On October 24, 2016, the United States District Court for the Southern District of California refused to dismiss claims brought by two former inmates and their counsel regarding violations of a California privacy law. The plaintiffs commenced a class action against Securus Technologies, Inc. (“Securus”), a self-proclaimed “inmate communications provider,” alleging that Securus unlawfully monitored and recorded telephone conversations between the inmates and their counsel. The California Invasion of Privacy Act (“CIPA”) “makes it a felony to, ‘without permission from all parties to the conversation, eavesdrop on or record, by means of an electronic device, a conversation, or any portion thereof, between a person who is in the physical custody of a law enforcement officer or other public officer, or who is on the property of a law enforcement agency or other public agency, and that person’s attorney . . . .’” Among other arguments contained in its motion to dismiss, Securus alleged that the plaintiffs’ allegations were insufficient to provide standing. The Court rejected this argument, holding that a violation of CIPA is indeed a concrete and particularized injury in fact.
Why did the Court Find Violations of California’s Privacy Law Constitute a Concrete Injury?
Court Refuses to Dismiss Claims Relating to California Privacy Law
In attempting to dismiss the class action complaint, Securus argued, among other things, that the plaintiffs lacked standing to sue because they only alleged “a bare statutory violation of CIPA.” The Court rejected this argument, stating that an “invasion of privacy . . . [is] a serious threat to the free exercise of personal liberties and cannot be tolerated in a free and civilized society.” The Court discussed the history of legislation designed to secure a right to privacy and ultimately denied Securus’ motion to dismiss because “a violation of CIPA is a violation of privacy rights.” Ultimately, the Court held that “[t]he alleged harm to all Plaintiffs – an invasion of their privacy rights – . . . constitute[s] a concrete and particularized injury that is actual and imminent.”
Our blogs have stressed the importance of businesses maintaining carefully drafted privacy policies, particularly with respect to their Internet-related activities. This California decision underscores just how seriously courts now treat privacy violation claims. Given the ever-changing regulatory climate, it is important that privacy practices are regularly updated by businesses to avoid unnecessary litigation.