Posts

California Consumer Privacy Act

California Consumer Privacy Act (CCPA)

/in /by

California Consumer Privacy Act

California has some of the strongest consumer privacy laws in the country, and companies that violate those laws could face serious legal repercussions. For example, state residents have a right to privacy under the California Consumer Privacy Act (CCPA). These privacy rights exist when a prospective customer talks to a salesperson or customer service rep on the phone, communicates via an online chat feature, or fills out a form on a website. Anytime a company monitors, records, or uses the data collected in these communications without permission, it may be considered an unlawful invasion of privacy that subjects the offending company to civil penalties. Moreover, consumers whose personal information is exposed in a data breach may be entitled to recover statutory damages, which can total thousands of dollars.

To learn more about the California Consumer Privacy Act, keep reading this blog.

Digital Privacy Concerns for California Consumers

Digital privacy is a major concern in the internet era. Studies show that many Americans are worried about a lack of control over their personal information, particularly the information they share with companies on the internet. For example, a Pew Research Center survey found that approximately 60% of Americans believe that it is simply not possible to go through their daily lives without companies monitoring them and collecting their data. The same survey also showed that more than 80% of U.S. adults are concerned about how companies use the data that is collected.

State laws like the California Invasion of Privacy Act (CIPA) and the California Consumer Privacy Act (CCPA) recognize the importance of giving consumers some degree of control over their sensitive personal information. That’s why the CIPA requires companies to disclose when they are wiretapping or recording conversations, and the CCPA allows consumers to opt out of having their data shared by companies.

What Is the California Consumer Privacy Act?

In 2018, state legislators passed the California Consumer Privacy Act (CCPA). This was the very first state privacy law, and it has served as a model for other states looking to strengthen protections for consumer data. The CCPA imposes obligations on businesses that collect customer data, as well as specifically allowing consumers to make demands about how their personal information is used by businesses.

What Consumer Rights Are Protected by the CCPA?

Among the most important consumer rights protected by the California Consumer Privacy Act (CCPA) are:

  • The right for consumers to know exactly what type of personal information is collected by a business, including how that information will be used, shared, or sold by the business.
  • The right to request that any personal information collected by a business be deleted.
  • The right for consumers to submit an “opt-out” request and prevent a business from selling their personal information.
  • The right not to be discriminated against by a business simply for exercising consumer rights under the CCPA. This means that businesses cannot deny you the ability to purchase goods or services or otherwise complete a transaction just because you asked about the personal information they collect.

The CPRA Amended the CCPA to Strengthen Consumer Privacy Rights

The California Privacy Rights Act (CPRA) amended the CCPA to enhance consumer privacy protections and brought the state law more in line with the robust protections provided under international law by the European Union General Data Protection Regulation (GDPR).

The CPRA placed severe restrictions on companies doing business in California, and it also created new consumer rights such as the right to correct any personal data that is inaccurate. Additionally, the CPRA broadened the scope of previous CCPA protections in other ways. For example, the CPRA allows consumers to opt out of the sharing of their personal information with third party advertisers. Under the old consumer privacy law, opting out was only an option with respect to the sale of personal information.

Filing a Civil Lawsuit Under the CCPA

In most cases, the California Consumer Protection Act (CCPA) does not create a private right of action that would allow consumers to file civil suits. But the California Attorney General does have the ability to take action against businesses that violate the CCPA. The possible civil penalties that may be imposed against companies include a fine of $7,500 for each violation of the data privacy law.

Additionally, there is at least one situation where a consumer may be able to bring a civil lawsuit: when the consumer’s personal information is exposed in a security breach because the business failed to follow adequate security procedures. Victims of data theft can file a claim under the CCPA to recover statutory damages of up to $750 for each incident.

Call the Los Angeles Consumer Privacy Lawyers at Tauler Smith LLP

Were you a victim of a data breach by a company that exposed your personal information? You need an experienced Los Angeles consumer protection lawyer who is familiar with the nuances of state privacy laws, including the California Consumer Privacy Act. The Los Angeles consumer privacy attorneys at Tauler Smith LLP are prepared to represent you in a civil suit, and we can help you get financial compensation for any harm you suffered when your privacy rights were infringed.

Call 310-590-3927 or send an email to schedule a free initial consultation about your case.

California Invasion of Privacy Act

California Invasion of Privacy Act (CIPA)

/in /by

California Invasion of Privacy Act

It is quite common these days for businesses to monitor and record phone calls with customers, whether it’s to ensure that orders are accurate, to review employee interactions, or for some other reason. At the same time, new technologies have made it easier than ever to eavesdrop on private communications. Unfortunately, this has resulted in some companies going too far by invading the privacy of customers. The California Invasion of Privacy Act (CIPA) is a state law that makes it illegal for businesses to wiretap consumer communications and record you without your consent. Businesses that violate the CIPA may be subject to both criminal and civil penalties, including a lawsuit filed by any consumers whose conversations were wiretapped or recorded without permission.

To learn more about the California Invasion of Privacy Act, keep reading this blog.

What Is California’s Invasion of Privacy Law?

California has the nation’s strongest consumer protection laws, including the California Invasion of Privacy Act (CIPA), the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), the California Consumers Legal Remedies Act, and the California Unfair Competition Law (UCL). The CCPA was enacted in 2018 to become the nation’s first state privacy law, and it strengthened protections for customer data collected by businesses online. The CIPA has a longer history, having been passed by the California State Legislature in 1967 for the purpose of more broadly protecting the privacy rights of all state residents, including consumers. Under the CIPA, it is illegal for companies to wiretap or record conversations unless all participants have consented to the recording. This applies to telephone conversations and online communications.

Cell Phones

Although the wiretapping law was initially intended to cover calls on landline phones, the use of cellular phones has been addressed by the statute. Cal. Pen. Code sections 632.5 and 632.6 specifically prohibit the use of a recording device when a call involves a cellular phone, whether it’s two cell phones or one cell phone and one landline phone.

Websites & Session Replay Software

In addition to recording phone conversations, a lot of companies also keep records of their interactions and communications with customers who visit a company website. This becomes problematic – and possibly illegal – when the company uses session replay software to capture visitor interactions with their website. That’s because the use of this type of tracking software may constitute an unlawful intercept of the communication, as defined by California’s wiretap law.

Session replay software allows website operators to monitor how a user interacts with the website. The tool then reproduces a video recording that shows the user’s interactions, including what they typed, where they scrolled, whether they highlighted text, and how long they stayed on certain pages. When companies employ this software, the very fact that a machine is being used to intercept customer communications constitutes a violation of the CIPA.

California Penal Code Section 631: Wiretapping

California Penal Code Section 631 forbids anyone from illegally wiretapping a conversation. The law specifically prohibits the following:

  • Using a machine to connect to a phone line.
  • Trying to read a phone message without the consent of all the parties participating in the conversation.
  • Using any information obtained through a wiretapped conversation.
  • Conspiring with another person to commit a wiretapping offense.

Some states allow a call to be recorded when just one participant is aware of the wiretap and consents to it, even if the person recording the call is the one providing consent. But California is a two-party consent state, which means that everyone involved in the call or chat must agree to it being recorded. If just one party does not provide consent, then recording the conversation constitutes a violation of the CIPA and can result in both criminal and civil penalties.

Out-of-State Businesses

Even if the person who called you or chatted with you was not located in California, you can still bring a lawsuit under the Invasion of Privacy Act as long as you were in the state at the time of the call or chat. That’s because out-of-state businesses must still comply with California laws when communicating with someone who is in the state.

California Penal Code Section 632: Eavesdropping

Section 632 of the California Penal Code addresses the crime of eavesdropping. Many times, a wiretapping case also involves eavesdropping offenses where the offending party both taps a phone line and listens in on the conversation. The main difference between the two is that eavesdropping does not necessarily involve the tapping of a phone line.

The statute defines “eavesdropping” as the use of a hidden electronic device to listen to a confidential communication. Significantly, the law is not limited to phone conversations. When someone intentionally eavesdrops on an in-person conversation, they may be subject to criminal charges and a civil suit for damages. The types of electronic devices that are often used to illegally eavesdrop include telephones, video cameras, surveillance cameras, microphones, and computers. If the device was concealed from one of the parties, it may constitute a violation of California’s eavesdropping laws.

Can You Sue for Invasion of Privacy in California?

Although the California Invasion of Privacy Act is technically a criminal statute, Cal. Pen. Code §637.2 gives victims of wiretapping and eavesdropping the ability to bring a civil suit against the person or company that illegally recorded the conversation. If you learn that someone was listening in on your private conversation without permission, you may be able to file a lawsuit to recover statutory damages. Additionally, §638.51 gives consumers the ability to file a lawsuit against companies that use trap & trace devices to illegally monitor website visits without consent.

If you learn that someone was listening in on your private conversation without permission, you may be able to file a lawsuit to recover statutory damages.

How to Prove Invasion of Privacy Under the CIPA

To win your CIPA claim, you will need to prove that the conversation was illegally recorded in the first place. In some cases, this will be obvious because the business will reveal that they are monitoring and recording the call or chat. In other cases, consumers may learn about illegal wiretapping during the discovery process when the defendant is forced to turn over company records.

The other elements of a CIPA claim that you will need to establish at trial include:

  • The defendant intentionally used an electronic device to listen in on and/or record the conversation.
  • You had an expectation that the conversation would not be recorded.
  • You or at least one other person on the call did not consent to having the conversation recorded.
  • You suffered some kind of harm or injury as a result of your privacy rights being violated by the defendant.

The use of a cellular phone can change the burden of proof needed to win a CIPA claim. That’s because courts will typically use a strict liability standard when at least one of the participants on the call was using a cell phone. This means that the context and circumstances of the call won’t matter; the court will automatically presume that there was an expectation of privacy. Additionally, strict liability will apply to the defendant even when they did not realize that the other person on the call was using a cell phone.

What Is the Penalty for Invasion of Privacy?

The criminal penalties for violating the California Invasion of Privacy Act (CIPA) include possible jail time and significant fines. Businesses that violate the CIPA may also be exposed to civil penalties when a consumer files a lawsuit in state court.

Criminal Penalties

The CIPA gives criminal prosecutors wide latitude to charge an offense as either a misdemeanor or a felony, depending on the facts of the case. If a CIPA violation is charged as a misdemeanor, the defendant could be sentenced to one year in jail and ordered to pay up to $2,500 in statutory fines for each violation. If the violation is charged as a felony, the possible jail time could increase to three years. Additionally, anyone convicted of a second wiretapping offense could face more substantial fines.

Civil Penalties

The CIPA lists statutory penalties that may be imposed against companies or individuals who violate the statute. The court can order the defendant to pay $5,000 in statutory damages for each illegally recorded conversation, or three (3) times the actual economic damages you suffered because of the privacy breach. The judge in your case will have the option to choose whichever amount is greater: the statutory damages or the actual damages.

Depending on the circumstances of your case, you might also be able to file a right of publicity lawsuit. That’s because right of publicity claims and invasion of privacy claims often overlap, especially when a business attempts to profit from someone else’s image or likeness without consent.

California Invasion of Privacy Statute of Limitations

It is very important that you take immediate action and speak with a qualified consumer protection attorney as soon as you suspect that a company may have violated your privacy during a communication. That’s because the California Invasion of Privacy Act (CIPA) requires plaintiffs to file a civil suit within one (1) year of the date on which the conversation happened. Failure to bring your case before one year has passed could result in your lawsuit being dismissed.

The statute of limitations period typically begins when the plaintiff knew about the defendant’s illegal wiretapping. But what happens when the plaintiff did not learn about the invasion of privacy violation until later? In these cases, the court usually applies a reasonable person standard, which means that the court will attempt to determine the point at which a reasonable person standing in the shoes of the plaintiff would have known about the unlawful act by the defendant. In other words, should the plaintiff have discovered the privacy violation before the statute of limitations expired?

Contact the Los Angeles Consumer Protection Lawyers at Tauler Smith LLP

If a company invaded your privacy by secretly recording a conversation without your permission, you may be eligible to file a civil suit to recover statutory damages. The first step you should take is to speak with an experienced Los Angeles consumer protection attorney at Tauler Smith LLP. We can help you decide how to best proceed with your case.

Call 310-590-3927 or email us today.