There’s been a lot of media coverage of a decision reported here yesterday in which the California Supreme Court held that Williams-Sonoma violated a state law when it requested and recorded a customer’s zip code during a credit card transaction in a store.
In a joint press release, Privacy Rights Clearinghouse and Consumer Federation of California write:
Today the California Supreme Court ruled that retail stores are not allowed to request and record a consumer’s zip code as part of a credit card transaction. According to the Privacy Rights Clearinghouse and the Consumer Federation of California, that jointly filed an amicus brief with the Supreme Court on this case, the ruling gives further protection to California consumers and helps prevent unlawful use of personal identification information (PII).
The ruling remanded the class action lawsuit Pineda v. Williams-Sonoma Stores, Inc., no. S178241 back to the trial court for further proceedings, which began in 2008 when Jessica Pineda paid Williams-Sonoma using a credit card. As part of the transaction process, the housewares retailer requested Pineda’s zip code. Unbeknownst to Pineda, Williams-Sonoma used a process called “reverse appending” to find out her mailing address. The retail giant then sent Pineda catalogs and used the information it had collected for other business purposes.
Reverse appending is an industry practice that looks up a person’s name, mailing address, phone number and other personal information using very limited data, such as a zip code or email address. Reverse appending is done without the consumer’s knowledge or permission.
Pineda’s attorney, Gene Stonebarger, argued that Williams-Sonoma’s deceptive actions violated the Song-Beverly Credit Card Act of 1971 (Civ. Code, § 1747.08), which was designed to protect consumer privacy by placing limits on what PII retailers are allowed to request or record when dealing with credit card transactions. The Supreme Court agreed.
“The ruling is significant because it confirms that the definition of PII includes part of a person’s address; the zip code,” states Beth Givens, founder of Privacy Rights Clearinghouse, a consumer education and advocacy group. “In ruling in favor of the plaintiff, the Justices acknowledge advances in technology, in which the use of databases can turn a name plus a zip code into a full address.”
“This is an important victory for consumer privacy and common sense,” said Richard Holober, Executive Director of the Consumer Federation of California. “Retailers don’t have the right to gather personal information from credit card users for marketing purposes. This has been California law for years and the Supreme Court has reaffirmed it.”
The ruling reversed both the trial court and the Court of Appeals. The Supreme Court is allowing the decision to be applied retroactively to past consumer transactions. Each violation carries a civil penalty of up to $1,000. A PDF of the ruling can be found at http://www.courtinfo.ca.gov/opinions/documents/S178241.PDF.