Chat software and privacy laws

Mark Pestronk

Q: We added a chat function to our website so that potential clients could ask about deals we feature on our homepage. One of our advisors is in charge of responding to the questions and comments. A third-party service captures the words and stores them, so we have a record of what attracts potential clients. Soon after we set this up, we received a nasty letter from a law firm threatening to file a class action against us because we are in violation of the California Invasion of Privacy Act. Is this a scam? We aren’t even in California.

A: Eleven states have laws requiring that all parties consent to any recording of a private conversation: California, Delaware, Florida, Illinois, Maryland, Massachusetts, Montana, Nevada, New Hampshire, Pennsylvania and Washington. In California, the law that prohibits recording without all parties’ consent is called the California Invasion of Privacy Act, or CIPA.

CIPA makes it a criminal violation to do several things without the consent of all parties: (1) for a party to a private conversation to intentionally record communications; (2) for a third party to eavesdrop on a conversation without the consent of all parties while the communication is going on; (3) for anyone to use any information obtained from the eavesdropping; and (4) to help a third party to commit eavesdropping.

Intentional violations of CIPA are criminal, and even unintentional violations can make the website owner liable for up to $5,000 per violation. Less than a year ago, a federal court held that online chats could potentially fall under CIPA.  

Since then, plaintiffs’ class-action lawyers have nearly 100 lawsuits against companies that have online features on their websites. The suits allege that the company violated CIPA by recording the chat without the consumer’s consent and utilizing a third-party chat software provider that eavesdropped on the conversation.

While none of these class actions have gone to trial, the fact that some courts have not dismissed them has led many website owners to fear that they may be targeted next. So, the letter you received is not a scam, and you definitely need to do what you can to deter a class-action lawsuit.

For the future, you need to add wording to the start of your chats stating something like this: “The chat will be recorded; remaining on the line implies consent; if you do not consent, simply terminate the chat; we retain a third party to operate this feature, and your information will be shared with the third party.”

If you don’t use a third party but instead operate the chat by yourself and don’t record it, then you can probably ignore this advice, but it may be smarter to avoid getting a threatening letter by at least stating that the session may be recorded.

By the way, CIPA protects California residents regardless of where the recording or eavesdropping takes place. So you could still get sued in California even if you have no presence there. 

Source: Read Full Article