Termajargon: Policy Terms Defined

California Invasion of Privacy Act (CIPA)

The California Invasion of Privacy Act (CIPA) is a privacy law that went into effect in 1994 to protect residents of California from the harms that come when a third party eavesdrops on private communications. The law was originally passed to prevent the eavesdropping of phone calls over landline phones. As technology improved, CIPA was used to protect residents of California from the recording of calls without consent through cell phones and even the Internet (e.g. recording of calls through Zoom or CRM platforms such as Hubspot).

Once courts determined that the California Invasion of Privacy Act can be used for litigating claims where a resident of California was tracked when using a website, multiple privacy lawsuits have been filed alleging similar violations. In addition, the lawsuits have garnered different results, with some lawsuits being dismissed while others being allowed to proceed forward. CIPA allows consumers to sue businesses directly for violations and obtain damages of $5,000 per violation. 

Since CIPA and the recent lawsuits have been targeting websites that use tracking technologies or other technologies that can intercept communications between the website and a resident of California, websites that use such technologies should first review all of the technologies that are used on the website. For example, if you currently use a chat feature on your website and get no inquiries from the chat feature, you should consider removing it. Or, if you are using a website analytics tool but never view the actual analytics, consider removing that tracking technology from your website.

The second best way to avoid CIPA violations is to obtain the consent of the user prior to tracking them. This is because consent of the individual is an established exception to CIPA. Consent can easily be obtained through a cookie consent banner. It’s important to note that a cookie consent banner only obtains consent for tracking technologies, not phone calls. That’s why many businesses are referring to this law as the “Cookie Banner law from California.”

"I recommend Termageddon to my Customers and legal colleagues, because they are the only Terms of Use, Privacy, and Cookie Consent generator I know that not only maintains up-to-date EU & UK GDPR, Canada, Australia (international) policies, but U.S., state specific changes which are numerous and changing on almost a daily basis."

Rian Kinney

Esq. CIPP/E and CIPM

Privacy Policy Generator user
Termageddon logo

The most comprehensive website policies generator on the market.

Use Termageddon to help comply with privacy laws such as the CPRA, GDPR, UK DPA, CalOPPA, PIPEDA, and more. We also help you comply with consumer protection laws, provide eCommerce disclosures, and limit your liability.