Good News for California Retailers: California Courts Ease Compliance With The Song-Beverly Credit Card Act
To download a PDF of this Alert, click here.
The Song-Beverly Credit Card Act (California Civil Code § 1747 et seq.) (the “Act”) was enacted to protect consumer privacy rights by restricting the type of information which retailers can request from consumers in connection with credit card transactions. At the same time, the Act also makes it difficult for retailers to collect information from their customers that could help them provide services and goods on a competitive basis. A recent Court of Appeal case has interpreted the Act to clarify certain types of information that retailers are allowed to collect.
The Act provides in part that retailers shall NOT do any of the following:
(1) Request, or require as a condition to accepting the credit card as payment in full or in part for goods or services, the cardholder to write any personal identification information upon the credit card transaction form or otherwise.
(2) Request, or require as a condition to accepting the credit card as payment in full or in part for goods or services, the cardholder to provide personal identification information, which the person, firm, partnership, association, or corporation accepting the credit card writes, causes to be written, or otherwise records upon the credit card transaction form or otherwise.
(3) Utilize, in any credit card transaction, a credit card form which contains preprinted spaces specifically designated for filling in any personal identification information of the cardholder. See Cal. Civ. Code § 1747.08(a).
Under the Act, “personal identification information” is “information concerning the cardholder, other than information set forth on the credit card, and including, but not limited to, the cardholder’s address and telephone number.” Id. at § 1747.08(b).
The Act’s prohibition makes it difficult for a retailer to include customers in mailing lists, since the most natural time to get information from a customer is at the time of sale. Some parties have suggested that the Act prohibits a retailer from collecting general, non-specified information.
PENALTIES FOR VIOLATION
The penalties for violating the Act can be significant, and can include a civil penalty not to exceed two hundred fifty dollars ($250) for the first violation and one thousand dollars ($1,000) for each subsequent violation. The fines can be assessed and collected in a civil action, by the Attorney General, or by the district attorney or city attorney of the county or city in which the violation occurred. The result has a been a steady rise in the number of class action lawsuits brought against retailers.
RETAILERS CAN SAFELY REQUEST CONSUMERS’ ZIP CODES
On December 19, 2008, in Party City Corp. v. The Superior Court of San Diego County, the California Court of Appeal held that zip codes did not fall within the definition of “personal identification information.”
In Party City, the plaintiff claimed that Party City’s request for a zip code in conjunction with a credit card purchase violated the Act. The trial court agreed, but the Court of Appeal overturned the trial court’s decision and concluded that summary judgment should have been entered for Party City. The Court of Appeal found that zip codes are not personal identification information based on the language of the Act and the fact that zip codes are not intended to be individual identification criteria. Because tens of thousands of people have the same zip code, zip codes are intended to be used to provide identification of a relatively large group.
Based on this ruling, retailers can request zip code information prior to a credit card transaction provided that this is not requested in connection with other personal information (i.e., name, phone number, address, etc.) and the customer is not required to give this information in order to consummate the transaction.
THE ACT DOES NOT APPLY TO A REFUND FOR THE RETURN OF MERCHANDISE
Another important exception to the Act is that it does not apply to a refund for the return of merchandise purchased by credit card. See Absher v. Autozone, Inc. et al. (2008). In Absher, the California Court of Appeal reasoned that the term “credit card transaction” only applied to purchase transactions and did not apply to return transactions.
The court found that personal information may be necessary to verify that a return transaction was legitimate, in case the retailer needs to contact the customer following the return, and to prevent cases of employee fraud. Importantly, the Absher ruling allows retailers to protect against possible abuses in connection with merchandise returns.
Retailers can also collect personal information, as long as it clearly is not requested or required as part of a credit transaction. This can require careful planning and training of sales associates to ensure that appropriate standards are established and implemented.
WHAT RETAILERS SHOULD DO NOW
JMBM represents many retailers, and we strongly recommend that our clients implement written policies and procedures that comply with the aforementioned requirements of the Act. We would be happy to assist you if you require additional information on these recent developments, the Act, or preparing policies and procedures.