Violations of California’s Invasion of Privacy Act Satisfy Spokeo

Judge Jeffrey T. Miller of the Southern DIstrict of California became the latest to hold that violations of CIPA give rise to concrete harms under the SCOTUS’s Spokeo decision.  The case is Romero v. Securus Techs., Inc., No. 16-cv-1283, 2016 WL 6157953, at *4 (S.D. Cal. Oct. 24, 2016).

CIPA prohibits unauthorized interceptions of communications in order to protect the right of privacy.  Plaintiffs in Romero allege that when they were inmates in California correctional facilities they used the defendant’s telephone system, and that the defendant recorded a number of calls between plaintiffs and their attorneys.

Defendants sought dismissal under Spokeo, arguing plaintiffs had only alleged procedural violations of CIPA, not enough to constitute concrete harm.  Judge Miller disagreed, relying heavily on a recent decision from Judge Koh in California’s Northern District:

A violation of CIPA involves much greater concrete and particularized harm than a technical violation of the Fair Credit Reporting Act (“FRCA”), the statute at issue in Spokeo. While “[a] violation of one of the FCRA’s procedural requirements may result in no harm,” such as reporting of “an incorrect zip code,” Spokeo, 136 S. Ct. at 1549, a violation of CIPA is a violation of privacy rights.

Judge Koh of the Northern District of California recently engaged in a lengthy and thoughtful analysis of whether CIPA violations, without more, constitute injury in fact. … Based on her analysis, Judge Koh concluded “that the judgment of…the California Legislature indicate[s] that the alleged violations of Plaintiff’s statutory rights under…CIPA constitute concrete injury in fact. This conclusion is supported by the historical practice of courts recognizing that the unauthorized interception of
communication constitutes cognizable injury.” 

The court agrees with Judge Koh’s well-reasoned order. Rather than being a “bare procedural violation,” a CIPA violation is “the violation of a procedural right granted by statute…sufficient…to constitute injury in fact.See Spokeo, 136 S. Ct. at 1549. The California Court of Appeal appears to agree, stating that section 637.2 of CIPA “is fairly read as establishing that no violation of the Privacy Act is to go unpunished. Any invasion of privacy involves an affront to human dignity which the Legislature could conclude is worth at least $[5,000]. The right to recover this statutory minimum accrued at the moment the Privacy Act was violated.” Friddle v. Epstein, 16 Cal. App. 4th 1649, 1660–61 (1993), opinion modified on denial of reh’g (July 7, 1993).

Romero, 2016 WL 6157953, at *5 (citations omitted, emphasis added).