• Texas Bar & Restaurant Owners Compelled to Take Measures to Prevent Identity Thefts by Employees
  • September 1, 2005 | Author: Kerry E. Notestine
  • Law Firms: Littler Mendelson, A Professional Corporation - Pittsburgh Office ; Littler Mendelson, A Professional Corporation - Houston Office
  • Effective September 1, 2005, a law signed by the governor of Texas in May requires every restaurant and bar owner to post the following sign in at least one "prominent location" on the premises:

    UNDER SECTION 32.51, PENAL CODE, IT IS A STATE JAIL FELONY (PUNISHABLE BY CONFINEMENT IN A STATE JAIL FOR NOT MORE THAN TWO YEARS) TO OBTAIN, POSSESS, TRANSFER, OR USE A CUSTOMERS' DEBIT CARD OR CREDIT CARD NUMBER WITHOUT THE CUSTOMER'S CONSENT.

    The sign is required to be in letters at least ½ inch high. It is also required that the sign be posted in English and in any other language that is "spoken by a substantial portion of the employees of the restaurant or bar as their familiar language."

    Failure to post the sign on the premises is a misdemeanor punishable by a fine of not more than $25.00. The new law allows a restaurant owner to avoid conviction under the new law by posting the required notice within 48 hours of receiving a citation from the state.

    The new law is clearly directed at the growing problem of identity theft and misuse of credit cards by employees of hospitality operations. The notice is intended to remind employees of the criminal penalties under Texas state law for identity theft and misuse of credit or debit cards.

    While the statute provides for a fairly nominal penalty for failure to post the required notice, there are numerous reasons for restaurant and bar owners to comply. First, while the penalty does not appear burdensome, violation can still result in a criminal conviction which no one wants to have as part of their personal history. Second, the law is addressed at what has become a serious employer issue in the hospitality industry -- employee misappropriation of the credit card information of customers. Finally, in addition to the criminal penalties related to credit card theft, operators may be exposed to potential civil liability to customers in the event of misuse or disclosure of personal identity information.

    Littler recommends compliance with both the letter and the spirit of this law. In addition to posting the required notice, employers should regularly review and train employees regarding their legal obligations to treat all information, including credit card information of customers, in absolute confidence and to report any violations that they observe to management. And, such training should include awareness of the civil and criminal exposures for violation of the law and employer policies regarding credit cards and other personal information relating to customers.