Last week, Macy’s and Foot Locker became the latest retailers to be forced to defend allegations that they illegally collect personal information from California shoppers. In two separate suits filed on the same day by the same attorneys, the class plaintiffs allege that customers at the two stores were required to disclose personal information in order to complete purchases with their credit cards.

The complaints allege violations of California’s Song Beverly Act, which generally prohibits businesses from requesting or requiring consumers to provide personal identification information (PII) during a credit card transaction. The Act defines PII as including the cardholder’s address and telephone number. The law has spawned hundreds of lawsuits by class plaintiffs against retailers operating both brick-and-mortar and online stores in California.

In the case against Macy’s, the class plaintiff alleges that he was required to provide an identification card and phone number while purchasing a watch at a Macy’s retail store located in Los Angeles. The plaintiff, believing that he was required to provide the information to complete the credit card transaction, provided the information to the Macy’s employee. At one point, the Macy’s employee purportedly walked away with the personal identification information in hand. Similarly, in the complaint against Foot Locker, the class plaintiff alleges he was required to provide his phone number when purchasing a pair of shoes. Both cases allege only one count — violation of the Song-Beverly Act — and seek statutory damages plus attorney’s fees.

The plaintiffs allege that both Macy’s and Foot Locker have policies requiring employees to collect PII at the point of sale ;In some circumstances, when a retailer’s data collection policy complies with Song-Beverly and is followed in practice, the policy can act as a safe harbor. If an employee breaches the policy and collects PII in violation of the Act, the retailer is nonetheless shielded from liability.