Jason, Jacob, and Jaz have prepared four brief posts on the California Invasion of Privacy Act (CIPA), an old law now applied to new technology. With damages of $5,000 per violation or treble damages, CIPA lawsuits cannot be ignored. If you have a website and want to protect your company from litigation costs, check out these posts and contact us with any questions.
The California Invasion of Privacy Act (CIPA) was enacted in 1967 to "protect the right of privacy by, among other things, requiring that all parties consent to a recording of their conversation." Whether intentional or not, from these modest origins CIPA has become a giant—create substantial liability risk for thousands of companies every year.
But just how great is the risk? Section 637.2 states that "[a]ny person who has been injured by a violation of this chapter may bring an action against the person who committed the violation for the greater of the following amounts: (1) Five thousand dollars ($5,000) per violation" or "(2) [t]hree times the amount of actual damages, if any, sustained by the plaintiff." Moreover, the same provision states that "[i]t is not a necessary prerequisite to an action pursuant to this section that the plaintiff has suffered, or be threatened with, actual damages."
So, a website faces risk up to $5,000 per violation even when the user has sustained no damages. In practice, only a few cases that involve CIPA claims against a website have reached the stage where damages have been awarded, and they are hard to analogize. So, website owners are left in a tough position: if I am accused of violating CIPA, how should I proceed?
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
