In February 2011, the California Supreme Court handed down a decision (Jessica Pineda v. Williams-Sonoma Stores, Inc., S178241 (Cal. Supreme Court Feb. 10, 2011)) related to consumer privacy protection that impacts the activities of merchants in California. Specifically, the court found that a ZIP code is "personal identification information" for purposes of California Civil Code §1747.08(a)(2).
Section 1747.08(a)(2) is a provision of the Song-Beverly Credit Card Act of 1971 that prohibits businesses, as a condition to accepting a credit card as payment for goods or services, from requesting and recording personal identification from credit card holders during credit card transactions. (Civ. Code, §1747.08, subd. (a)(2).) The statute defines "personal identification information" as "information concerning the cardholder, other than information set forth on the credit card, and including, but not limited to, the cardholder’s address and telephone number." (Civ. Code, §1747.08, subd. (b).)
According to the court, Williams-Sonoma requested a ZIP code when processing a credit card purchase from an in-store customer. The cashier entered the ZIP code into the electronic cash register and subsequently used the ZIP code and other information in performing a database search to determine the customer’s address to be used for marketing purposes.
In construing the statute, the court interpreted the statute broadly so as to best protect the public. (Slip Op. at 5.) The court analyzed the definition of "personal identification information" and concluded that under a broad interpretation, a ZIP code falls within the definition, since it is information about the cardholder and it is information that is typically included in a cardholder’s address. (Slip Op. at 6.) The court recognized that the ZIP code is not a complete address but argued that the broad word "any" in the statute was designed to prevent the requesting and recording of even partial address information. (Slip Op. at 9.)
There are a number of statutory exceptions to §1747.08, including when a credit card is being used as a deposit or for cash advances; when the entity accepting the card is contractually required to provide the information to complete the transaction or is obligated to record the information under federal law or regulation; or when the information is required for a purpose incidental, but related to the transaction, such as for shipping, delivery, servicing or installation. (Civ. Code, §1747.08, subd. (c).) Moreover, in recent years, several California appellate courts and federal district courts have issued opinions addressing the scope of §1747.08. For example, in Saulic v. Symantec Corp., 596 F. Supp. 2d 1323 (C.D. Cal. 2009), the United States District Court for the Central District of California, Southern Division, held that online transactions are not encompassed within §1747.08. These exceptions may be useful for many merchants, in determining when it is lawful to request and record ZIP code and other personal identification information.
If you have any questions regarding the Song-Beverly Credit Card Act or its application to your business activities, please contact your principal Squire Sanders lawyer or one of the lawyers listed in this alert.