In a decision sure to affect the way retailers do business in California, the California Supreme Court has held that asking for and recording a customer’s zip code during a credit card transaction violates California law. Specifically, in Pineda v. Williams-Sonoma Stores, Inc. (Case No. S178241), the Court held that requesting such information violates the section 1747.08 of the Song-Beverly Credit Card Act of 1971 (the “Credit Card Act”), which, among other things, prohibits businesses from requesting and recording “personal identification information” during credit card transactions.

In the Pineda case, the plaintiff alleged that she was asked for her zip code while making a credit card purchase, which she provided, believing it was required to complete the transaction. She further alleged that the store recorded the zip code in its database together with her credit card number and name, and that the retailer used that information to search databases to find her previously undisclosed address.  (Because the trial court dismissed plaintiff’s claims based on the complaint itself, none of these allegations have been proven.)

The plaintiff, who seeks to represent a class of similar customers, asserted claims under the Credit Card Act and for invasion of privacy. The trial court initially dismissed the complaint, concluding in part that a zip code does not constitute “personal identification information.” On appeal, the California Court of Appeal affirmed the trial court’s order. The California Supreme Court then granted review on the Credit Card Act claim (but not the invasion of privacy claim).

The California Supreme Court reviewed the language of the Act, which provides that a business may not “[r]equest, or require as a condition to accepting the credit card as payment in full or in part for goods or services, the cardholder to provide personal identification information, which the [business] writes, causes to be written, or otherwise records upon the credit card transaction form or otherwise.” The Act defines “personal identification information” as “information concerning the cardholder, other than information set forth on the credit card, and including, but not limited to, the cardholder’s address and telephone number.” The Court disagreed with the trial court and Court of Appeal, concluding that zip codes were encompassed in this definition, noting that a zip code (1) is part of an address and (2) is like an address or telephone number in that it is unnecessary for the transaction but can be used for the seller’s business purposes.

The California Supreme Court rejected an argument that zip codes are different than addresses and phone numbers because they are not specific to an individual.  The Court held that the broader reading of the statutory language was consistent with the intent of the Act and its legislative history. The Court also rejected arguments that such a reading of the Act was unconstitutional. The Court then remanded the Pineda case back to the trial court for further proceedings.

The case is bound to spawn additional lawsuits seeking recovery under the Credit Card Act, which provides for fines of up to $250 for the first violation and up to $1000 for each additional violation. Retailers should immediately review their policies regarding collection of zip codes and other information. There are, however, limits to the reach of the Act.  For example, as the California Supreme Court acknowledged, the Act does not prohibit collection of information when a credit card is used for a deposit or a cash advance, when the business is required to collect information under federal law, or when the information is required for a related purpose (such as shipping, delivery, repair or installation).

We will monitor the progress of the Pineda case and similar cases that may crop up.