[caption id="attachment_32448" align="alignright" width="281" caption="Katherine Philippakis and Brett Greenberg"][/caption]
Retailers throughout the state, including wineries, are rethinking their point of sale protocols after the California Supreme Court’s decision this past February in Pineda v. Williams-Sonoma Stores, Inc. that ZIP codes constitute personal identification information for purposes of the Song-Beverly Credit Card Act.
Since 1971, the Song-Beverly Credit Card Act has prohibited retailers from
requiring consumers to provide personal identification information as a condition to completing a credit card transaction and
then recording that information.
Due to concern that consumers would perceive any request for personal identification as being a condition to credit card use, the Legislature passed an amendment in 1991 extending the prohibition to those situations where retailers request and record personal identification information during a credit card transaction. Courts have interpreted the amendment as prohibiting any request for personal identification information immediately prior to a credit card transaction. The statutory prohibitions have the broad remedial purpose of safeguarding consumer privacy by preventing retailers from exploiting the credit card process to use consumer information without permission.
Notwithstanding these prohibitions, a common practice developed among retailers whereby cashiers would request customers’ ZIP codes at the time of payment. Motivations for this practice were varied. Some retailers would input the customer’s name and ZIP code into a reverse search database to obtain a full address, and then use the address for its own marketing lists or sell the information to third parties, allowing retailers to do the very thing the Song-Beverly Credit Card Act was designed to prevent. Others had more innocuous purposes, such as gathering generalized information about the location of their customers in order to determine where to open new stores. Regardless of the motivation, retailers assumed that the collection of ZIP codes was not prohibited on the theory that a ZIP code itself is not personal identification information under the statutory definition. A 2008 appellate court decision, Party City Corp. v. Superior Court, endorsed such a theory.
On Feb. 10, 2011, however, the California Supreme Court in William-Sonoma Stores effectively put an end to the collection of customer ZIP codes by retailers during credit card transactions. Reversing the decision of the appellate court and disapproving of Party City, the Court held that a ZIP code, even though not expressly enumerated in the statutory definition, is personal identification information, and that simply requesting and recording a cardholder’s ZIP code during a credit card transaction may constitute a violation of the Song-Beverly Credit Card Act. While the Court primarily relied on technical statutory interpretation arguments in reaching its decision, the fact that Williams-Sonoma Stores Inc. conducted reverse searches to obtain other personal identification information for marketing and sales purposes was not lost on the Court.
Nevertheless, the Court declined to distinguish between legitimate and illegitimate collection of ZIP codes. The Gap Inc. had filed an amicus brief with the Court justifying its temporary collection of ZIP codes as a tool for determining where to open new stores. The ZIP codes were apparently not used to obtain other personal identification information, and their collection seemed to pose little threat to consumer privacy. By defining ZIP codes themselves as personal identification information, however, the court appeared to draw adopt a bright line rule rather than introducing the elements of retailer’s intent and end use of the ZIP code into the analysis.