Blog · July 2, 2026 · 24-minute read
California Invasion of Privacy Act CIPA Penal Code § 637.2 attorney fee petition mechanics: DATE OF INTERCEPTED COMMUNICATION as primary Welch anchor (the ONLY primary anchor in the fee-petition-mechanics series in a DEFENDANT'S COVERT DIGITAL INTERCEPTION DATE — defendant's surveillance infrastructure log records the interception at the moment it occurs on defendant's own server calendar entirely outside victim-plaintiff attorney's scheduling control; distinct from every court filing date, every government-authored notice, every healthcare provider certification date, every employer-authored document, every consumer-authored written request, every bilateral contract, and every plaintiff-authored physical site visit log entry in the series), Penal Code § 637.2(a) $5,000 per violation or three times actual damages mandatory statutory damages plus mandatory attorney fees to prevailing plaintiff, § 631(a) website session replay aiding and abetting interception, § 632 confidential communication recording, § 632.7 cellular radio telephone interception, DOJ federal Wiretap Act investigation calendar, FCC TCPA concurrent enforcement calendar, California Privacy Protection Agency CPPA CPRA enforcement calendar, and Ketchum/Dague split between California CIPA § 637.2 Superior Court fee petition and federal Wiretap Act 18 U.S.C. § 2520 federal district court fee petition advisory
California Invasion of Privacy Act practice under Penal Code § 637.2 — spanning the DATE OF INTERCEPTED COMMUNICATION identification at the DEFENDANT'S COVERT DIGITAL INTERCEPTION DATE (the ONLY primary Welch anchor in the fee-petition-mechanics series in a DEFENDANT'S COVERT DIGITAL INTERCEPTION DATE; defendant's surveillance infrastructure — session replay server, call recording system, wire intercept equipment, or third-party analytics pixel — logs the interception at the moment it occurs on the defendant's own server calendar entirely outside the victim-plaintiff attorney's contemporaneous knowledge; plaintiff does not know the interception is occurring at the time it occurs; interception date is discovered only through civil discovery — subpoena to session replay vendor or production of defendant's server logs; each intercepted communication is a separate violation generating a separate $5,000 floor under § 637.2(a); in § 631(a) session replay class actions, the defendant's vendor server logs contain millions of interception timestamps — one per class member per session — all on the vendor's server calendar entirely outside plaintiff attorney scheduling control), the § 631 / § 632 / § 632.7 CIPA statutory coverage analysis and class-member-communications inventory advisory at DATE OF INTERCEPTED COMMUNICATION, the DOJ/FBI federal Wiretap Act investigation calendar (12–36 months on DOJ/FBI's own institutional schedule entirely outside plaintiff attorney scheduling control) and FCC TCPA concurrent enforcement calendar and California Privacy Protection Agency (CPPA) CPRA enforcement calendar advisory, and the § 637.2(a) Christiansburg Garment mandatory prevailing plaintiff attorney fee petition with Ketchum/Dague Hensley segregation — California CIPA § 637.2(a) claims are Ketchum multiplier eligible in California Superior Court (Ketchum v. Moses (2001) 24 Cal.4th 1122; contingency factors at DATE OF INTERCEPTED COMMUNICATION: server log discovery uncertainty, § 631(a) 'aiding and abetting' theory viability uncertainty, class certification uncertainty, all-party consent defense uncertainty, CCP § 340(a) discovery rule tolling uncertainty); concurrent federal Wiretap Act § 2520 claims in federal district court are subject to City of Burlington v. Dague (1992) 505 U.S. 557 no-multiplier rule (Hensley task-level segregation required between California CIPA Superior Court fee petition and federal Wiretap fee petition; CPPA enforcement calendar advisory hours are California CIPA § 637.2(a) exclusive hours with no federal Wiretap counterpart) — concentrating three categories of externally-scheduled advisory work where solo California CIPA privacy attorneys systematically underlog at 55% untracked. PLCM Group Inc. v. Drexler (2000) 22 Cal.4th 1084. Hensley v. Eckerhart (1983) 461 U.S. 424 (lodestar from DATE OF INTERCEPTED COMMUNICATION). Missouri v. Jenkins (1989) 491 U.S. 274 (fees-on-fees). Total: 16.68 untracked hours = $5,005–$8,342/year at $300–$500/hr.
TL;DR
- Failure mode 1 — § 631 / § 632 / § 632.7 CIPA statutory coverage analysis and class-member-communications inventory advisory at the DATE OF INTERCEPTED COMMUNICATION: 5.39 untracked hours = $1,617–$2,695/year (7 active California CIPA clients with § 631(a) wire/line interception and aiding-and-abetting session replay coverage analysis advisory, § 632 confidential communication recording all-party consent analysis advisory, § 632.7 cellular/cordless radio telephone interception coverage advisory, class-member-communications inventory and class period interception date mapping advisory, CCP § 340(a) 1-year statute of limitations and discovery rule tolling analysis advisory, and session replay vendor server log subpoena strategy and evidence preservation advisory needs × 2 advisory calls × 42 min average × 55% untracked at $300–$500/hr). Billing gap driven by the DATE OF INTERCEPTED COMMUNICATION (the ONLY primary Welch anchor in the fee-petition-mechanics series in a DEFENDANT'S COVERT DIGITAL INTERCEPTION DATE — defendant's surveillance infrastructure logs the interception at the moment it occurs entirely outside the victim-plaintiff attorney's contemporaneous knowledge; not a California Superior Court complaint filing date; not a California or federal administrative agency complaint number; not a government-authored notice or order; not a healthcare provider certification date; not an employer-authored payroll document; not a consumer-authored written communication to the defendant; not a bilateral private contract; not a bilateral conduct date; not a plaintiff's own documented physical site visit date — the defendant's own digital surveillance system's server log entry recording each interception, embedded on the defendant's servers [or defendant's session replay vendor's servers] at the moment of interception, discovered only through civil discovery). Advisory calls at the DATE OF INTERCEPTED COMMUNICATION: (a) § 631 / § 632 / § 632.7 coverage analysis advisory — arrives when the client presents the CIPA matter for initial case evaluation; covers: determining which CIPA provision applies to the specific type of interception (§ 631(a) for wire/line communications including website session replay via third-party vendor script; § 632 for recording of confidential communications including phone calls in a setting where the parties have a reasonable expectation of privacy; § 632.7 for cellular radio telephone and cordless phone call recordings); analyzing whether the defendant's conduct satisfied the 'intentional' element of each provision (each requires willful, not negligent, interception); advising on California's all-party consent standard (California is a two-party/all-party consent state — unlike the federal Wiretap Act's one-party consent exception under 18 U.S.C. § 2511(2)(d)); (b) class-member-communications inventory and class period interception date mapping advisory — covers: identifying the class of persons whose communications were intercepted; mapping which dates on the defendant's server logs correspond to communications intercepted within the CCP § 340(a) 1-year limitations period; advising on the discovery rule tolling analysis to establish when the plaintiff first discovered (or should have discovered) that their communications were being intercepted by the defendant's session replay or recording system; identifying the earliest interception date within the class to establish the class period beginning and the Hensley lodestar start date under Hensley v. Eckerhart (1983) 461 U.S. 424. At 55% untracked: 7 clients × 2 calls × 42 min × 55% = 5.39 hrs = $1,617–$2,695/year at $300–$500/hr.
- Failure mode 2 — DOJ/FBI federal Wiretap Act investigation calendar, FCC TCPA concurrent enforcement calendar, and California Privacy Protection Agency (CPPA) CPRA enforcement calendar advisory call cycle: 7.26 untracked hours = $2,178–$3,630/year (6 active California CIPA clients with DOJ/FBI federal Wiretap Act investigation status advisory, DOJ § 2521 civil injunction proceeding calendar advisory, FCC TCPA enforcement calendar and STIR/SHAKEN rulemaking advisory for CIPA/TCPA hybrid call recording cases, CPPA CPRA enforcement calendar and CPPA cybersecurity audit regulation advisory, CPPA automated decision technology (ADT) rulemaking advisory for session replay analytics cases, and CPPA data broker registration calendar advisory for session replay vendors needs × 3 advisory calls × 44 min average × 55% untracked). Billing gap driven by three concurrent externally-controlled enforcement calendars, each operating on its own institutional schedule entirely outside the private plaintiff attorney's control: the DOJ/FBI federal Wiretap Act investigation calendar (DOJ/FBI investigates § 2511 criminal wiretapping violations and pursues § 2521 civil injunctions on DOJ/FBI's own institutional schedule — 12–36 months from triggering event entirely outside plaintiff attorney's scheduling control); the FCC TCPA concurrent enforcement calendar (FCC issues forfeiture orders against high-volume callers and revises TCPA consent rules on FCC's own administrative and enforcement calendar — directly relevant when the same call recording that violates CIPA § 632 also violates TCPA § 227(b)); and the CPPA CPRA enforcement calendar (the California Privacy Protection Agency's own rulemaking and enforcement calendar for cybersecurity audit regulations, ADT regulations, and enforcement actions against third-party session replay vendors). At 55% untracked: 6 clients × 3 calls × 44 min × 55% = 7.26 hrs = $2,178–$3,630/year at $300–$500/hr.
- Failure mode 3 — § 637.2(a) mandatory attorney fee petition and Ketchum/Dague Hensley segregation between California CIPA § 637.2 Superior Court claims and concurrent federal Wiretap Act § 2520 federal district court claims advisory call cycle on the post-judgment calendar: 4.03 untracked hours = $1,210–$2,017/year (5 active § 637.2(a) / federal Wiretap Act § 2520 mandatory fee petition clients requiring interception-date-to-judgment Hensley lodestar assembly, § 637.2(a) Ketchum positive multiplier documentation for the California CIPA Superior Court fee petition anchored to server log discovery uncertainty, § 631(a) theory viability uncertainty, class certification uncertainty, all-party consent defense uncertainty, and CCP § 340(a) discovery rule tolling uncertainty at the DATE OF INTERCEPTED COMMUNICATION, City of Burlington v. Dague no-multiplier analysis for the concurrent federal Wiretap Act § 2520 fee petition, Hensley task-level segregation between California CIPA § 637.2(a) fee petition and federal Wiretap § 2520 fee petition, CPPA enforcement calendar advisory hours allocation exclusively to California CIPA § 637.2(a) fee petition track [no federal Wiretap counterpart], and Missouri v. Jenkins fees-on-fees advisory × 2 advisory calls × 44 min average × 55% untracked). Billing gap driven by the Ketchum/Dague split — the California § 637.2(a) mandatory attorney fee petition in California Superior Court is Ketchum multiplier eligible based on contingency factors at the DATE OF INTERCEPTED COMMUNICATION; the concurrent federal Wiretap Act § 2520 attorney fee petition in federal district court is Dague no-multiplier — Hensley task-level segregation required between the two fee petition tracks from the DATE OF INTERCEPTED COMMUNICATION through judgment in each forum. At 55% untracked: 5 clients × 2 calls × 44 min × 55% = 4.03 hrs = $1,210–$2,017/year at $300–$500/hr.
Total: 16.68 untracked hours = $5,005–$8,342/year. The unique distinguishers in California CIPA § 637.2 practice: (1) the DATE OF INTERCEPTED COMMUNICATION is the ONLY primary Welch anchor in the fee-petition-mechanics series in a DEFENDANT'S COVERT DIGITAL INTERCEPTION DATE — the anchor is embedded in the defendant's own surveillance infrastructure server log at the moment of interception, not known to the plaintiff at the time it occurred, and discovered only through civil discovery; each intercepted communication is a separate § 637.2(a) violation generating a separate $5,000/violation floor; in § 631(a) session replay class actions, millions of class member session timestamps on the vendor's server calendar generate compounded damages; (2) three concurrent externally-controlled enforcement calendars — DOJ/FBI federal Wiretap Act investigation calendar, FCC TCPA enforcement calendar (for CIPA/TCPA hybrid call recording cases), and CPPA CPRA enforcement calendar (for § 631(a) session replay cases) — each operating on independent institutional schedules outside plaintiff attorney control; (3) California all-party consent standard under § 632 is categorically stricter than federal Wiretap Act one-party consent exception under § 2511(2)(d) — generating California CIPA exclusive hours in the Hensley segregation analysis; (4) Ketchum/Dague split — California CIPA § 637.2(a) is Ketchum multiplier eligible in California Superior Court; concurrent federal Wiretap Act § 2520 is Dague no-multiplier in federal district court — CPPA enforcement calendar advisory hours are California CIPA exclusive (no federal Wiretap counterpart) — requiring Hensley task-level segregation from the DATE OF INTERCEPTED COMMUNICATION through judgment; (5) plaintiff-only fee risk: § 637.2(a) mandatory attorney fees run only to prevailing plaintiffs — the defendant who prevails does not recover attorney fees as a matter of course; the Christiansburg Garment standard (frivolous, unreasonable, or without foundation) governs prevailing defendant fee recovery.
The § 631 / § 632 / § 632.7 CIPA statutory coverage analysis and class-member-communications inventory advisory call cycle at the DATE OF INTERCEPTED COMMUNICATION: 5.39 untracked hours = $1,617–$2,695/year
The DATE OF INTERCEPTED COMMUNICATION — the date on which the defendant's surveillance infrastructure (session replay server, call center recording system, wire intercept equipment, or third-party analytics pixel embedded in a website) recorded the plaintiff's communication in violation of California Penal Code §§ 631, 632, or 632.7 — is the primary Welch temporal anchor for California Invasion of Privacy Act attorney fee billing documentation. California CIPA practice is the ONLY practice area in the fee-petition-mechanics series where the primary Welch anchor is a DEFENDANT'S COVERT DIGITAL INTERCEPTION DATE — a date that does not exist in any court record, government record, employer record, healthcare provider record, or any document the plaintiff authored, received, or signed; a date that was not known to the plaintiff at the time it occurred; a date that exists exclusively in the defendant's (or defendant's vendor's) server infrastructure and is discovered only through civil discovery compulsion.
California Penal Code § 637.2(a) provides the civil cause of action: "Any person who has been injured by a violation of this chapter may bring an action against the person who committed the violation for the greater of the following amounts: (1) Five thousand dollars ($5,000). (2) Three times the amount of actual damages, if any, sustained by the plaintiff." Section 637.2(a) further provides that the court may award "reasonable attorney's fees" to the prevailing plaintiff. "This chapter" in § 637.2(a) refers to Chapter 1.5 of Title 15 of Part 1 of the Penal Code — Invasion of Privacy (§§ 630–637.9) — which includes the three primary civil CIPA provisions: § 631 (wire/line communication interception), § 632 (confidential communication recording), and § 632.7 (cellular radio telephone interception). Each provision generates a separate violation category at the DATE OF INTERCEPTED COMMUNICATION, with distinct elements, defenses, and Hensley segregation implications.
Penal Code § 631(a) — wire/line interception and § 631(a) aiding and abetting: Section 631(a) imposes liability on any person who "by means of any machine, instrument, or contrivance, or in any other manner, intentionally taps, or makes any unauthorized connection, whether physically, electrically, acoustically, inductively, or otherwise, with any telegraph, telephone wire, line, cable, or instrument, including the wire, line, cable, or instrument of any internal telephone communication system." Section 631(a) also independently covers any person who "reads, or attempts to read, or to learn the contents or meaning of any message, report, or communication while the same is in transit or passing over any wire, line, or cable, or is being sent from, or received at any place within this state." The fourth subpart — which has become the dominant California CIPA theory in 2026 — imposes liability on any person who "aids, agrees with, employs, or conspires with any person or persons to unlawfully do, or permit, or cause to be done any of the acts or things mentioned above in this section." This fourth subpart is the statutory foundation for the § 631(a) session replay class action: a website operator (defendant) who embeds a third-party session replay vendor's JavaScript pixel (FullStory, Hotjar, Heap, Microsoft Clarity, SessionCam, or similar) in the defendant's website is alleged to have "aided" or "employed" the session replay vendor to intercept each website visitor's browser interactions — keystrokes, mouse movements, clicks, text entered in web form fields (including text typed and then deleted before submission), scroll patterns, and navigation behavior — in real time as the visitor interacts with the defendant's website.
The DATE OF INTERCEPTED COMMUNICATION in a § 631(a) session replay case is the timestamp of each website visitor's session as recorded by the session replay vendor's server at the moment the session occurred. The vendor's server log records: (a) the timestamp of session initiation (when the visitor first loaded the defendant's webpage); (b) the timestamp of each interaction event within the session (each keystroke, click, or scroll event captured in real time); (c) the IP address of the visitor's browser (from which geolocation may establish California residence for jurisdictional purposes); and (d) the session identifier linking the visitor's browser interactions to a specific session log record in the vendor's database. These timestamps — embedded in the vendor's server infrastructure at the moment of each session — are the DATE OF INTERCEPTED COMMUNICATION for each class member's § 637.2(a) $5,000/violation claim. They are discovered through civil discovery: subpoena to the session replay vendor seeking production of all session records for the defendant's website within the class period (typically the 1-year limitations period under CCP § 340(a) working backward from the complaint date, subject to discovery rule tolling).
Penal Code § 632 — confidential communication recording: Section 632(a) provides that "A person who, without the consent of all parties to a confidential communication, uses an electronic amplifying or recording device to eavesdrop upon or record the confidential communication, whether the communication is carried on among the parties in the presence of one another or by means of a telegraph, telephone, or other device, except a radio, shall be punished." The key elements are: (a) a "confidential communication" — defined in § 632(c) as any communication carried on in circumstances that may reasonably indicate that any party desires it to be confined to the parties thereto, but excluding a communication made in a public gathering or in any legislative, judicial, executive, or administrative proceeding open to the public; (b) recording "without the consent of all parties" — California's all-party consent requirement means that even one party's failure to consent is a violation; (c) use of an "electronic amplifying or recording device" — which courts have interpreted broadly to include software call recording systems. The DATE OF INTERCEPTED COMMUNICATION in a § 632 business call recording case is the timestamp of each phone call on the defendant's call recording system's server log — recorded at the moment the recording was initiated by the defendant's call center system, on the call recording system's own server clock, entirely outside the plaintiff's knowledge at the time the call was being recorded.
Penal Code § 632.7 — cellular radio telephone interception: Section 632.7(a) provides that "Every person who, without the consent of all parties to a communication, intercepts or receives and intentionally records, or assists in the interception or receipt and intentional recordation of, a communication transmitted between two cellular radio telephones, a cellular radio telephone and a landline telephone, two cordless telephones, a cordless telephone and a landline telephone, or a cordless telephone and a cellular radio telephone, shall be punished." Section 632.7 extends § 632's all-party consent requirement to cell phone and cordless phone calls specifically, including in circumstances where the parties may not have a reasonable expectation of confidentiality (the § 632(c) "confidential communication" requirement does not apply to § 632.7). The DATE OF INTERCEPTED COMMUNICATION in a § 632.7 case is the timestamp of each cell phone call recording on the defendant's call recording system — recorded at the moment the recording was initiated.
The advisory call cycle at the DATE OF INTERCEPTED COMMUNICATION covers two distinct categories. First: § 631 / § 632 / § 632.7 statutory coverage analysis — arrives when the client presents the CIPA matter for initial case evaluation; covers determining which provision(s) apply, whether the "intentional" element is satisfied (none of the three provisions covers negligent or inadvertent interception; the defendant must have intentionally operated the recording or interception system), and whether the defendant's disclosure practices (website privacy policy, call recording notice, opt-in or opt-out consent mechanisms) might support a consent defense under each provision's different consent standard. Second: class-member-communications inventory and interception date mapping — covers identifying the class period (earliest interception date within the CCP § 340(a) limitations period, applying discovery rule tolling); estimating class size from available data (defendant's website traffic logs, call center volume records, or vendor's own aggregated session count reports); and developing the subpoena strategy for obtaining the complete inventory of class member interception timestamps from the session replay vendor or call recording vendor.
The Welch temporal anchor for all § 631 / § 632 / § 632.7 advisory calls is the DATE OF INTERCEPTED COMMUNICATION — the earliest interception timestamp in the defendant's server log within the class period, from which the § 637.2(a) $5,000/violation damages calculation begins, from which the CCP § 340(a) limitations period runs (subject to discovery rule tolling), from which the Hensley lodestar begins under Hensley v. Eckerhart (1983) 461 U.S. 424, and from which the Ketchum contingency factors are assessed at the time the plaintiff's attorney undertook the representation. A § 637.2(a) fee petition that begins the lodestar at the complaint filing date (rather than the DATE OF INTERCEPTED COMMUNICATION) misses the pre-filing coverage analysis, class-member-communications inventory, vendor subpoena strategy, and discovery rule tolling analysis hours that are causally connected to the § 637.2(a) mandatory fee claim from the DATE OF INTERCEPTED COMMUNICATION under Hensley. Arithmetic: 7 clients × 2 calls × 42 min × 55% = 5.39 hrs = $1,617–$2,695/year at $300–$500/hr.
The DOJ/FBI federal Wiretap Act investigation calendar, FCC TCPA concurrent enforcement calendar, and California Privacy Protection Agency (CPPA) CPRA enforcement calendar advisory call cycle: 7.26 untracked hours = $2,178–$3,630/year
California CIPA § 637.2 practice generates three concurrent externally-controlled enforcement calendars that operate independently of each other and of the private civil action timeline — the federal Department of Justice and FBI federal Wiretap Act investigation calendar (DOJ/FBI's own institutional schedule for investigating § 2511 criminal wiretapping violations and pursuing § 2521 civil injunctions entirely outside the private plaintiff attorney's scheduling control), the FCC TCPA concurrent enforcement calendar (FCC's own administrative and enforcement calendar for TCPA consent rule rulemakings and enforcement sweeps — directly relevant when the same call recording underlying the CIPA § 632/632.7 civil action also involves TCPA § 227(b) autodialer or prerecorded voice violations), and the California Privacy Protection Agency (CPPA) CPRA enforcement calendar (CPPA's own independent regulatory and enforcement calendar for cybersecurity audit regulations, automated decision technology regulations, and enforcement actions against session replay vendors — directly relevant when the CIPA § 631(a) session replay civil action involves third-party analytics vendors subject to CPRA). Ketchum v. Moses (2001) 24 Cal.4th 1122. PLCM Group Inc. v. Drexler (2000) 22 Cal.4th 1084. Hensley v. Eckerhart (1983) 461 U.S. 424. Missouri v. Jenkins (1989) 491 U.S. 274.
DOJ/FBI federal Wiretap Act investigation calendar. 18 U.S.C. § 2511(1)(a) criminalizes any person who "intentionally intercepts, endeavors to intercept, or procures any other person to intercept or endeavor to intercept, any wire, oral, or electronic communication" — a criminal counterpart to California's § 631(a). The FBI Cyber Division investigates electronic surveillance and wiretapping crimes under its own institutional investigation schedule: receipt of complaint, intake determination, case opening, investigation assignment, subpoena issuance (grand jury subpoenas to session replay vendors or call recording service providers), and prosecutorial referral or declination. This DOJ/FBI investigation timeline — 12–36 months from triggering event — is entirely outside the private plaintiff attorney's scheduling control. 18 U.S.C. § 2521 authorizes DOJ to bring civil proceedings in any district court of the United States to enjoin violations of § 2511: "Whenever it shall appear that any person is engaged in or is about to engage in any act which constitutes or will constitute a felony violation of this chapter, the Attorney General may initiate a civil action in a district court of the United States to enjoin such violation." DOJ's decision to pursue a § 2521 civil injunction — and the timing of that civil action — runs on DOJ's own institutional enforcement priority calendar entirely outside the plaintiff attorney's scheduling control. Advisory calls arrive at three DOJ/FBI calendar decision points: (a) Grand jury subpoena to session replay vendor — when DOJ/FBI opens a grand jury investigation and issues a subpoena to FullStory, Hotjar, or another session replay vendor for the defendant's session logs, the vendor may assert grounds for declining to produce documents in the civil discovery proceeding pending the criminal investigation; advisory calls cover whether to stay civil discovery pending the criminal investigation (on DOJ/FBI's own institutional schedule), how the stay motion timing interacts with the class period preservation obligations, and how DOJ's grand jury subpoena to the vendor corroborates the plaintiff's allegations about the scope of interceptions at the DATE OF INTERCEPTED COMMUNICATION; (b) DOJ § 2521 civil injunction filing — when DOJ files a § 2521 civil action against the same defendant or the defendant's session replay vendor, advisory calls cover whether to coordinate the private CIPA civil action timeline with the DOJ § 2521 proceeding, how DOJ's civil complaint factual allegations (describing the interception practices in detail based on DOJ's own investigation) corroborate the class period interception dates, and whether a DOJ consent decree with the defendant affects the private § 637.2(a) damages claim; (c) FBI Cyber Division search warrant and seizure — when FBI executes a search warrant and seizes the defendant's or vendor's servers (on FBI's own warrant execution schedule), the seizure of server logs preserves evidence of the class member interception timestamps at the DATE OF INTERCEPTED COMMUNICATION, but also creates an advisory call about how to access the seized server logs in the civil proceeding and what the timeline for FBI's evidence analysis (on FBI's own forensic analysis schedule entirely outside plaintiff attorney control) means for the civil case discovery schedule.
FCC TCPA concurrent enforcement calendar. When the same phone call underlying the CIPA § 632/632.7 civil action — a call recorded without all-party consent — was also placed using an automatic telephone dialing system (ATDS) or prerecorded voice message without prior express written consent, in violation of TCPA § 227(b), the FCC's TCPA enforcement calendar generates advisory calls on FCC's own administrative and enforcement schedule entirely outside plaintiff attorney scheduling control. The FCC's STIR/SHAKEN call authentication rulemaking (47 C.F.R. § 64.6300 et seq., the FCC's implementation of the TRACED Act requiring carriers to implement caller ID authentication for originating calls) generates advisory calls on FCC's own rulemaking calendar when STIR/SHAKEN implementation deadlines pass or new enforcement guidance is issued: STIR/SHAKEN authentication records on the FCC's caller ID authentication database may establish whether the call defendant's originating network was the actual source of the recorded call (relevant to establishing the defendant's liability for both the CIPA § 632.7 recording and the TCPA § 227(b) autodialing at the DATE OF INTERCEPTED COMMUNICATION). FCC enforcement sweeps — periodic FCC forfeiture orders under 47 U.S.C. § 503(b) against businesses determined to have violated TCPA — run on FCC's own enforcement priority calendar entirely outside plaintiff attorney scheduling control; when the FCC issues a forfeiture order against the defendant or a related entity arising from the same calling campaign that generated the CIPA/TCPA hybrid violations, the forfeiture order is a public record that corroborates the defendant's calling practices at the DATE OF INTERCEPTED COMMUNICATION. FCC TCPA consent rulemaking advisory: the FCC periodically revises its regulations governing "prior express written consent" under 47 C.F.R. § 64.1200(a) — what website opt-in consent flows or call center consent capture systems satisfy the TCPA written consent requirement; these FCC consent rulemaking decisions run on FCC's own Notice of Proposed Rulemaking and Final Rule publication schedule (Federal Register publication dates entirely outside plaintiff attorney scheduling control) and generate advisory calls when new FCC consent rules take effect that may retroactively affect whether the defendant's consent capture mechanism at the DATE OF INTERCEPTED COMMUNICATION satisfied the then-current TCPA standard.
California Privacy Protection Agency (CPPA) CPRA enforcement calendar. The CPPA, created by CPRA (Proposition 24, approved November 3, 2020, effective January 1, 2023 for enforcement) and codified at Gov. Code §§ 1798.185, 1798.199.10 et seq., is the first independent state consumer privacy regulatory agency in the United States, with its own board of five members appointed by the Governor, the Attorney General, the Senate Rules Committee, and the Speaker of the Assembly. The CPPA has independent authority to: (a) adopt privacy regulations under Civ. Code § 1798.185 through formal rulemaking (not subject to direction by the Governor or AG); (b) investigate potential violations of CPRA/CCPA; (c) issue enforcement orders; and (d) impose administrative fines of up to $2,500 per unintentional violation and $7,500 per intentional violation per consumer. In California CIPA § 631(a) session replay practice, the CPPA enforcement calendar generates advisory calls at three external calendar decision points. First: CPPA enforcement action against the session replay vendor — if the session replay vendor (FullStory, Hotjar, Heap, or Microsoft Clarity) processes California consumer personal information (the intercepted session data) in ways that violate CPRA's service provider restrictions — for example, if the vendor uses the intercepted session data to train machine learning models or to build cross-context behavioral advertising profiles beyond the scope of the defendant's service provider agreement — the CPPA may open an enforcement investigation into the vendor's data practices on its own institutional calendar entirely outside the plaintiff attorney's scheduling control. CPPA enforcement documents (CPPA investigative subpoenas, CPPA preliminary enforcement orders, CPPA settlement agreements) describe the vendor's data practices in detail and arrive on CPPA's own institutional calendar; advisory calls cover how CPPA's enforcement documents corroborate the CIPA § 631(a) plaintiff's allegations about the scope of the session replay vendor's interception activities at the DATE OF INTERCEPTED COMMUNICATION. Second: CPPA cybersecurity audit rulemaking advisory — Civ. Code § 1798.185(a)(15) requires the CPPA to adopt regulations requiring businesses that process personal information in a manner that presents significant risk to consumers' security to perform annual cybersecurity audits and submit audit results to the CPPA. The CPPA's cybersecurity audit rulemaking (which was in proposed rulemaking status as of July 2026) may define specific prohibited high-risk data processing practices including real-time collection of consumer form inputs through session replay software — generating advisory calls when the cybersecurity audit regulations are finalized on CPPA's own rulemaking calendar: if the finalized regulations describe session replay of form inputs (including financial information, health information, or authentication credentials entered in web forms) as a high-risk practice requiring cybersecurity audit, the CPPA's regulatory findings corroborate the CIPA plaintiff's argument that the defendant's use of session replay software was not merely incidental technical operation but an intentional surveillance practice creating significant security risk. Third: CPPA automated decision technology (ADT) rulemaking advisory — Civ. Code § 1798.185(a)(16) requires the CPPA to adopt regulations governing businesses that use automated decision-making technology to make or facilitate decisions with significant effects on consumers in specified categories (access to financial, employment, housing, education, and similar goods and services). If the defendant's session replay analytics include machine learning that classifies visitor behavior or intent — visitor purchase propensity scores, frustration signals, churn risk predictions, or intent-to-buy classifications derived from real-time analysis of the visitor's intercepted browser interactions — the CPPA's ADT regulations (on CPPA's own rulemaking calendar entirely outside plaintiff attorney scheduling control) may classify this as a prohibited automated decision that affects consumers' access to goods and services without required opt-out rights. Advisory calls arrive when the ADT regulations take effect and when the defendant's session replay analytics are assessed against the newly adopted ADT requirements.
Arithmetic: 6 active California CIPA clients with DOJ/FBI federal Wiretap Act investigation status advisory, DOJ § 2521 civil injunction proceeding calendar advisory, FCC TCPA enforcement calendar and STIR/SHAKEN rulemaking advisory for CIPA/TCPA hybrid cases, CPPA CPRA enforcement calendar and CPPA cybersecurity audit regulation advisory, CPPA ADT rulemaking advisory for session replay analytics cases, and CPPA data broker registration calendar advisory needs during the year × 3 advisory calls (1 DOJ/FBI Wiretap investigation and § 2521 civil injunction advisory, 1 FCC TCPA enforcement and consent rulemaking advisory, 1 CPPA cybersecurity audit and ADT rulemaking advisory) × 44 min average × 55% untracked = 7.26 untracked hours = $2,178–$3,630/year at $300–$500/hr.
The unique billing gap driven by three concurrent external enforcement calendars: unlike most other primary anchors in the fee-petition-mechanics series, which pair a California state enforcement calendar with one federal enforcement calendar, the California CIPA DATE OF INTERCEPTED COMMUNICATION generates advisory calls on three concurrent externally-controlled enforcement calendars — DOJ/FBI criminal and civil Wiretap Act enforcement (federal criminal and civil); FCC TCPA enforcement and rulemaking (federal regulatory); and CPPA CPRA enforcement and rulemaking (California independent regulatory agency) — each operating on an entirely independent institutional rhythm, none of which the plaintiff attorney controls or can predict.
The § 637.2(a) mandatory attorney fee petition and Ketchum/Dague Hensley segregation between California CIPA § 637.2 Superior Court claims and concurrent federal Wiretap Act § 2520 federal district court claims advisory call cycle on the post-judgment calendar: 4.03 untracked hours = $1,210–$2,017/year
Penal Code § 637.2(a) provides that the prevailing plaintiff may recover "the greater of" $5,000 per violation or three times actual damages, plus "any attorney's fees that may be determined by the court." The "any attorney's fees" language in § 637.2(a) has been interpreted as authorizing — and in the context of CIPA's remedial purpose, effectively mandating for prevailing plaintiffs — a reasonable attorney fee award under the lodestar method. Prevailing defendants under CIPA § 637.2(a) do not recover fees as a matter of course; the Christiansburg Garment standard (frivolous, unreasonable, or without foundation) governs whether a prevailing defendant may recover fees — generating a plaintiff-only fee risk structure that is one of the five distinguishers in CIPA practice in the fee-petition-mechanics series.
The federal Wiretap Act civil fee provision, 18 U.S.C. § 2520(b)(3), provides: "In an action under this section, appropriate relief includes ... reasonable attorney's fees and other litigation costs reasonably incurred." Courts applying § 2520(b)(3) treat attorney fees as mandatory for prevailing plaintiffs under the Christiansburg Garment standard — prevailing plaintiffs recover fees as a matter of course absent special circumstances; prevailing defendants recover fees only for frivolous claims. The § 2520(b)(2) statutory damages formula — "liquidated damages computed at the rate of $100 a day for each day of violation or $10,000, whichever is higher" — is distinct from California's § 637.2(a) $5,000/violation floor, requiring separate damages calculation work in each forum for Hensley segregation purposes.
The Ketchum/Dague split: California CIPA § 637.2(a) fee petitions in California Superior Court are Ketchum multiplier eligible under Ketchum v. Moses (2001) 24 Cal.4th 1122. The contingency factors for the Ketchum multiplier in CIPA practice are assessed at the DATE OF INTERCEPTED COMMUNICATION — the date on which the plaintiff's attorney undertook the contingency representation. At the DATE OF INTERCEPTED COMMUNICATION, the contingency factors in a § 631(a) session replay class action include: (a) server log discovery uncertainty — the plaintiff's attorney undertook the representation without knowing whether the session replay vendor's server logs had been preserved (vendors typically retain session logs for 30, 60, or 90 days; if the interceptions occurred more than 90 days before the complaint was filed, the evidence of the class member's specific session may have been deleted in the ordinary course of the vendor's retention policy — a fact unknown to the plaintiff's attorney at the DATE OF INTERCEPTED COMMUNICATION); (b) § 631(a) 'aiding and abetting' theory viability uncertainty — California courts are actively deciding whether website visitor browser interactions constitute 'communications' within the meaning of § 631(a)'s wire/line interception subpart; several California Court of Appeal decisions are pending on this issue; at the DATE OF INTERCEPTED COMMUNICATION, the plaintiff's attorney did not know whether the California Court of Appeal would sustain or reject the § 631(a) session replay theory; (c) class certification uncertainty — the defendant in a § 631(a) session replay class action will argue that individualized consent issues (different website visitors saw different versions of the privacy banner, clicked different consent options, or visited the website before and after the session replay vendor was installed) defeat predominance under CCP § 382; at the DATE OF INTERCEPTED COMMUNICATION, the plaintiff's attorney did not know whether the class would be certified or whether the individualized consent variations would prevent class treatment; (d) all-party consent defense uncertainty — the defendant will argue that website visitors who clicked 'Accept All' on the CPRA/CCPA consent banner, or who scrolled past a footer privacy notice, implicitly consented to session replay recording under § 632's all-party consent standard; at the DATE OF INTERCEPTED COMMUNICATION, the plaintiff's attorney did not know whether the defendant's consent mechanism would be found sufficient; (e) CCP § 340(a) statute of limitations discovery rule tolling uncertainty — CIPA violations have a 1-year limitations period (CCP § 340(a) for Penal Code violations); the discovery rule tolls the period from when the plaintiff first discovered or should have discovered the interception; at the DATE OF INTERCEPTED COMMUNICATION, the plaintiff's attorney did not know what triggered the plaintiff's discovery of the session replay practice (news article, CPRA data subject access request revealing the vendor's name, class action notice from another lawsuit against the same vendor) and therefore could not predict the limitations exposure of the class period.
Federal Wiretap Act § 2520 fee petitions in federal district court are subject to the Dague no-multiplier rule: City of Burlington v. Dague (1992) 505 U.S. 557 categorically prohibits federal courts from applying any contingency enhancement to the lodestar in fee-shifting cases under federal statutes. The § 2520 fee petition begins from the same DATE OF INTERCEPTED COMMUNICATION as the § 637.2(a) fee petition but applies the Dague cap — the lodestar without enhancement. When both California CIPA and federal Wiretap Act claims are brought in federal court under 28 U.S.C. § 1367 supplemental jurisdiction, the federal court applies Dague to both the § 2520 fee petition and the supplemental § 637.2(a) fee petition — the Ketchum multiplier that would have been available in California Superior Court is lost. This forum-selection advisory generates a critical call at the DATE OF INTERCEPTED COMMUNICATION: should the plaintiff bring only California CIPA claims in California Superior Court (where Ketchum multiplier is available on all CIPA hours, and California courts have concurrent jurisdiction over § 637.2(a) claims) or bring both CIPA and federal Wiretap Act claims in federal district court (where Dague applies to all fee petition hours, Ketchum multiplier is unavailable, but federal discovery tools including ECPA-specific subpoena rights are available)?
Hensley task-level segregation: when both CIPA and federal Wiretap Act claims coexist, the attorney must maintain contemporaneous time records from the DATE OF INTERCEPTED COMMUNICATION forward that segregate: (a) California CIPA § 637.2(a) exclusive hours — § 631(a) 'aiding and abetting' fourth subpart analysis (specific to California CIPA's statutory text; not present in federal Wiretap Act § 2511 in the same form); § 632 all-party consent analysis (California categorical all-party consent; federal § 2511(2)(d) one-party consent exception is absent from California CIPA); § 637.2(a) $5,000/violation damages calculation (California-specific; federal § 2520(b)(2) $10,000/violation or $100/day formula requires separate calculation); CPPA enforcement calendar advisory hours (California regulatory; no federal Wiretap counterpart); (b) federal Wiretap Act § 2520 exclusive hours — 18 U.S.C. § 2511(2)(a)(i) 'business extension' exemption analysis (federal exemption; not available under California CIPA); § 2511(2)(d) one-party consent exception analysis (available to federal defendants; categorically absent from California CIPA); § 2520(b)(2) $10,000/violation or $100/day damages calculation (federal statutory damages formula; distinct from § 637.2(a) $5,000/violation); (c) hours that advanced both claims simultaneously — interception liability investigation, class certification briefing, server log subpoena prosecution, and liability summary judgment motion — allocated to both fee petitions or apportioned. The CPPA enforcement calendar advisory hours present the most consequential Hensley segregation question in CIPA practice: CPPA cybersecurity audit regulation advisory and CPPA ADT rulemaking advisory are California CIPA exclusive hours — compensable at the Ketchum multiplier in California Superior Court but not transferable to the federal § 2520 fee petition. A § 637.2(a) fee petition that fails to segregate CPPA advisory hours from federal Wiretap hours — treating them as shared CIPA/Wiretap hours subject to Dague in federal court — loses the Ketchum multiplier on those CPPA advisory hours.
Missouri v. Jenkins (1989) 491 U.S. 274 fees-on-fees: hours spent preparing and litigating the § 637.2(a) fee petition itself are compensable under § 637.2(a) and, separately, under federal Wiretap § 2520(b)(3). Fees-on-fees must be segregated by forum: California § 637.2(a) fee petition preparation hours (Ketchum multiplier eligible in California Superior Court) and federal § 2520(b)(3) fee petition preparation hours (Dague no-multiplier in federal court) are separate categories tracked from the DATE OF INTERCEPTED COMMUNICATION through post-judgment fee petition briefing. Arithmetic: 5 active § 637.2(a) / federal Wiretap § 2520 mandatory fee petition clients requiring interception-date-to-judgment Hensley lodestar assembly, § 637.2(a) Ketchum positive multiplier documentation anchored to DATE OF INTERCEPTED COMMUNICATION contingency factors, Dague no-multiplier analysis for the concurrent federal § 2520 fee petition, Hensley task-level segregation between California § 637.2(a) fee petition and federal § 2520 fee petition, CPPA advisory hours allocation exclusively to California § 637.2(a) fee petition track, and Missouri v. Jenkins fees-on-fees advisory needs × 2 advisory calls (1 Ketchum multiplier documentation and Hensley segregation advisory, 1 federal Dague no-multiplier and § 2520 fee petition advisory) × 44 min average × 55% untracked = 4.03 untracked hours = $1,210–$2,017/year at $300–$500/hr.
The unique billing gap driven by the Ketchum/Dague split in CIPA practice: unlike the Ketchum/Dague splits in CFRA § 12965(b) vs. FMLA § 2617(a)(3) (blog post #66) or PDL § 12965(b) vs. FMLA § 2617(a)(3) (blog post #67) — where the primary Ketchum track and the primary Dague track are generated by entirely separate statutes covering different conduct — and unlike the Unruh/ADA Ketchum/Dague split (blog post #68) — where two different statutes cover the same conduct at the same place of public accommodation — the CIPA/federal Wiretap Ketchum/Dague split is generated by two statutes covering the same type of conduct (non-consensual communication interception) but applying different consent standards: California's categorical all-party consent standard under CIPA generates additional California-exclusive hours (all-party consent analysis, § 632 confidential communication analysis, CPPA regulatory advisory) that have no federal Wiretap counterpart and are Ketchum-eligible in California Superior Court but Dague-capped in federal court. A solo CIPA attorney who fails to track these California-exclusive hours from the DATE OF INTERCEPTED COMMUNICATION through the fee petition loses the Ketchum multiplier that would have been available on those hours in California Superior Court.
Why ClaimHour exists for California CIPA privacy solos
The three billing gaps above — § 631 / § 632 / § 632.7 CIPA coverage analysis and class-member-communications inventory advisory at the DATE OF INTERCEPTED COMMUNICATION ($1,617–$2,695/yr); DOJ/FBI federal Wiretap investigation calendar, FCC TCPA calendar, and CPPA CPRA enforcement calendar advisory ($2,178–$3,630/yr); § 637.2(a) Ketchum/Dague Hensley segregation advisory ($1,210–$2,017/yr) — total 16.68 hours per year at $5,005–$8,342/year unbilled. Every one of these advisory calls happens away from a desk: on the phone reviewing a session replay vendor's terms of service at lunch to assess the § 631(a) 'aiding and abetting' theory before an afternoon deposition; in the car listening to an FCC TCPA enforcement bulletin on the way to a client meeting; at home at 9 PM reviewing CPPA's latest cybersecurity audit proposed regulations after putting the kids to bed because the rulemaking comment period closes next week and it directly affects two class cases. The call with the client reviewing which sessions are within the class period — 44 minutes of real work on the phone, referencing the vendor's log spreadsheet exported from the discovery production — goes unlogged because there is no open matter on the phone, no timer running, and by morning the detail has dissolved into the general recollection of "yesterday's class period call."
ClaimHour is the Mac menubar and iOS app that captures these metadata-only events — duration, direction, subject keyword — and presents them at end of day in a two-minute review digest for confirmation before export. No audio. No email bodies. No file contents. Only metadata, so attorney-client privilege is preserved and no HIPAA issues arise. CIPA class period coverage analysis calls, DOJ Wiretap investigation status checks, FCC TCPA rulemaking monitoring, CPPA enforcement calendar advisory calls — all captured without a PMS subscription or a change in how you practice. Export to QuickBooks, LawPay, or CSV. Works with Word + QuickBooks, for the ~30% of California solo lawyers who will not pay the Clio tax. Start free trial →