[caption id="attachment_32448" align="alignright" width="281" caption="Katherine Philippakis and Brett Greenberg"][/caption]
Retailers throughout the state, including wineries, are rethinking their point of sale protocols after the California Supreme Court’s decision this past February in Pineda v. Williams-Sonoma Stores, Inc. that ZIP codes constitute personal identification information for purposes of the Song-Beverly Credit Card Act.
Since 1971, the Song-Beverly Credit Card Act has prohibited retailers from
requiring consumers to provide personal identification information as a condition to completing a credit card transaction and
then recording that information.
Due to concern that consumers would perceive any request for personal identification as being a condition to credit card use, the Legislature passed an amendment in 1991 extending the prohibition to those situations where retailers request and record personal identification information during a credit card transaction. Courts have interpreted the amendment as prohibiting any request for personal identification information immediately prior to a credit card transaction. The statutory prohibitions have the broad remedial purpose of safeguarding consumer privacy by preventing retailers from exploiting the credit card process to use consumer information without permission.
Notwithstanding these prohibitions, a common practice developed among retailers whereby cashiers would request customers’ ZIP codes at the time of payment. Motivations for this practice were varied. Some retailers would input the customer’s name and ZIP code into a reverse search database to obtain a full address, and then use the address for its own marketing lists or sell the information to third parties, allowing retailers to do the very thing the Song-Beverly Credit Card Act was designed to prevent. Others had more innocuous purposes, such as gathering generalized information about the location of their customers in order to determine where to open new stores. Regardless of the motivation, retailers assumed that the collection of ZIP codes was not prohibited on the theory that a ZIP code itself is not personal identification information under the statutory definition. A 2008 appellate court decision, Party City Corp. v. Superior Court, endorsed such a theory.
On Feb. 10, 2011, however, the California Supreme Court in William-Sonoma Stores effectively put an end to the collection of customer ZIP codes by retailers during credit card transactions. Reversing the decision of the appellate court and disapproving of Party City, the Court held that a ZIP code, even though not expressly enumerated in the statutory definition, is personal identification information, and that simply requesting and recording a cardholder’s ZIP code during a credit card transaction may constitute a violation of the Song-Beverly Credit Card Act. While the Court primarily relied on technical statutory interpretation arguments in reaching its decision, the fact that Williams-Sonoma Stores Inc. conducted reverse searches to obtain other personal identification information for marketing and sales purposes was not lost on the Court.
Nevertheless, the Court declined to distinguish between legitimate and illegitimate collection of ZIP codes. The Gap Inc. had filed an amicus brief with the Court justifying its temporary collection of ZIP codes as a tool for determining where to open new stores. The ZIP codes were apparently not used to obtain other personal identification information, and their collection seemed to pose little threat to consumer privacy. By defining ZIP codes themselves as personal identification information, however, the court appeared to draw adopt a bright line rule rather than introducing the elements of retailer’s intent and end use of the ZIP code into the analysis.
In the wake of Williams-Sonoma Stores, retailers are scrambling to assess their exposure for past practices and refine their current practices to limit exposure in the future. The decision applies retrospectively, meaning that retailers may face civil penalties of up to a $250 maximum for the first violation and a $1,000 for each subsequent violation even if the violations occurred prior to Feb. 10. Williams-Stores Stores Inc. and other retailers had argued, to no avail, that the penalties resulting from retrospective application could result in the confiscation of entire businesses, especially given the transaction volume of some large retailers and the pooling of plaintiffs in large class action suits.
The issue of damages, however, remains very much unsettled, as it was remanded to the trial court, where its determination rests within the trial court’s sound discretion. The Williams-Sonoma Stores Court practically invited the trial court to award nominal damages by stating that the award could “span between a penny (and even the proverbial peppercorn . . . ) and the maximum amounts authorized by statutes.” Until there is more guidance on the issue of damages, retailers may take some comfort from the one-year statute of limitations, as it will narrow the period for which damages would accrue in large class actions. Depending on the circumstances, certain retailers also may consider asserting the bona fide error defense provided in the Song-Beverly Credit Card Act, although it should be noted that errors of law alone typically do not support a bona fide error defense.