Recently, class action lawyers have filed various putative class action lawsuits against retailers under a statute regulating the type of “personal identification information” a retailer may obtain during a credit card transaction—Mass. Gen. Laws ch. 93, § 105(a) (Chapter 93, Section 105(a)). This trend stems from a recent court decision interpreting Chapter 93, Section 105(a) to include ZIP codes within the type of information that may not be collected on a “credit card transaction form.” As Chapter 93, Section 105(a) seeks to protect consumers, violations amount to unfair or deceptive trade practices under the Massachusetts Consumer Protection Act, Mass. Gen. Laws ch. 93A (Chapter 93A). Chapter 93A, in turn, provides a private right of action to any consumer “injured” by a Chapter 93A violation and, perhaps more importantly, allows that consumer to seek relief for him or herself and for all other “similarly injured and situated” consumers. In this regulatory scheme, if there is a violation, class action litigation inevitably follows.
Chapter 93, Section 105(a) provides:
No person, firm, partnership, corporation or other business entity that accepts a credit card for a business transaction shall write, cause to be written or require that a credit card holder write personal identification information, not required by the credit card issuer, on the credit card transaction form. Personal identification information shall include, but shall not be limited to, a credit card holder’s address or telephone number.
The section does not apply, however, when personal identification information is necessary (1) for shipping, delivery, or installation of purchased merchandise or services or (2) for a warranty when such information is provided voluntarily by a credit card holder. Chapter 93, Section 105(d) expressly provides that any violation of Section 105 shall be deemed an unfair or deceptive trade practice under Chapter 93A. Finally, as currently enacted, Chapter 93, Section 105(a) applies to “all credit card transactions”; however, there is a Bill pending in Massachusetts that seeks to extend Section 105 to all “debit card transactions” as well. 2013 Massachusetts House Bill 1429, Section 1 (filed on January 18, 2013 by John D. Keenan).
On March 11, 2013, in Tyler v. Michaels Stores, Inc., SJC-11145, 2013 WL 854097 (Mass. Mar. 11, 2013) (Michaels), the Massachusetts Supreme Judicial Court (SJC) answered a certified question from the United States District Court for the District of Massachusetts (District Court) in connection with a lawsuit pending against Michaels Stores, Inc. In that case, the retailer allegedly followed a policy of collecting ZIP codes during credit card transactions in violation of Chapter 93, Section 105(a).
In answering the District Court’s questions (set in the context of a motion to dismiss), the SJC determined that a consumer’s ZIP code, when combined with a consumer’s name, allows a retailer to identify the consumer’s address and telephone number through public databases. ZIP codes, according to the SJC, are therefore deemed “personal identification information” under Chapter 93, Section 105(a). In addition, the SJC concluded that (1) the term “credit card transaction form” referred equally to electronic and paper forms and (2) a consumer may bring a claim even absent an allegation of identity fraud.
The SJC’s decision in Michaels is significant for many reasons. In particular, the SJC made clear that a consumer had to plead more than just a violation of a statute to assert a claim under Chapter 93A. Specifically, in light of some confusion caused by the SJC’s 1985 decision in Leardi v. Brown, 394 Mass. 151 (1985), about the meaning of injury, the SJC made clear in Michaels that a consumer had to plead and prove some harm or injury, separate and distinct from the underlying statutory violation to assert a damages claim. Indeed, as the SJC explained:
To the extent . . . Leardi can be read to signify that “invasion” of a consumer plaintiff’s established legal right in a manner that qualified as an unfair or deceptive act [under Chapter 93A], automatically entitles the plaintiff to at least nominal damages (and attorneys’ fees), we do not follow the Leardi decision.
Also, the SJC reiterated that the harm or injury must be caused by the alleged violation. As a result, the SJC arguably narrowed the scope of Chapter 93A injury in Michaels (a long-awaited narrowing).
Nonetheless, the SJC also gave the plaintiffs’ class bar a road map as to how to plead and potentially prove Chapter 93A injury and damages for violations of Chapter 93, Section 105(a). For example, in Michaels, the separate and distinct injury was receiving unwanted junk mail or having personal information sold to a third-party for a profit. Since the SJC’s decision, the plaintiff’s class action bar has targeted other retailers allegedly following similar policies and alleged these very same alleged separate and distinct injuries to consumers in their complaints.
Again, Michaels addressed the injury issue only in the context of a motion to dismiss filed in the District Court. Neither the SJC nor the District Court have addressed whether the putative class in Michaels should be certified. Accordingly, a putative class representative would have to prove that the common issue of “Chapter 93 injury” and causation is appropriate for class certification, e.g., that all class members gave their ZIP codes, the “giving” did not fall into one of the enumerated exceptions, and that those ZIP codes were used to send consumers unwanted junk mail or to sell their information to a third-party for a profit. Accordingly, there may very well be some strong defenses to class certification in these cases, which, of course, will be based on the facts of the underlying policy and a retailer’s actions.
As for damages, one would reasonably question what actual damages were suffered by receiving unwanted junk mail. The answer likely is that there are no actual damages. Chapter 93A, however, states that in the absence of actual damages, if there is a Chapter 93A injury, a consumer is entitled to recover nominal damages of $25.00. As explained by the SJC in Michaels, receipt of unwanted marketing material represents an invasion of privacy (the harm that Chapter 93, Section 105(a) seeks to prevent) causing an injury worth more than a penny. As such, plaintiffs’ counsel will seek $25.00 in damages for each consumer impacted by the policy (or, perhaps, an even more draconian remedy, $25.00 for each transaction or piece of unwanted mail received). In addition, plaintiffs’ counsel will likely seek to treble those damages; however, the SJC (in Leardi) already has concluded that where a plaintiff is entitled to treble damages and actual damages when trebled are less than $25.00, the plaintiff is only entitled to $25.00—not $75.00. Moreover, plaintiffs’ counsel will seek to recover attorneys’ fees and costs. Fees and costs are awarded as a matter of law under Chapter 93A if there is a violation—regardless of whether the violation was knowing or willful. Considering the number of consumers who use credit cards at retail stores (during the 4-year class period under Chapter 93A), $25.00 nominal damages could grow quickly.
Furthermore, to the unquestionable delight of the plaintiffs’ class action bar, the SJC postulated (emphasis added):
The issue of damages becomes more complicated where a merchant sells a consumer’s personal identification information acquired in a manner violating § 105(a), because the harm comes from the merchant’s disclosure of the consumer’s private information on the open market, not from a direct assault on her privacy. Disgorgement of the merchant’s profits may provide an appropriate means of calculating damages in [this] situation, both because it is a close approximation of the value of the consumer’s personal identification information on the open market and because such a damage award would remove any financial incentive to merchants to violate the statute.
What should retailers do in response to Michaels and this latest trend in class action litigation?
Retailers should review their policies concerning what information is requested from consumers during credit card transactions to make sure those policies comply with Section 105(a). If “personal identification information” is requested for one of the exempt reasons, retailers should be sure that they are able to verify which transactions fall within the exemption (if later challenged in litigation).
In addition to compliance with Section 105(a), retailers should review Section 105(b) to make sure that their other policies are in compliance as well. Specifically, Chapter 93, Section 105(b) provides:
No person, firm, partnership, corporation or other business entity accepting a check in any business or commercial transaction as payment in full or in part for goods or services shall do any of the following:
- Require, as a condition of acceptance of such check, that the person presenting such check provide a credit card number, or any personal identification information other than a name, address, motor vehicle operator license number or state identification card number of such person and telephone number, all of which may be recorded; provided, however, that the person, firm, partnership, corporation or other business entity accepting such check may verify the signature, name, and expiration date on a credit card; provided further, that in complying with a request to provide a telephone number, the person paying with a check may provide either a home telephone number or a telephone number where such person may be called during daytime hours.
- Require, as a condition of acceptance of the check, or cause a person paying with such check to sign a statement agreeing to allow a credit card to be charged to cover the amount of such check.
- Contact a credit card issuer or otherwise access a credit card account balance to determine if the amount of any credit available to the person paying with a check will cover the amount of such check.
- Require, as a condition of acceptance of the check, that a person’s credit card number be recorded in connection with any part of a transaction.
- Record on a check, or require a person paying with a check to record on such check, any information regarding the race of such person.
Section 105(b), however, does not prohibit a retailer from:
- requesting, receiving, or recording a credit card number in lieu of requiring a cash deposit to secure payment in event of default, loss, damage or other occurrence; or
- recording a credit card number and expiration date as a condition for cashing or accepting a check where such person has agreed with the card issuer to cash or accept checks from the issuer’s card holders and where the issuer guarantees such card holder checks cashed or accepted by such person.