(800) 594-4480

Keep it Legal Blog

Unzipping California’s Zip Code Restriction

When Can California Businesses Request a Customer’s Zip Code?

In February, the California Supreme Court held that businesses are no longer allowed to request zip codes from customers. In  Pineda v. Williams-Sonoma, Inc., the court held that a zip code is “personal identification information” under the 1971 Song Beverly Credit Card Act (California Civil Code § 1747.08). Under the Act, a business may not request or require the cardholder to give any personal identification information during a credit card transaction. The Act includes addresses and phone numbers under personal identification information, and the California Supreme Court held that zip codes were covered under “addresses” within the Act. The Court stated that the word “address” did not necessarily mean the entire mailing address; components of the address were considered “personal identification information” as well.

What were the customers’ concerns, and what’s the current state of the law in California?

The Legal Background

Businesses such as Williams-Sonoma were asking for customers’ zip codes when they made credit card purchases at the cash register. Most customers, believing it was necessary in order to complete the transaction, gave their zip code. These businesses were storing the zip codes, along with the customers’ names, into a database, where the company would use software to match the customers’ names and zip codes with the customers’ undisclosed address. Businesses would use these addresses in order to determine where their customers live, create mailing and telephone lists to market their products, and sometimes sell the information to other businesses.

The California Supreme Court’s decision has opened a floodgate of lawsuits against businesses that have asked for zip codes, including reopening cases that had been originally decided in the business’s favor. These companies include Target, Michael’s, Lamps Plus Inc., and Best Buy, to name a few.

Despite the California’s Supreme Court ruling, it is anticipated that businesses will still try to find new and creative ways to collect zip codes. Richard Lambert, an attorney who represented the plaintiff, Ms. Pineda, said in an interview that some businesses ask for the zip code after the credit card has been swiped and the payment has been made; other businesses put up signs or tell the customer that the zip code is not necessary to complete the transaction, in hopes that the customer will give the information up voluntarily. These maneuvers have not been litigated yet; however, the questions for the courts will include whether, when, and how each individual zip code request is part of the “credit card transaction.” Plaintiff’s attorneys want a broad definition of the word “transaction,” which would begin from the time the customer steps up to the counter to make the purchase to the time they step away. Businesses, naturally, would prefer a narrower definition. However, based on the California Supreme Court’s decision to “liberally construe remedial statutes in favor of” the purpose of the law, which is to protect against misuse of personal identification information for marketing purposes, it is likely courts will favor a more broad interpretation of the word “transaction” in the future.

What Can Businesses Do to Be In Compliance with the Law?

Essentially, businesses and merchants are no longer allowed to ask for a zip code during any credit card transaction, but there are several exceptions:

  • Security purposes are the most frequent exception. Many gas stations are being sued under the new rule; however, because gas stations A) ask for zip codes in order to prevent credit card fraud and identity theft, and B) gas stations do not record transaction information, it is unlikely those bringing the lawsuits will prevail.
  • Saulic v. Symantec Corp., a case decided in 2009, allows all online credit card transactions to request zip codes because it is presumed that the company is asking for the zip code of identity theft and credit card fraud. Because of the security exception, this is still presumed to be good law.
  • If the zip code is necessary for something incidental to the transaction, asking for the zip code is acceptable. Needing the zip code for shipping a purchased item is the prime example here.
  • If a federal law or regulation requires collecting the zip code, the federal law will trump the State’s ruling on allowing the company to ask for the zip code.
  • In May, the 2nd District Court of Appeals in California determined that under Archer v. United Rentals, Inc., credit cards issued for business purposes are not protected under the Song Beverly Credit Card Act privacy protection provisions. This suggests that if a credit card that is issued for business purposes is used in a transaction, the seller can then ask for the zip code.
  • Finally, the law does not apply to businesses requesting a zip code when the transaction is done with cash, debit cards, or gift cards.

In summary, a law that was created for a reasonable purpose – making it so that consumers don’t have to provide their home address information every time they buy something with a credit card – has brought forth a complicated variety of exceptions and conditions. Hopefully the State will find a way to help meet consumers’ legitimate security needs, without putting undue burdens on businesses.

Want to receive all the latest updates? Contact me today

Click Here

Receive updates from the Keep it Legal blog

I’m glad you enjoy the blog, and I’d love to keep you updated with all the latest legal tips and business law strategy news.

Enter your name and email below, and we’ll be in touch!

« Copyright Challenges: Software as a Work for Hire? A Case of Rum »