Strategies for Minimizing Risk of Privacy Class Actions

Businesses are increasingly facing class action lawsuits alleging that they have violated someone’s privacy, under state or U.S. laws. Privacy statutes exist in most states, including California with its Invasion of Privacy Act, or “CIPA,” which provides criminal and civil liability for violations like recording communications without consent.

Federal privacy statutes include the Electronic Communications Privacy Act (ECPA), which provides criminal and civil liability for intercepting “electronic communications” or permitting access to electronically-stored information. Businesses should take steps to protect themselves from such claims before they are filed and lay the groundwork for a defense if they are filed.

Being aware of potential key defenses and thinking strategically before a lawsuit is filed can often lead to early dismissal. If your business records, collects or uses consumer data, you should regularly review your disclosures about these practices to confirm they are accurate and satisfy current law.

If you are sued for privacy violations, keep in mind that many privacy statutes were enacted before the development of the Internet and with other kinds of activities in mind. Thus, a key defense may be that the alleged privacy violation simply does not fit the statute. Differing state laws may enable an argument that one state’s laws do not reach those who live outside the state. An alleged data privacy violation rarely leads to actual or quantifiable damages, and especially in federal court the absence of injury can be grounds for obtaining dismissal.