Privacy & Information Security Law Blog

As reported in BNA’s Privacy & Security Law Report, on December 14, 2012, a federal district court in California ruled that a retail store’s policy of collecting personal information only after providing customers with receipts does not violate the Song-Beverly Credit Card Act (“Song-Beverly”). Under Section 1747.08(a)(2) of Song-Beverly, a retailer that accepts credit cards for the transaction of business may not “[r]equest, or require as a condition to accepting the credit card as payment … the cardholder to provide personal identification information,” which the entity accepting the credit card then “writes, causes to be written, or otherwise records upon the credit card transaction form or otherwise.”

In Davis v. Devanlay Retail Group Inc., the plaintiff alleged that defendant Devanlay Retail Group, Inc. (“Devanlay”) violated Song-Beverly by requesting and recording the personal identification information of its retail store customers who paid with credit cards. Devanlay argued that its policy for collecting customers’ ZIP codes complies with Song-Beverly because the policy permits its cashiers to capture customer information only after the transaction has been processed, which occurs once the customer has received his or her receipt.

In its ruling, the court noted that Song-Beverly does not set forth a blanket prohibition on stores’ collection of customers’ personal information. Rather, the court stated that stores have options for legally obtaining customers’ personal information, such as delaying the request “until the customer tenders payment.” Citing to the 2003 Florez v. Linens ’N Things, Inc. decision, the court reasoned that the permissibility of a retailer’s request for a customer’s personal information turns on “whether a consumer would perceive the store’s ‘request’ for information as a ‘condition’ of the use of a credit card.” The court stated that the issue is not whether the transaction has “reached an official end,” but whether, under the retailer’s policy, “a customer would reasonably believe that providing the zip code is necessary to complete the transaction.” The court found that the plaintiff’s personal belief was irrelevant and that the retailer’s policy must be evaluated under an objective standard. The court also held that, even if the cashier requested the plaintiff’s ZIP code before providing her a receipt, the defendant could avail itself of Song-Beverly’s “Safe Harbor” provision because the violation would have been an unintentional error that violated the retailer’s policy.

Read our previous posts on Song-Beverly rulings.