Privacy & Information Security Law Blog

A California state Court of Appeal has ruled that a California law barring merchants from collecting “personal identification information” in connection with certain credit card transactions does not prohibit the collection of a five-digit ZIP Code alone. Party City Corp. v. Superior Court of San Diego County, No. D053530, 2008 WL 5264023 (Cal. Ct. App. Dec. 19, 2008).

Plaintiff Rebecca Palmer (the real party in interest) brought a prospective class action against defendant Party City Corp. (“Party City”), seeking damages under the Song-Beverly Credit Card Act of 1971, Cal. Civil Code Sec. 1747 et seq., after a Party City cashier allegedly asked for and recorded her five-digit ZIP Code before completing her credit card transaction. Under Sec. 1747.08(a)(2), a retailer that accepts credit cards for the transaction of business may not “request, or require as a condition to accepting the credit card as payment …, the cardholder to provide personal identification information,” which the retailer accepting the credit card then “writes, causes to be written, or otherwise records upon the credit card transaction form or otherwise.”

The court focused on the term “personal identification information,” which Sec. 1747.08(b) defines only as “information concerning the cardholder, other than information set forth on the credit card, and including, but not limited to, the cardholder’s address and telephone number.” The question was whether a five-digit ZIP Code alone constituted “personal identification information.”  The plaintiff argued that it did, reasoning that precluding retailers from requesting ZIP Codes is consistent with the legislative intent to protect the personal privacy of consumers and reduce the risk of identity theft.  Party City disagreed, arguing that (1) a ZIP Code is not  specific or personal information about an individual but instead a group identifier, (2) the statutory definition is insufficient to put retailers on notice that a ZIP Code is personal identification information and (3) it needed the ZIP Codes for marketing purposes.

The court ruled in favor of Party City, noting that because the statute imposes civil penalties that are mandatory in nature, it must be construed in the most limited way that will protect its remedial purpose.