Keeping Our
Clients and
Business Partners
Informed

Invasion of Privacy Lawsuits: A New Threat to California Businesses

Lawsuits using technical violations of such well-intentioned laws such as the Americans With Disabilities Act (ADA) and the Fair Employment and Housing Act (FEHA) are nothing new to California businesses. However, there is a new wave of lawsuits alleging technical violations from professional plaintiffs and the attorneys that enable them, which threaten California businesses based on another well-intentioned law that has been on the books since 1967: The California Invasion of Privacy Act (CIPA).

CIPA was originally intended to prevent wiretapping. To deter this activity, the law came with a hefty $5,000 per violation fine. However, since the widespread availability of the internet, CIPA has been used in lawsuits to prevent online data collection. Attorneys have now taken aim against any California business that uses its website to interact with a potential customer (think “chat bots” on websites). Many of these website features use third-party software to run the chat or tracking pixel software which may track and save those communications – without the proper consent of the customer.

If this happens, the business is exposed to a lawsuit. The attorney will typically allege that the business “conspired with a third party” (i.e. META or Google) to capture the customer’s private communications. Every line of information kept may constitute a violation of CIPA… and the $5,000 per violation penalty could add up to tens or hundreds of thousands of dollars of potential liability!

So what can you do to prevent a CIPA lawsuit against your business? Here are some suggestions:

  1. Get consent from your customer! It seems simple, and it can be- if you are aware of the problem. If the website has a chat feature, make sure that before it gathers any information, that the customer is notified and consents to the feature.
  2. Implement an “opt-in” cookies consent. Visitors to your website should be advised that the website collects data via cookies or tracking pixels.
  3. Develop privacy disclosures. Your web design team should develop a data map outlining how personal data is collected, shared, and processed.
  4. Be sure to make the notice regarding privacy and use of their data clear and conspicuous.

By being proactive and implementing these strategies, businesses can reduce their risk of receiving CIPA-related complaints. Taking these steps not only fosters compliance but also shields your organization from opportunistic attorneys and their “professional plaintiff” clients.

For assistance in navigating these requirements, consider utilizing a privacy compliance platform to streamline the process and enhance your protections. If you have questions or receive any letter relating to an alleged violation of CIPA, do not hesitate to contact the attorneys at Vogt, Resnick & Sherak LLP for further assistance.