PARTNER, CHIEF TECHNOLOGY OFFICER
As Chief Technology Officer at SilverTech, Derek defines and drives the agency’s technology vision—helping clients harness data, digital platforms, and emerging technologies to solve complex business challenges and build meaningful, lasting customer relationships.
Known for finding solutions to the toughest and most complicated technology challenges, Derek combines innovation with deep expertise across enterprise architecture, cloud infrastructure, custom development, and big data. He brings a security-first mindset and a sharp focus on privacy and compliance, enabling organizations to build secure, scalable, and future-ready digital ecosystems.
Derek serves as a strategic adviser to both SilverTech’s technology partners and clients. He works closely with platform providers—often consulting on product roadmaps—to ensure solutions align with real-world business needs and deliver maximum value. He also helps client organizations develop and execute digital roadmaps that make the most of their existing systems and data, integrating legacy technologies with modern platforms where and when it makes sense to drive growth, stay competitive, and support long-term success.
Throughout his career, Derek has played a key role in shaping the tools and platforms that power modern digital marketing. He is a recognized authority and thought leader in the martech space—recently named a Kentico MVP and Progress Sitefinity Champion. Derek holds numerous certifications, including Kentico Developer, Kentico Marketer, Sitefinity Developer, and Sitecore Developer.
By: Paul Creme | 3/19/25
A recent blog post on our website discussed the increase in the number of states that have adopted several types of privacy statutes modeled after the California Privacy Rights Act (“CPRA”).
There is another statute not as well-known and more limited in scope that companies should also be aware of. It is the California Invasion of Privacy Act (“CIPA”). At this time, it may only impact companies that are located within the state of California, but just as the CPRA applies to a resident in the state of California, the CIPA applies as well if the person accessing your website is a resident of California.
The reason for an increase in threatened actions based on the CIPA is that unlike the CPRA, the former allows for statutory damages of $5,000.00 per person. Some of the demand letters not only threaten legal action, but may become class actions suits, thus increasing the amount of damages. A class of a few hundred people could be a significant exposure.
The basis of the potential litigation is an invasion of privacy by using cookies and/or other website tracking technologies on the website. The argument is that these tracking technologies are an unwelcome invasion of a user’s privacy, like eavesdropping on a private conversation.
Numerous third-party applications integrate with websites to monitor, analyze, and optimize user interactions. Tools like Google Analytics and Hotjar track user behavior, session recordings, and engagement metrics to provide insights into website performance. Additionally, social media tracking pixels such as those from Facebook (Meta) and X (formerly Twitter), collect data on user interactions to enable personalized advertising, retargeting, and content optimization. Other analytics platforms, heat mapping tools, and behavioral tracking services further enhance a businesses’ ability to refine user experiences and improve marketing effectiveness. It is crucial to know which platforms will align with your business’s industry regulations such as HIPAA compliance laws.
The main issue under the CIPA is the absence of consent to using tracking technology. The use of a pen register, a “recording’ of the user’s interactions with the website amount, without a court order or explicit consent is illegal.
While the law remains unsettled, it will not stop the possibility of receiving a demand letter from an aggressive law firm, similar to the cases a few years ago about access under the Americans with Disabilities Act demanding that your company settle or face potential litigation.
The question is, what should a company do now to shield itself from a claim, or at least have a viable defense to a claim?
First, review terms of use and privacy policies that specifically deal with the use of website tracking technology with your legal counsel. Second, review how your company handles the information. Go beyond privacy statues and take inventory of what is on your website and determine if there is any tracking technology. Third, determine whether the tracking technology is critical to the operation of the company. If not, think about disabling it. Finally, make sure that opt out language is clear and allows the user to either opt out or block the tracking.
Please note this not intended to be legal advice and we cannot provide the language best suited to your particular company. This is something you need to work on with your legal counsel, but we can assist in evaluating and perhaps minimizing the potential risk. Contact us if you would like to learn more.
This website uses cookies in order to offer you the most relevant information. Please "Accept & Continue" for optimal site performance.