With limited exceptions, the Song Beverly Credit Card Act (California Civil Code § 1747, et seq.) significantly restricts brick-and-mortar retailers' ability to request or record personal identification information in connection with processing credit card transactions. Under the Act, "personal identification information" is "information concerning the cardholder, other than information set forth on the credit card, and including, but not limited to, the cardholder's address and telephone number." Now, the California Supreme Court has ruled in Pineda v. Williams-Sonoma Stores, Inc., that ZIP codes are also "personally identifiable information" for purposes of the Act.
In Pineda, the plaintiff provided her zip code to a cashier who entered it into the electronic cash register and then completed the transaction. At the end of the transaction, defendant had plaintiff's credit card number, name, and ZIP code recorded in its database, to which the retailer performed searches to match the plaintiff's name and to market products to the customer and potentially sell to other businesses. The Court ruled that merely providing the ZIP code in this context was sufficient to trigger a violation of the Song-Beverly Credit Card Act and that she could proceed with her proposed class action against the retailer, particularly because the Act was intended to prohibit information misuse for marketing.
Given the holding of this action, retailers in California that request zip codes as part of a credit card transaction may be in violation of the Act and face new exposure from private plaintiffs. Retailers located in California should carefully examine their practices in this regard.
- Partner
Marketers, advertisers, agencies and suppliers, among others, regularly seek Andy’s counsel regarding legal aspects of their advertising and promotional marketing businesses. He’s pragmatic and always looks for ...