On Thursday, February 10, 2011, the California Supreme Court unanimously held that because a zip code constitutes personal identification information under the Song Beverly Credit Card Act, retailers are not allowed to request consumers to provide such information when purchasing merchandise with credit cards.
The Song Beverly Credit Card Act
California’s Song Beverly Credit Card Act (the “Act”), is a consumer protection statute which prohibits, among other things, retailers from misusing personal identification information obtained during credit card transactions for marketing purposes. Other states including Delaware, Kansas, Georgia, Maryland, Massachusetts, Minnesota, Nevada, New Jersey, New York, Ohio, Oregon, Pennsylvania, Rhode Island, Washington, D.C., and Wisconsin have similar consumer protections statutes.
In California, the Act prohibits retailers from requesting or requiring as a condition to accepting a credit card a credit cardholder to provide personal identification information. The Act defines personal identification information as “information concerning the cardholder, other than information set forth on the credit card, and including, but not limited to, the cardholder’s address and telephone number.” The penalties for violating the Act are up to two hundred fifty dollars ($250) for the first violation and up to one thousand dollars ($1,000) for each subsequent violation.
In the last three years, dozens of retailers in California have been sued in consumer class actions alleging violation of the Act. In June 2008, Jessica Pineda filed the instant consumer class action against Williams-Sonoma Stores, Inc. in San Diego Superior Court. According to Ms. Pineda’s complaint, she visited one of Williams-Sonoma’s California stores and paid for an item using her credit card. When the cashier asked Ms. Pineda for her zip code, she provided it. Ms. Pineda further alleged that once Williams-Sonoma acquired her name, credit card number and zip code, it performed a reverse search from internet databases to obtain her address so it could market products to her and sell her customer related information to other businesses.
Williams-Sonoma’s argument with respect to the zip code issue was that such information does not constitute personal identification information under the Act. The trial court agreed concluding, among other things, that a zip code does not constitute personal identification information under the Act.
After Ms. Pineda appealed, the appellate court confirmed the lower court holding that because a zip code does not constitute personal identification information, retailers are free to request that information from consumers. Ms. Pineda then asked the California Supreme Court to review the appellate court’s decision.
The California Supreme Court Decision
Unfortunately, the California Supreme Court disagreed with the lower court’s holding that zip codes are readily understood to be part of an address — something which retailers are per se prohibited from requesting as a condition to accepting payment by credit card. Relying on the legislative history behind the Act, the Court recognized that zip codes are unnecessary to complete sales transactions and can be aggregated and used for the retailer’s own business purposes or sold to other businesses.
In what can be characterized as a small victory for retailers, the California Supreme Court reaffirmed that the Act does not mandate fixed penalties and the statutory penalties set forth in the statute can range from the “proverbial peppercorn” to the maximum penalty.
Sixteen consumer class actions were filed in California two days after the California Supreme Court rendered its decision.
What The Pineda Decision Means for California Retailers
The Pineda decision certainly limits but does not foreclose California retailers from requesting that their customers provide them personal identification information for marketing purposes. For instance, the Act does not prevent retailers from requesting personal identification information from customers during cash, check, or gift card transactions, although this loophole may be closed by the California legislature in the future.
To the extent retailers continue to ask for personal identification information in their stores, we believe that it is prudent to do so away from the point of sale, after the credit card transaction is completed and upon providing the consumer with appropriate notice that providing such information is voluntary.