Retail Franchisors Beware: New Consumer Protection Developments in California
Franchisors of retail stores should become familiar with federal consumer protection laws and the consumer protection laws of each state in which the franchisor has retail operations. Recently, when discussing this issue with Kenneth A. Goss, Esq., Senior Counsel for a leading franchisor of retail businesses, Mr. Goss mentioned a development in California’s law. The following is Mr. Goss' guest post on this important topic:
California’s highest court recently expanded the Song-Beverly Credit Card Act of 1971 (the “Act”) to prohibit brick and mortar outlets in California from asking customers for zip codes in connection with credit card transactions. Franchisors with units in California should be aware of this expanded application of the Act and consider whether any changes are needed to system standards to keep franchisees in California operating within the bounds of the law.
By way of background, the Act (codified at Cal.Civ.Code § 1747 et seq.) prohibits retailers from asking customers who pay by credit card for personal identification information. The Act defines the term “personal identification information” to mean information concerning the cardholder that is not set forth on the credit card, including the cardholder's address and telephone number. According to the Act, a retailer could violate the law, for example, simply by asking a customer for his or her address at the point of sale. A retailer could also violate the Act by having space for a customer to provide personal identification information on a credit card transaction form. In any case, a violation of the Act could cost a retailer up to $1,000 in penalties per transaction plus other liabilities.
On February 10, 2011, the California Supreme Court ruled that a zip code alone can constitute personal identification information within the meaning of the Act in the case of Pineda v. Williams-Sonoma Stores, Inc. (2011 WL 44692), which overturned an earlier Court of Appeal decision. The issue in Pineda arose when a cashier at a Williams-Sonoma store asked the customer/plaintiff, Jessica Pineda, for her zip code at the time Ms. Pineda was making a purchase with her credit card. Williams-Sonoma recorded Ms. Pineda’s credit card number, her name and zip code in a database and subsequently used that information to determine Ms. Pineda’s address. Williams-Sonoma obtained Ms. Pineda’s address for the purpose of marketing products to Ms. Pineda and possibly also selling her information to other businesses. The California Supreme Court held that the act of asking for and recording Ms. Pineda’s zip code violated the Act because “the word ‘address’ in the [Act] should be construed as encompassing not only a complete address, but also its components.” The Court’s reasoning included that the legislature intended for the Act “to provide robust consumer protections by prohibiting retailers from soliciting and recording information about the cardholder that is unnecessary to the credit card transaction.” In light of the Pineda decision, franchise systems should be wary of their California units collecting information in connection with a credit card transaction.
The good news for retailers is that there continues to be important exceptions to the application of the Act. For example, the Act provides for exceptions in certain circumstances to (a) the collection of information for purposes incidental to the credit card transaction, such as when the retailer asks for an address to fulfill a delivery obligation; (b) the collection of personal identification information in connection with a credit card transaction if the retailer is contractually obligated to the card issuer to provide personal identification information in order to complete the credit card transaction; and (c) a retailer requiring a customer to provide reasonable forms of positive identification, provided that no information on the identification is written or recorded. Moreover, the Act has been held by a federal court not to apply to a consumer's credit card transaction in connection with purchases online because of the unique fraud concerns associated with online transactions. (See Saulic v. Symantec Corp., 596 F.Supp.2d 1323 (2009)). These exceptions simply mean that a franchisor should pay close attention to the practices of its California units because not all instances of a retailer asking for information is a violation of the Act.
Franchisors and their counsel should consider the expanded application of the Act as part of the franchisor’s analysis of consumer protection requirements in connection with developing uniform system standards to keep franchisees operating within the bounds of the law.
