In a ruling that overturns more than three decades of appellate court decisions, the California Supreme Court held last month that merchants who collect the zip codes of customers using credit cards violate consumer protections established in the Song-Beverly Credit Card Act of 1971. Zip codes, the court ruled, constitute “personal identification information” and therefore cannot be requested and recorded by merchants during credit card transactions. This decision, which applies retroactively to past California rulings, sparked a fury of class action law suits in the state and has led to concern about and adjustments in the way many large chain businesses operate.
The list of retailers against whom class action suits have been filed thus far includes Tiffany & Co., The Container Store, Shell, Radio Shack, and Party City Corp. The ruling that brought merchant credit card practices under so much scrutiny, however, involved Williams-Sonoma.
The California high court ruled unanimously in the favor of plaintiff, Jessica Pineda, on Feb. 12, 2011, holding that the luxury home furnishing retailer violated her consumer rights by requesting that she provide her zip code when she paid for a purchase with a credit card. This, the court said, broke section 1747.08 of the California Civil Code—established by the aforementioned 1972 credit card law—which restricts merchants from asking for, recording or requiring that consumers list personal identification information during a transaction involving credit.
Personal identification information, as defined by California law, “means information concerning the cardholder, other than information set forth on the credit card, and including, but not limited to, the cardholder's address and telephone number.” The California Supreme Court ruled that even though the law does not explicitly address zip codes, Williams-Sonoma had broken the law by requesting Pineda’s zip code and subsequently using it to determine her address for marketing purposes.
The ultimate financial impact of this ruling on businesses is a matter of contention among legal experts. Maximum penalties are $250 for a first violation and $1,000 for each subsequent offense. However, as the court noted, these figures are maximums, not mandates, and the exact amount of future penalties could be as high as these amounts or as low as a penny. Therefore, the financial gravity of the California Supreme Court’s decision will likely be evidenced by the decisions made in the class action suits that have sprung from it.
It also remains to be seen whether the events that have transpired in California will have national implications. Retail corporations with operations in California are obviously at risk, no matter where they are based. But will others follow The Golden State’s lead? Since this decision was made in state court and not federal circuit or appellate courts, it has no binding legal precedent anywhere besides California. However, it can be referenced in cases brought in other jurisdictions and, as a result, indirectly influence these decisions.
Overall, the California court ruling has received praise from credit card industry experts.
“The bottom line is that people should feel safe when using their credit cards,” said Odysseas Papadimitriou, Founder and CEO of the credit card comparison website WalletHub.com. “They shouldn’t be led to believe that they must provide personal information in order to complete a credit card transaction. Still, I hope that the California ruling does not render merchants unable to ask customers if they would like to provide contact information in order to receive information about new products and upcoming sales. I have no problem with such a practice, as long as merchants make it clear that providing the information is optional”