Fifteen states and the District of Columbia have laws that restrict the collection of personal identification information at the point of sale when payment is made by a credit card. Retailers received good news recently from the U.S. District Court for the District of Columbia in Hancock v. Urban Outfitters. The Court ruled that a zip code is not an “address” for purpose of the D.C. statute, which prohibits requesting or recording an address or telephone number on the credit card transaction form. This decision is in contrast to decisions by the California (Pineda v. Williams-Sonoma Stores) and Massachusetts (Tyler v. Michael’s Stores) Supreme Courts, both of which ruled that it is illegal to collect zip codes at the point of sale in credit card transactions under their respective state laws. So, while collecting personal information at POS during a credit card transaction continues to present risks of class action law suits in California and Massachusetts, there is now case precedent that provides some protection in D.C. The Court succinctly laid out the elements of a claim under the D.C. law and why plaintiffs failed to meet those elements, but plaintiffs have filed a notice of appeal of the Court’s decision.
THE D.C. DECISION
In Urban Outfitters, plaintiffs alleged that, by asking for their zip codes during credit card purchases, defendants violated both the D.C. Consumer Identification Information Act (CIIA) and the D.C. Consumer Protection Procedures Act (DC UDAP). The CIIA prohibits a person from requesting or recording the address or telephone number of a credit card holder on the credit card transaction form as a condition of accepting a credit card as payment for the sale of goods or services. The CIIA provides for the greater of actual damages or $500 per violation. Plaintiffs premised their DC UDAP claims on a violation of the CIIA. The DC UDAP provides for liability in the greater of treble damages or $1,500 per violation.
The Court stated that, to be successful under the CIIA, a consumer must establish all the following: (1) her “address or telephone number” was (2) requested or recorded (3) on “the credit card transaction form” (4) “as a condition of accepting a credit card as payment” (5) “for a sale of goods or services.”
ZIP CODE ALONE IS NOT AN ADDRESS
The Court found that a zip code, in and of itself, is not an address. Acknowledging that even though the CIIA must be construed broadly, the Court reasoned that a component of an address that merely identifies the general area in which a person’s mail is delivered is not a full address. The Court also addressed Plaintiffs’ argument that a company, which has a person’s zip code, may be able to learn the person’s address through the use of a commercially available databases. Here, the Court found that the D.C. statute only prohibits a person from requesting or recording an address from a consumer as a condition of making a credit card purchase and does not prohibit a person from obtaining a consumer’s address by other means.
This decision did not resolve whether the collection of email addresses is prohibited in a credit card transaction under the CIIA. The Court’s discussion of “locating” an individual focused on the ability tophysically locate the individual when determining the extent of the definition of address. This could support a decision that email addresses are not covered by the CIIA. However, considering the Court’s acknowledgement that the CIIA must be construed broadly, the Court may rely on more than just physically locating an individual if addressing the collection of email addresses. Even if an email address is deemed to be an address, as discussed below, other elements of a CIIA claim may be difficult to demonstrate.
RECORDED ON THE CREDIT CARD TRANSACTION FORM
Interestingly, Plaintiffs had alleged that their zip codes were recorded into the point of sale register and not the credit card swipe machine. Based on this allegation, the Court reasoned that defendants took steps specifically designed to adhere to the CIIA by affirmatively separating the zip code information from the credit card information. The Court therefore found that Plaintiffs “utterly failed” to plead that Defendants recorded anything “on the credit card transaction form” as prohibited by the CIIA.
OTHER ISSUES ADDRESSED BY THE COURT
The Court also addressed the CIIA’s requirement “as a condition of accepting the credit card for payment,” stating that this element would only be relevant if the Court had determined that a zip code was an address. However, the Court indicated that if this element were relevant, plaintiffs may need to show it was an affirmative requirement of the merchant to complete the transaction.
The Court specifically addressed the Pineda v. Williams-Sonoma Stores and Tyler v. Michael’s Storesdecisions, finding that the California and Massachusetts statutes prohibited the collection of a substantially broader set of consumer information. The discussion of these statutes by the Court likely limits the precedential value of the Urban Outfitters decision. The D.C. statute is very narrow, only prohibiting the collection of a consumer’s address or telephone number. Most of the 15 states that have similar POS collection laws follow California and Massachusetts by prohibiting the collection of personal information concerning the card holder, including, but not limited to, the card holder’s address and telephone number.