• California Supreme Court Prohibits Requesting Customer Zip Codes in Credit Card Transactions
  • March 22, 2011 | Author: Daniel T. Pascucci
  • Law Firms: Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. - Los Angeles Office ; Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. - San Diego Office
  • In a decision that impacts millions of consumer transactions each year, the California Supreme Court has held that retailers who request zip codes of customers using credit cards may be held liable for monetary civil penalties of up to $1,000 per transaction. In Pineda v. Williams-Sonoma Stores, Inc.1  (Pineda), the California Supreme Court interpreted California’s Song-Beverly Credit Card Act (the Act) and ruled that the Act prohibits a company from requesting zip codes from customers paying by credit card.

    In reaching this conclusion, the California Supreme Court reversed two lower courts, both of which had held that this practice did not violate the Act. In the days since the Pineda decision was issued, plaintiffs have initiated several new lawsuits against high-volume California retailers. In light of the discretion the Act gives courts to impose civil penalties, retailers that understand the reach of Pineda and conform their cash-register practices to its guidance stand the best chance of avoiding the scrutiny of class action suits or reducing their exposure levels in such suits.

    In Pineda, the plaintiff alleged she was required by Williams-Sonoma to provide her zip code to complete a credit card purchase at a Williams-Sonoma retail store, and also alleged that Williams-Sonoma later ran a software program, using her name and zip code, to determine her address and send direct marketing to her. The plaintiff filed a lawsuit on behalf of herself and similarly situated Williams-Sonoma customers, alleging that Williams-Sonoma violated the Song-Beverly Credit Card Act2 by requesting and recording her zip code during a credit card transaction.

    The Song-Beverly Credit Card Act provision under which the plaintiff sued states that “no person, firm, partnership, association, or corporation that accepts credit cards for the transaction of business shall ... (2) Request, or require as a condition to accepting the credit card as payment in full or in part for goods or services, the cardholder to provide personal identification information, which the person, firm, partnership, association, or corporation accepting the credit card writes, causes to be written, or otherwise records upon the credit card transaction or otherwise.”3

    Interpreting this statute, the court held that “personal identification information” includes a consumer’s zip code, whether requested or required alone or as part of a whole address (i.e., the court rejected the argument that, alone, a zip code identifies a group of persons and thus is not “personal” identification information). In so holding, the court also noted how its interpretation aligned with the Song-Beverly Credit Card Act’s purpose, which is to prevent sellers from collecting personal information unnecessary to a sales transaction and using that information for marketing purposes. The court also clarified that the bar for violating the statute is low and that “requesting and recording a cardholder’s zip code, without requesting additional personal information, violates the Credit Card Act.”

    Importantly, the court considered and rejected the argument that its interpretation of the Act to prohibit the collection and recording of zip codes should only be applied to businesses prospectively, or on a going forward basis. Instead, the court ruled, the Act’s prohibition against collecting zip codes is sufficiently clear in the statute to give businesses notice that this practice is a violation of the statute. As such, the court ruled, its interpretation applies both retrospectively and prospectively.

    Especially because the court ruled its interpretation applies both retrospectively and going forward, it is important to understand what is and is not prohibited by the statute. Specifically, the Song-Beverly Credit Card Act statute interpreted in Pineda governs credit card sales only. Additionally, the Act enumerates a number of exceptions to the prohibition against collecting zip codes, which are not discussed in Pineda. The prohibition against requesting or requiring zip codes does not apply:

    If a credit card is being used as a deposit to secure payment in the event of default, loss, damage, or other similar occurrence;4

    To cash advance transactions;5

    If a business “is contractually obligated to provide personal identification information in order to complete the credit card transaction or is obligated to collect and record the personal identification information by federal law or regulation”;6 or

    If a zip code (or other personal identifying information) is required for a purpose incidental but related to the individual credit card transaction, such as for shipping, delivery, servicing, or installation of the purchased product or service.7

    Further, the Act does not prohibit a business from requiring a purchaser, as a condition to accepting a credit card as payment, to provide reasonable forms of positive identification, such as a driver’s license or state-issued identification card, provided that personal identifying information (like the zip code) is not recorded by the seller.8

    Applying Pineda’s guidance going forward, a business that follows a practice of requesting and recording zip codes as part of credit card sales transactions should cease this practice unless the collection of the zip code falls within one of the Act’s exceptions. Further, to the extent that a business has collected zip codes as part of credit card sales transactions in the past and has them recorded, it should refrain from using those zip codes for future marketing efforts. The actual violation of the Song-Beverly Act will have already taken place if the zip code was unnecessarily requested and recorded. But, as Pineda also discusses, a trial court has discretion, within a statutorily defined range, to impose civil monetary penalties per violation.9  If, after Pineda, a company continues to use previously collected zip codes for marketing, this could be a significant factor in a trial court’s computation of civil penalties.


    1  51 Cal.4th 524 (2011).

    2  Cal. Civ. Code §1747.08 (emphasis added).

    3  Cal. Civ. Code § 1747.08(a)(2).

    4  Cal. Civ. Code § 1747.08(c)(1).

    5  Cal. Civ. Code § 1747.08(c)(2).

    6  Cal. Civ. Code § 1747.08(c)(3).

    7  Cal. Civ. Code § 1747.08(c)(4).

    8  Cal. Civ. Code § 1747.08(d).

    9  Cal. Civ. Code § 1747.08(e).