it is presumptively unlawful under Stericycle. Third, employees are not entitled to compel disclosure of an employer's recordings in most states outside of litigation or administrative proceedings, but those recordings are generally discoverable in employment disputes, discrimination claims, or NLRB proceedings once litigation commences. Fourth, the prohibition on bathroom and locker-room surveillance is absolute and cannot be waived by employer policy, employment agreement, or individual consent. An employer policy purporting to authorize that surveillance is void. Fifth, even on a company-issued laptop, personal email and social media accounts accessed on third-party platforms (Gmail, WhatsApp, personal iCloud) are protected from employer access by the SCA at 18 U.S.C. § 2701. Sixth, in all-party consent states, an employee who discovers a covert recording of a conversation they participated in has a private right of action for civil damages under the applicable state statute: California Penal Code § 637.2 ($5,000 per violation or three times actual damages) and the federal civil remedy under 18 U.S.C. § 2520 ($10,000 minimum, plus punitive damages and attorney's fees) both provide standing to sue.

---

Penalties for unlawful employer monitoring

Federal and state law each provide separate penalty tracks for unlawful employer monitoring. The penalties stack: a California employer that covertly records employees on a business line without consent faces federal civil and criminal exposure under ECPA plus state civil and criminal exposure under Cal. Penal Code §§ 632 and 637.2.

Federal criminal penalties under 18 U.S.C. § 2511(4)(a). Unlawful interception of wire, oral, or electronic communications carries up to five years imprisonment and a fine under 18 U.S.C. § 3571. These criminal penalties apply to willful violations and are pursued by federal prosecutors, not private parties.

Federal civil damages under 18 U.S.C. § 2520. Any person whose communications are unlawfully intercepted has a private right of action for the greater of actual damages or $100 per day for each day of violation, with a minimum recovery of $10,000. Punitive damages and reasonable attorney's fees are available in addition. Employees can sue the employer directly under § 2520 without waiting for criminal prosecution.

Stored Communications Act penalties under 18 U.S.C. § 2701. Unlawful access to stored communications carries up to one year imprisonment for a basic violation; up to five years if the access was committed for commercial advantage, malicious destruction, damage, or private commercial gain; and up to ten years for a repeat offense under § 2701(b).

Connecticut § 31-48d. Civil penalties of $500 for a first offense, $1,000 for a second, and $3,000 for a third and each subsequent offense, enforced by the Labor Commissioner. No private right of action.

Delaware § 705. Civil penalty of $100 per violation. No private right of action specified in the statute.

New York Civ. Rights § 52-c. Civil penalties of $500 for a first offense, $1,000 for a second, and $3,000 for a third and each subsequent offense, enforced by the Attorney General. No private right of action.

California. Criminal penalties under Cal. Penal Code § 632: up to one year in county jail and a $2,500 fine per violation (misdemeanor); subsequent violations can be charged as felonies. Civil damages under Cal. Penal Code § 637.2: the greater of $5,000 per violation or three times actual damages, with a private right of action.

Florida. Violation of Fla. Stat. § 934.03 is a third-degree felony under Florida law, carrying up to five years imprisonment and up to a $5,000 fine. Florida's penalty structure is among the most severe in the country.

NLRA remedies. NLRB enforcement for unlawful surveillance policies or surreptitious bargaining recordings results in an administrative order to cease and desist, rescind the unlawful policy, and post a notice to employees. NLRA remedies are administrative and do not include compensatory damages or civil fines, but the reputational, operational, and bargaining consequences of a Board order are significant.

---

TAKE IT DOWN Act (2025-2026): Federal NCII Overlay for Workplace Recording

Workplace recording disputes occasionally produce intimate-image misuse, particularly when an employer reviews body-camera or hidden-camera footage that incidentally captures a person in a state of undress. The federal TAKE IT DOWN Act, Pub. L. 119-12, signed May 19, 2025, adds a federal layer to this scenario.

The Act makes it a federal crime to knowingly publish nonconsensual intimate images of an identifiable adult, including AI-generated synthetic depictions. The criminal prohibitions took effect on signing. The platform notice-and-takedown obligation begins May 19, 2026, requiring covered online services to remove identified content within 48 hours of a valid notice (FTC enforcement). For employers, the practical implications are: (1) recordings that incidentally capture intimate imagery must be handled with strict access controls and retention limits; (2) sharing or transmitting such recordings to other employees, contractors, or vendors may independently violate the Act; (3) employer-sponsored AI tools that could be misused to generate sexual deepfakes from workplace recordings expose the employer to vicarious-liability risk. State NCII statutes operate in parallel; many states impose felony penalties and civil causes of action that exceed the federal Act's reach.

---

Sources and references

---

Disclaimer: This article provides general legal information about employer recording laws under federal and state law. It is not legal advice and does not create an attorney-client relationship. The laws summarized here reflect statutes and regulatory guidance as of May 9, 2026; subsequent amendments, court decisions, or NLRB Board actions may change the applicable rules. The information applies to the United States only and covers the federal ECPA framework and the state statutes and regulatory guidance cited throughout. Readers in Connecticut, Delaware, New York, California, Florida, Pennsylvania, Washington, and other all-party or employer-notice states should pay particular attention to the jurisdiction-specific rules applicable to their situation. Consult a licensed employment or labor attorney in your state for advice on your specific circumstances.

---

About the author

[PLACEHOLDER: author roster pending. This article will be attributed to a licensed employment law professional once the author roster is finalized.]

---

Related articles

• US recording laws by state: the 51-jurisdiction parent hub covering all state recording-consent regimes
• All-party consent states: the complete 2026 list: the 13 states requiring all-party consent, with per-state penalty details
• Connecticut workplace recording laws: Connecticut's hybrid recording rules and § 31-48d employer monitoring obligations
• Colorado workplace recording laws: Colorado biometric consent requirements and one-party recording baseline

---

---

Last updated: May 9, 2026. Statutes cited reflect their in-force version as of May 9, 2026.