Down, but not out

Call-recording class actions and the California Invasion of Privacy Act

Ryan Crist
2020 August

“This call may be recorded for quality assurance purposes.” We’ve all heard it somewhere. Companies legitimately record calls for training, risk management, and data gathering all the time. But the disclosure at the start of the call has nothing to do with any of that. Rather, these companies are trying to conform to the ever-changing California Invasion of Privacy Act, or CIPA.

In general, the CIPA requires a warning be issued to all parties when a call is recorded. This applies to companies and individuals alike. Californians in particular are used to hearing this disclosure on a regular basis. And when they don’t hear it, a class action will likely be filed within the next few days. At $5,000 per call, the penalties for surreptitiously recording calls are massive.

However, the CIPA is constantly in flux. To the rejoice of the defense bar, the Court of Appeal recently held many CIPA provisions only apply to third-party eavesdroppers and not to the individual parties on the call. (Smith v. LoanMe, Inc. (2019) 43 Cal.App.5th 844.) This means any party can record the call without telling you, as long as it is not confidential. To many of us, this still feels like a privacy violation, and California’s Supreme Court may yet agree when it reviews the Court of Appeal’s decision.

While the number of these class actions appears to be in decline, they are far from over. Despite the massive exposure for failure to provide these disclosures, it would be a mistake to assume widespread compliance with CIPA. Many companies provide disclosures when a consumer calls in. But what about if the company calls the consumer? There’s rarely a disclosure informing the consumer that the outbound call is being recorded. This is especially problematic when a company sets its phone system to record everything and makes no distinction between inbound or outbound calls. This is a common mistake for out-of-state companies conducting business in California – they have no idea CIPA exists, let alone the massive penalties awaiting them for the same conduct deemed lawful in their state. In addition, emerging technology makes it easier than ever to record consumer conversations.

These cases will also remain popular due to the relative ease of determining liability and damages, rendering them ripe for an early settlement or mediation. By pulling the call logs and reviewing its practices, a defendant can quickly determine the class size and multiply it by the penalties for maximum exposure, which is often enough to force an early settlement.

Think of the last phone upgrade you did. Did you remember to immediately redo the script informing clients their incoming calls were being recorded? And did you remember to turn off the feature recording outgoing calls? This is an easy mistake, and one that can cost you.

My call was recorded! Now what?

There’s a general understanding in California that recording calls without consent is illegal. After all, California, like a few other states, is considered a pro-privacy, “two party consent” state. This means both parties on the call must consent to the recording. However, determining the proper remedy requires more than learning your call was recorded. Luckily for consumers, the California Invasion of Privacy Act provides those remedies.

Under the CIPA, the plaintiff need not suffer actual damages to enjoy standing. (Id., subd. (b).) That is, the plaintiff does not need to suffer any economic harm in order to seek penalties under the CIPA. Simply having the call recorded without consent is enough. Non-California residents can also sue under the CIPA if the acts that violated the CIPA occurred in California. (Valentine v. NebuAd, Inc. (N.D. Cal. 2011) 804 F.Supp.2d 1022, 1026–1028.) Even corporations enjoy a private right of action under the CIPA. (Ion Equipment Corp. v. Nelson (1980) 11 Cal.App.3d 868, 878-879.)

Notably, government entities may be held liable for violating these provisions. Generally, government agencies are excluded from most statutory provisions, but “only if their inclusion would result in an infringement upon sovereign governmental powers.” (City of Los Angeles v. City of San Fernando (1975) 14 Cal.3d 199, 276-277.) Whether CIPA infringes on those powers will be case-by-case analysis for each entity, but the majority of government entities have no legitimate reason to surreptitiously record calls. Government entities “have been held subject to legislation by which its terms applies simply to any ‘person,’” just like CIPA does. (Ibid.) Just don’t expect to get any punitive damages out of them.

What’s required under CIPA?

The CIPA has two primary causes of action for unlawful recordings. First, section 632 provides statutory penalties for recording confidential communications without consent. Generally, the elements include: (1) any person, (2) who intentionally records, (3) a confidential communication, (4) without consent. “Person” is defined broadly and includes any legal entity. “Confidential” is defined as “any communication carried on in circumstances as may reasonably indicate that any party to the communication desires it to be confined to the parties thereto.” Predictably, whether a communication is confidential is generally the primary focus.

Second, section 632.7 provides penalties for the recording and interception of cellular or cordless communications without consent, even if they were not confidential. The elements include: (1) any person, (2) who intentionally records (3) and intercepts or receives, (4) a communication including at least one cordless or cellular phone, (5) without consent. Whether these cordless communications apply to more modern technology, such as Voice Over Internet Protocol (“VOIP”), is a contested issue. (Gruber v. Yelp, Inc., A155063.)

Consent is another hotly contested topic under the CIPA. Because lack of consent is an element for both statutes, defendants can avoid liability by adequately disclosing their call-recording practices and allowing consumers time to consent. Affirmative consent is actually not required. If a consumer hears this disclosure but stays on the line, consent is automatically implied.

CIPA penalties pack a serious punch. Both statutes enable the recovery of $5,000 per call recorded. (CIPA 637.2, subd. (a)(1).) If a company is caught recording all calls automatically, the damages can be staggering.

A special consideration for Smith v. LoanMe, Inc.

While CIPA is very broad, there are limitations. For example, the language of section 632.7 states it is illegal for any person to “intercept or receive” and “intentionally record” a cellular communication without consent. As such, if there is no “interception” or “receipt” of the conversation, then there is no violation. Under a literal reading, the party on the phone recording the communication necessarily also “receives” it. While this seems straightforward, the Court of Appeal recently found otherwise. (Smith, supra, 43 Cal.App.5th 844.)

In a recent landmark decision, the court found section 632.7 “does not prohibit the participants in a phone call from intentionally recording it.” (Smith, supra, 43 Cal.App.5th at 848.) Instead, it “prohibits only third-party eavesdroppers from intentionally recording telephonic communications involving at least one cellular or cordless telephone.” Under the court’s reasoning, “the parties to a phone call always consent to the receipt of their communications by each other.” Specifically, the court found the plaintiff consented to the call because when the defendant asked “Is Mrs. Smith there?” he responded “No.” In the court’s view, if Mr. Smith did not consent to recording the call, he should have ignored the question and hung up the phone. Notably, the defendant never provided affirmative notice of the recording. Instead, the trial court determined Mr. Smith should have known the call was being recorded because there was a beeping noise in the background, which might signal the existence of a recording device.

The court also suggested it would be “absurd” to levy civil penalties and criminal liability if a plaintiff answered on his or her cell-phone rather than a landline. Because this is out of the defendant’s control, the court found this distinction unfair. However, the court acknowledged wireless communications are subject to “greater vulnerability” of third-party recordings than landlines, but still not enough to hold the parties to a call liable for surreptitious recordings. Under Smith, a party to a communication may record the conversation entirely, as long as it is neither confidential nor transmitted to another party.

On April 1, 2020, California’s highest Court granted review of Smith. It’s entirely possible the court will overturn Smith and affirm the overwhelming majority of federal courts who have found section 632.7 is not limited to third parties. Indeed, several district courts conducted their own analysis of the legislative history behind CIPA and found “interpreting § 632.7 to only apply to third parties would defeat the Legislature’s intent.” (Ades v. Omni Hotels Mgmt. Corp. (C.D. Cal. 2014) 46 F.Supp.3d 999, 1017-1018.)

While Smith limited the scope of the CIPA, section 632.7 will still likely be a popular tool for the plaintiff’s bar, regardless of the Supreme Court’s upcoming decision. This is because large corporations often use call centers or other third parties to handle their massive call volume. Adding a call center to the mix adds the third-party eavesdropper element contemplated by Smith. After all, section 632.7 also applies to any entity who “assists in intercepting or receiving a communication.” As such, when the call center forwards the call recordings to its customer, the customer has “intercepted” and “received” the conversation for which they were not a party.

Further, the term “eavesdropper” in section 632 includes any additional individual not part of the call, including a supervisor reviewing their subordinate’s calls within the same company. (Kight v. CashCall, Inc. (2011) 200 Cal.App.4th 1377, 1395 [holding a defendant “can be liable for directing its supervisory employees to monitor confidential communications between employees and consumers without properly notifying the customer about the monitoring”].) This means companies must be cautious about who accesses these recordings other than the client service representatives themselves.

”Hey, Alexa!” Emerging technology breathes life into CIPA

Modern technology further demonstrates the breadth of CIPA. For example, plaintiffs have alleged common household devices and applications such as Alexa, Siri, and Google Home violate CIPA because they record all communications once activated, even communications of family members and guests who enter the home. Courts have not yet substantively ruled on these allegations, but the elements seem to exist.

Purchase of these devices is also often accompanied by an arbitration agreement, tempting defendants to compel CIPA claims to arbitration. However, family members and guests did not sign arbitration agreements before their conversations were recorded, nor could they. Further still, the CIPA is codified under California’s Penal Code and is criminal in nature, thereby rendering arbitration improper. “A contract that allowed Amazon to compel every possible claim, even criminal acts or those completely unrelated to the contract, into arbitration would be unconscionable as a matter of law.” (Tice v. Amazon.com, Inc. (C.D. Cal., Mar. 25, 2020, No. 5:19-CV-1311-SVW-KK) 2020 WL 1625782, at *4.)

Additional CIPA claims like these will likely be attached to California’s new Consumer Privacy Act, which went into effect January 1, 2020.

Class-certification considerations

As always, defendants will oppose certification, arguing individualized issues predominate. Each cause of action will have a different inquiry to determine whether that is true. Under section 632, the court must determine whether the confidentiality requirement defeats predominance. That is, were some calls confidential whereas others were not? This issue can be addressed by looking at the type of calls being recorded.

Under the CIPA, “confidential” is defined closely with California’s expectation of privacy provisions. Specifically, it includes “any communication carried on in circumstances as may reasonably indicate that any party to the communication desires it to be confined to the parties thereto.” Many entities deal with this kind of sensitive information as a matter of course. For example, if the calls came from a hospital, medical facility, financial institution, or other entity dealing with private and sensitive information, there’s a strong likelihood all of the underlying calls are confidential.

Defendants also often argue the consent element will defeat predominance, or otherwise create too many individualized inquiries for certification. This issue often arises when the offending party discloses the recording of inbound calls but fails to affirmatively disclose subsequent recording of outbound calls. Courts differ on whether this constitutes consent. Some suggest a single disclosure during any phone call is enough to put class members on notice that subsequent calls are also being recorded. (Torres v. Nutrisystem, Inc., 289 F.R.D. 587, 594 (C.D. Cal. 2013).) Other courts find this unrealistic and out of line with the statute’s explicit requirement to obtain consent. (Kearney v. Salomon Smith Barney, Inc. (2006) 39 Cal.4th 95, 118 [“California customers are accustomed to being informed at the outset of a telephone whenever a business entity intends to record the call, it appears equally plausible that, in the absence of such an advisement, a California consumer would anticipate that such a call is not being recorded”]; see also Kight, supra, 200 Cal.App.4th at 1399 [“[Defendant’s] recorded call monitoring disclosure stated: ‘This call may be monitored or recorded for quality control purposes,’ which would not necessarily inform a [customer] that this call and all future calls with [Defendant] may be monitored and recorded.”].)

Ultimately, the majority of courts find that “foreseeability of monitoring is insufficient to infer consent,” and that a defendant will need to produce solid evidence demonstrating affirmative consent to defeat class certification. (Ades, supra, 2014 WL 4627271, at *12.)

Conversely, section 632.7 has no confidentiality requirement, effectively removing one of the largest predominance hurdles. Instead, it requires the use of at least one cellular phone. Some defendants have successfully argued this makes class certification impossible because you can’t determine whether the call was to a landline or a cellular phone, thereby rendering the class unascertainable. But this is actually very simple – there are programs online such as TextMagic, Phone Validator, and Validito that allow you to input a number to determine whether it is a landline or a cellular phone. You can either do this individually, or submit a batch of phone numbers for validation. Regardless of the method, federal courts have found section 632.7’s criteria objective enough to satisfy ascertainability. (Ades, supra, 2014 WL 4627271, at *7 [“Potential class members can show that they fit the class definition through records identify by plaintiffs showing that the putative class members’ qualifying cellular telephones were used to call one of the specified Omni lines from California during the Class Period.”] Without a doubt, section 632.7 is often preferred by plaintiffs’ lawyers due to the relative ease of obtaining certification.

Finally, class member contact information and testimony may be necessary at the class-certification stage. If class members have suffered actual injury, their testimony may be useful to demonstrate the existence of a class-wide type of injury. Similarly, if the parties dispute the existence of an affirmative disclosure, declarations might help determine whether they were ever told their calls would be recorded. Ultimately, defendant’s disclosure policies and practices along with exemplar calls will likely be the most valuable evidence at the certification stage.

Calculating damages for trial or mediation

Determining damages for trial or mediation is relatively straightforward. Everyone has phone records these days, and almost all major phone systems can create a call log with the click of a button. You can sort these by inbound or outbound calls to within the class period to essentially identify a class list.

Obtaining this list in discovery should not be difficult. Depending on the types of calls and the sensitivity of the data being exchanged, a protective order or formal opt-out notice may be required.

Utilizing this list, the damages can be staggering. If the fact-finder determines the calls were made in violation of the CIPA, all it has to do is multiply the list of calls by $5,000.00 per call. Similarly, if the parties proceed to mediation, they can exchange this list informally to calculate a range of exposure.

What about the UCL?

The statute of limitations under CIPA is short – just one year. It starts ticking when the plaintiff knew or should have known the defendant was recording his or her calls. This undoubtedly draws attention to the potential of the UCL.

California’s Unfair Competition Laws are a staple for plaintiffs seeking restitution or injunctive relief. By effectively borrowing the language from other statutes, the UCL can vastly expand the statutory period for the majority of most claims. Although CIPA suits almost exclusively focus on the statutory penalties (which are not recoverable under the UCL), the CIPA allows for the recovery of up to three times the “actual damages” suffered by each class member. This means CIPA practitioners should give the UCL some special consideration if the specific conduct and type of recordings would give rise to such damages. For example, if recorded calls are also unlawfully distributed to a third party, class members are often required to purchase additional security measures, such as credit-monitoring services or creditor-monitoring reports. As such, it is a good practice to thoroughly flush out any additional expenses your client or the other class members might have incurred. This inquiry may also reveal other data breaches or potential Telephone Consumer Protection Act violations.

Ryan Crist Ryan Crist

Ryan Crist represents employees and consumers as a part of The Parris Law Firm’s complex litigation team in Lancaster, California. Since starting with Parris in 2011, Ryan has worked antitrust cases, copyright and trademark infringement cases, and cases involving catastrophic personal-injury claims. Ryan obtained his law degree from Pepperdine University School of Law, where he was an Associate Editor of the Pepperdine Law Review.

Copyright © 2024 by the author.
For reprint permission, contact the publisher: Advocate Magazine