Skip to main content

California Invasion of Privacy Act


If your private conversations were illegally recorded, you can sue under CIPA.

Nationwide Success

Investigating Consumer Wiretapping Offenses and CIPA Violations

Justice badge

Today, our privacy is more vulnerable than ever. With countless apps, websites, and digital tools constantly tracking and recording our every move, it’s easy for our personal information to be invaded without us even knowing. 

The relentless advancement of technology has created new opportunities for privacy breaches, making it crucial to take action if your privacy is compromised. Even with privacy laws like the California Invasion of Privacy Act, your personal information could still be at risk.

We’re currently investigating new privacy cases for Californians and people across the country. With increasing reports of websites misusing tools to secretly record user activities, it’s important to protect your rights.

The Lyon Firm has nearly two decades of experience holding those accountable who breach your privacy, whether it’s through wiretapping, unauthorized spying, or other privacy violations. Contact us online or call (513) 381-2333 if someone has illegally recorded you.

Has someone secretly recorded you without your consent? These actions are not just privacy violations—they’re a deep betrayal of your personal security. 

At The Lyon Firm, we understand the gravity of these invasions and are dedicated to helping you reclaim your privacy.

What Is Consumer Wiretapping?

For many years, American businesses have regularly monitored and recorded phone calls with customers to ensure order accuracy or to review employee performance. This is legal as long as the consumer is notified that the interaction is being recorded.

The same largely applies to online browsing. Websites must tell consumers if they are monitoring online activities, or recording and storing your “live chat” interactions.

Wiretapping involves using technology to secretly record private conversations, which is a serious breach of privacy.

CIPA Litigation Outlaws Wiretapping

California Privacy Law forbids anyone from illegally wiretapping a conversation without a court order. While the law specifically addresses the tapping of phones, consumer privacy lawyers have begun to cite the same statute in online privacy cases.

California Penal Code 631 lists the following as potential CIPA violations:

  • Using any machine, instrument, or contrivance to intentionally tap or make any unauthorized connection to a telephone conversation.
  • Trying to read any communication without the consent of all the parties participating in the conversation.
  • Using any information obtained through a wiretapped conversation.
  • Conspiring with another person to commit a wiretapping offense.

CONTACT THE LYON FIRM TODAY

Please complete the form below for a FREE consultation.

  • This field is for validation purposes and should be left unchanged.

ABOUT THE LYON FIRM

Joseph Lyon has 17 years of experience representing individuals in complex litigation matters. He has represented individuals in every state against many of the largest companies in the world.

The Firm focuses on single-event civil cases and class actions involving corporate neglect & fraud, toxic exposure, product defects & recalls, medical malpractice, and invasion of privacy.

NO COST UNLESS WE WIN

The Firm offers contingency fees, advancing all costs of the litigation, and accepting the full financial risk, allowing our clients full access to the legal system while reducing the financial stress while they focus on their healthcare and financial needs.

“Joe Lyon is a true professional in every essence of the word. He has been a pleasure to work with and know. I highly recommend The Lyon Firm!”

  • Client, Kaylie Thomas

What Is a Two-Party Consent State?

In a two-party consent state, both people in a conversation must agree to be recorded. For example, if you’re talking on the phone, both you and the person you’re speaking with need to know and agree that the call is being recorded.

California and Florida are examples of two-party consent states. This means that if you’re in one of these states, you must get permission from everyone involved before recording a conversation.

If just one party does not provide consent, then recording the conversation constitutes a violation of the CIPA and can result in legal action.

On the other hand, states like Texas and New York only require one person’s consent to record, meaning you can record a conversation if you’re part of it, even if the other person doesn’t know.

What If Someone Called Me From a Different State?

It is also important to note that out-of-state businesses still have to respect and comply with CIPA California. 

Even if the website or individual you interact with is located elsewhere, consumers can still file a lawsuit under the California Invasion of Privacy Act if they were in the state at the time of any CIPA violation.

Your privacy matters more than you might realize. Protecting your privacy ensures that your personal information stays in your hands and that you’re not at risk of being exploited or manipulated.


It’s time to defend your right to privacy. Contact The Lyon Firm online or call (513) 381-2333 to take action today.

Understanding The California Invasion of Privacy Act (CIPA)

The CIPA is the California statute that makes it illegal for businesses to wiretap consumer communications or record individual interactions without their permission. 

Under CIPA, it is illegal for companies to wiretap or record conversations unless all participants have clearly consented to the recording. This applies to telephone conversations and any online communications.

If a business violates CIPA, it could face both criminal charges and civil penalties. Consumers who have been wiretapped or recorded without prior consent have already used this law to file invasion of privacy lawsuits against businesses that did not adhere to CIPA. 

California has worked to strengthen consumer protection laws in recent years, including passing: 

What Are Some Potential CIPA Violations?

A website’s use of session replay, keystroke logging, or third-party chatbot technology without consent can constitute an unlawful wiretap or eavesdropping offense under CIPA. 

In the age of data collection, with data brokers buying and selling huge amounts of personal information, it has been beneficial and extremely profitable for websites to keep records of online interactions and communications with customers.

However, as defined by California’s wiretap law, this could be problematic. If a company uses session replay software or other tracking tools to capture visitor behavior, it may be an unlawful intercept of the communication.

Many website operators have installed session replay and “live chat” applications onto their sites where third-party vendors have real-time access to the chat communications. 

Session replay software allows websites to watch how a user interacts with the website. Because a machine is used to intercept and record communications, this is possibly a violation of the CIPA. This may only be lawful if such web operators properly inform the browser and get their consent. 

“Wiretapping and other CIPA violations aren’t just minor offenses—they’re serious attacks on your fundamental right to privacy. Your permission to be recorded is crucial and should never be taken for granted. When you take a stand, you’re protecting your personal freedoms.”

Joe Lyon profile photoJoe Lyon,
Founding Partner of The Lyon Firm

What Happens If Someone Violates CIPA California?

California takes people or businesses breaking this privacy law very seriously. The consequences for violating CIPA can be quite severe and vary based on whether the offense is charged as a misdemeanor or a felony.

For a misdemeanor charge, the penalties can include:

  • Up to a year in county jail. 
  • Fines up to $2,500 for each violation.

If the offense is treated as a felony, the jail time can range from:

  • 16 months to 3 years.
  • If there’s a prior conviction for wiretapping, fines can increase to as much as $10,000 per violation.

How Much Can an Invasion of Privacy Attorney in California Help Me Recover?

Beyond criminal charges, there’s also the possibility of civil liability. Victims of illegal recordings can file lawsuits seeking statutory damages. 

These damages can be:

  • $5,000 for each recorded call, or
  • Three times the actual damages suffered—whichever amount is greater.

Individuals suffer a great deal of emotional distress in times of private uncertainty. CIPA lawsuits can recover compensation for the following:

  • Emotional Pain: Money for the hurt and stress caused by the violation.
  • Return of Illegal Profits: Any money that was wrongfully made will be taken back.
  • Punitive Damages: Extra money to punish the wrongdoer and stop them from doing it again.

As technology is embedded into almost every aspect of our daily lives, we are seeing our privacy vanish. Instances of invasions of privacy are reported in many corporate and private affairs. The loss of private data can lead to identity theft and fraud, and require legal action.

CIPA Statute of Limitations

A statute of limitations refers to the period of time a plaintiff has to file a lawsuit before legal action is no longer possible. These time periods differ based on practice area, location, and circumstance.

Plaintiffs generally have one year from the date of the act under the CIPA statute of limitations to contact an attorney and file a claim. If you miss that deadline, you could lose out on your chance at compensation and justice.

Do I Need to Hire an Attorney?

Even though the law is designed to protect your privacy, invasion of privacy laws in California can be tricky. You need a skilled legal team to build a strong case. Our attorneys have experience in consumer privacy law and are committed to fighting for the rights of Americans nationwide.

Each illegally recorded conversation could lead to a $5,000 fine, meaning these cases can result in significant settlements. However, it’s not as simple as just saying your privacy was violated. 

You need to be able to clearly and strongly present your case, which is where an attorney steps in. A lawyer can: 

  • Gather Evidence: Collect and organize all proof of the illegal recording, including call logs, emails, or screenshots.
  • Document the Violation: Create a detailed account of how and when the privacy breach occurred.
  • Show Intent and Impact: Show how the recording was made without consent and the harm it caused you.
  • Handle All Legal Procedures: Handle all the legal paperwork and deadlines to ensure your case is filed correctly and on time.
  • Negotiate Settlements: Work with the opposing party to negotiate a fair settlement or represent you in court if needed.

What Working With an Attorney Does for Your Case

If your privacy has been violated, hiring a data privacy lawyer can make a big difference in the outcome of your case.

Hiring a lawyer can greatly boost your chances of getting a higher settlement for your claim. A 2016 Martindale-Nolo survey examining personal injury claims found that over 90% of people with legal representation received compensation, compared to about 50% of those who handled their own claims. 

Also, on average, people with lawyers got $77,600, while those without only received $17,600.

If you think a company or someone has violated your privacy, contact our lawyers right away. We handle cases in California and across the country, working hard to get you the compensation you deserve and hold wrongdoers accountable. 


Contact us online or call us at (513) 381-2333 for a free, confidential consultation to discuss your options or find out more about current class action lawsuits.

What Are Pen Register Cases?

One of the ways in which websites capture digital fingerprints is by deploying pen registers to trap and trace spyware. Some companies have been able to record location, events, and data tracking on smartphones. The FTC recently ruled that many widely used location data tracking tools used by data brokers constitute an invasion of consumer privacy.

The term “pen register” has long referred to devices that record outgoing phone numbers dialed on a telephone. Trap and trace devices, conversely, record incoming phone numbers. The definition has evolved over time, and now the term “pen register” is often used to refer to certain software or fingerprinting tools used to track users’ online activity.

Pen Register Under CIPA California

In California, it’s illegal to use a pen register—a device that tracks phone numbers or other details of calls—without a court order. CIPA defines a pen register as a tool that records call information, like dialing, addressing, or signaling information, but not the actual conversation content.

The law explains that new technology has made it easy for people to secretly listen in on private conversations. This is a big problem because it threatens our personal freedoms and privacy.

Personal privacy should remain a basic, protected individual right for American consumers. Big Tech and data brokers, however, have continually pushed the limits on what it means to respect consumer privacy and operate within ethical and legal boundaries.

New technologies have made it extremely simple for companies to eavesdrop on private consumer communications. In a rush to collect data, which can be very valuable, some companies have violated federal and state consumer privacy laws.

In recent consumer privacy lawsuits filed in California, plaintiffs allege instances of illegal wiretapping and eavesdropping on their online communications. Complaints have noted that certain websites are recording live chats and using session replay software without consumers’ consent. Privacy lawyers have interpreted such actions as wiretapping offenses.

Cincinnati Asbestos Exposure Attorney

Why Hire The Lyon Firm

The team at The Lyon Firm takes privacy violations seriously and has successfully supported individuals in protecting their personal information for nearly two decades

With a proven track record of representing thousands of people across all fifty states, Joseph Lyon has consistently delivered impressive results

His experience in handling complex litigation has led to securing millions of dollars in compensation for his clients and class members, including $12,500,000 in one data breach class action and $49,840,000 in another, both specifically for medical patients.

If you’ve been a victim of wiretapping or eavesdropping, take advantage of the legal rights in place to protect you. Contact The Lyon Firm online or call (513) 381-2333 to defend your privacy today.

Why Should I File a CIPA Case?

voice icon

Give Yourself a Voice

icon-published

Get Justice

proven results

Gain Recovery

client focused

Generate Awareness

Consumer Wiretapping Cases & CIPA FAQ

Can I File a Consumer Wiretapping Lawsuit?

Courts generally rule favorably on expectations of consumer privacy. Potential plaintiffs can safely ground their invasion of privacy claims by referencing state law, such as CIPA, the Pennsylvania Wiretapping and Electronic Surveillance Act, and the Florida Security of Communications Act.

When websites and companies invade your personal privacy by collecting data without your consent, you may be able to take legal action. You may be eligible to file a CIPA violation claim if you can establish the following:

  • The defendant intentionally used a software or electronic tool (keystroke log or session replay) to record your browsing session or conversation.
  • You had no reason to believe that the conversation would be recorded.
  • You did not consent to having a conversation recorded.
  • You suffered some harm or injury as a result of your privacy being violated.

In some cases, it is obvious when a website is monitoring and recording your call or chat. In other cases, lawyers must investigate illegal wiretapping during the discovery process when a defendant is forced to turn over company records.

What Is Eavesdropping Vs. Wiretapping?

While both are illegal (and often related), the difference between the two is that eavesdropping does not necessarily involve wiretapping. California privacy law defines eavesdropping as the use of a hidden electronic device to listen to a confidential communication. The law is not limited to phone conversations and can include computer communications.

CIPA gives victims of both wiretapping and eavesdropping the ability to bring a civil suit against any individual or entity that illegally recorded the conversation. 

If a third-party tech company provides the chat software, plaintiffs can name them in the complaint for eavesdropping.

What is the Legal Process?

Pre-Suit Investigation and Negotiations: Wiretapping lawsuits are unique and require a thorough investigation before a lawsuit is filed. An initial investigation involves gathering all relevant information. Preservation letters are drafted to notify the defendant of the case. The duty to preserve electronic evidence is critical in most cases to prevent spoliation.

Filing a Privacy Lawsuit in California: If pre-suit negotiations are unsuccessful, then a lawsuit must be filed to preserve the statute of limitations. Filing a lawsuit early in the process is often necessary to begin gathering evidence while the witness’s memories are fresh and documents remain available.

Discovery: Once a privacy suit is filed by your attorney, the court will set a case management schedule, and the parties will begin exchanging information in the formal process of discovery. Depositions will be taken to preserve testimony for trial and to understand what certain witnesses are likely to say at trial.

Proving Negligence, Causation, and Damages: In addition to lay witness testimony and other documentary evidence, data theft, and privacy claims rely upon evidence to prove negligence, causation, and damages.

What is the Federal Wiretap Act?

In 1986, Congress passed the Electronic Communications Privacy Act (ECPA), better known as the Wiretap Act. The statute prohibits the intentional use of wiretaps to intercept or attempt to intercept electronic communications.

The ECPA predates the digital age, but recent invasions of online privacy cases have given rise to new interpretations of how the Electronic Communications Privacy Act applies to modern technology. 

What Are Some Examples of Wiretapping Lawsuits?
  • Google recently settled a $5 billion class action complaint after plaintiffs claimed the company violated federal wiretap law when it collected information about user behavior in Incognito Mode. Consumers believed they were browsing in a “private” browsing mode. The complaint stated that even when users opted for private browsing, Google used tracking tools to track what websites they visited.
  • Several class action complaints have named social media app TikTok as a defendant in wiretapping lawsuits. Plaintiffs claim the TikTok in-app browser illegally tracks users’ clicks and keystrokes in violation of a federal wiretap law.
  • A 2023 class action alleges that Carnival secretly records the electronic communications of consumers who visit the cruise ship company’s website. The plaintiff claims violations of state and federal consumer privacy. Carnival allegedly uses third-party vendors to embed session replay computer code on its website for the purpose of intercepting and recording the actions of consumers. Attorneys say Carnival violated the CIPA and the federal Wiretap Act.