For optimal user experience, please upgrade your browser.
Retail Trends

Seeking Address Redress

Floating Widget

Floating Item Container

Floating Rate Widget

Please Select
Your Rating

California retailers got another rap on the knuckles in February when the state Supreme Court decided that requesting ZIP codes is a violation of a 40-year-old credit card law.

According to some legal analysts, however, the ruling by the Golden State’s highest court may not be the last word on the subject: The opinion may be too broad, leaving the door open to different interpretations and exceptions.

Mallory Duncan, senior vice president and general counsel of NRF, characterizes the decision as being “extraordinarily disruptive and another unanticipated consequence of a poorly drafted law.”

Protecting consumers
At the center of this controversy is the Song-Beverly Credit Card Act of 1971, landmark legislation intended to protect consumers by prohibiting retailers from requiring, requesting or recording personal identification information about the credit cardholder that isn’t necessary to complete a credit card transaction. The law did not specifically address ZIP codes, but the unanimous decision in the case of Jessica Pineda vs. Williams-Sonoma Stores Inc., ruled that a ZIP code constitutes personal identification information under California’s privacy laws, and retailers can’t request or require it even for marketing purposes.

Pineda alleged that when a cashier asked for her ZIP code when she was paying by credit card, she thought it was data necessary to complete the transaction. She subsequently learned that the company used her name and ZIP code to locate her home for the purpose of marketing; the suit alleged that the information could be used like a reverse telephone directory to determine a person’s address, telephone number and other information without their permission.

The suit had been rejected by two lower courts, but the state’s highest court rejected the retailer’s assertion that ZIP codes do not constitute personal information, but rather pertain to a group. The decision outlines some exceptions, such as collection of ZIP codes by gas stations and purchases that involve product shipping.

“Under the court’s interpretation, virtually any information that wasn’t volunteered at the time a credit card transaction takes place would be covered” under Song-Beverly, Duncan says. As a result, “It will be hard for California retailers to maintain a number of customer-relationship marketing programs routinely used to improve customer service.

“There’s a lot of information that retailers have to be careful not to collect in a certain way because the law creates traps for the unwary,” he says.

The ruling could be costly to California merchants: Nearly 200 class action suits have been filed in state and federal courts against dozens of major retailers, and state law calls for a maximum of $250 for first violations of Song-Beverly and $1,000 for each subsequent violation. Most of the class action suits are requesting a penalty of $1,000 for each consumer whose ZIP code was requested by retailers in the past 12 months. The ruling will apply retroactively, even though appellate courts previously ruled in favor of retailers.

“California law allows these claims to be aggregated, and potentially there’s millions of dollars residing in a single claim,” Duncan says. “It’s an irrational penalty for a harmless act.”

Duncan couldn’t say if retailers in other states might also be at risk. “To the best of my knowledge, no other states have passed a law quite as screwy as the one in California,” he says, “but there’s no question that creative attorneys will attempt to export the California effect. If retailers are concerned, the best advice would be to talk to counsel.”

According to Duncan, “The only clear protection at this point is to make certain the credit card transaction is over before attempting to collect any information to identify and benefit the customer.”

Protecting retailers

Attempts to limit the scope of the court’s decision have unraveled. In May, California Assemblyman Henry Perea introduced a bill sponsored by the California Retailers Association that would place a limit on the ZIP code collection ban. The bill was approved in an assembly committee before it was pulled.

“We went through two committees but it was obvious to me that the legislature does not understand the issue,” says Bill Dombrowski, president and CEO of the California Retailers Association. “We’re backing up and trying to regroup while we evaluate our options.”

John Powers, a partner in the San Francisco law firm of Drinker Biddle, says the Song-Beverly Act has had several amendments since it became law in 1971, but he is not aware of any pending amendments to specifically include ZIP codes.

“The act is tricky,” he says. “What it actually prohibits is ‘requiring or requesting.’ It could also be valid to collect ZIP codes if it’s not part of the credit card transaction and done in a separate area for people who want to be on the mailing list, but the law doesn’t consider whether retailers are collecting data with the best of intentions. So, you run the risk of a plaintiff’s attorney coming in and saying ‘Gotcha.’”

Approximately 15 other states have similar laws designed to protect consumers in credit card transactions, including New York, New Jersey, Pennsylvania and Massachusetts. “But California is on the leading edge in consumer protection decisions,” Powers says. “Whether this case will fly in other states depends on the statutes and whether they define personal identification information differently.

“I expect retailers to fight hard on this,” he says. “There are some valid reasons for collecting this information, and I hope the courts will see the reasonable business judgment behind it. Also, the interpretation of the Pineda case is pretty broad. So expect to see some appellate courts revisiting the decision.”

Daniel Pascucci, a partner in the litigation practice of San Diego firm Mintz Levin, says the strict liability assessment created by the Pineda decision is an instruction for retailers to stop what they’re doing.

“Compliance is relatively easy for most retailers,” he says, “but there could be unintended consequences. The purpose of the statute is to protect the privacy of individuals, but this goes further than necessary.”

As to the impact on other areas of the business, Pascucci says online sales would probably fall within the law’s exceptions since products have to be mailed.

“Another question is whether the state of California will have jurisdiction over an online sale,” he says. “It’s complex and brings up some granular issues such as where the customer is when they place the order and where a fulfillment center or server is located. If any are in California, retailers will have to take a hard look at jurisdictional questions.