Déjà Vu All Over Again: California Federal Court Finally Tells Merchants When They Can Ask Consumers for Personal Infomation - But Will the California Supreme Court Agree?


A federal judge in the U.S. District Court for the Eastern District of California issued an opinion Dec. 17, 2012, that seems to answer definitively a question that has weighed on the minds of California merchants for the past several years: When - if ever - can a retailer ask customers for personal information, enabling future communications and marketing to customers after they leave the store?

U.S. District Court Judge Kimberly J. Mueller ruled in Tammie Davis v. Devanlay Retail Group, Inc., that merchants may ask for customers' personal information, but only after customers have received a receipt, objectively signaling the conclusion of the transaction. The judge ordered the dismissal of a class action filed against Devanlay Retail Group, Inc., operator of Lacoste® brand clothing stores, in the Sacramento federal court.

The question of when and how merchants could collect consumer information became important when a February 2011 ruling by the California Supreme Court in effect threw open courthouse doors around the state, inviting a stampede of class actions premised on alleged violations of the Song-Beverly Credit Card Act (Section 1747.08 of the California Civil Code). In Pineda v. Williams-Sonoma, Inc., the California Supreme Court held that, despite a prior lower court ruling to the contrary, merchant requests for consumers' zip codes in connection with retail credit card transactions violated the Act. The court held that zip codes should be included in the Act's definition of "personal information," in part due to evidence that they could be used to "reverse engineer" the identities and locations of consumers.

The court's ruling in Pineda unleashed a torrent of class actions against both brick-and-mortar and online merchants in California state and federal courts, asserting that the merchants had improperly requested consumer information in connection with credit card transactions in violation of the Act and seeking statutory damages of up to $1,000 for repeat violations.

After meticulously tracing the statutory and judicial history of the Song-Beverly Act, Judge Mueller concluded that the merchant's clear and well-documented policy directing its clerks to wait until after they hand customers a cash register receipt before requesting their personal information complied with the Act's requirements. The judge wrote:


  [T]he crucial issue ... is not whether the transaction has reached an official end when the cashier requests personal information from the customer; it is whether under Devanlay's policy a customer would reasonably believe that providing the zip code is necessary to complete the transaction. ... Viewed objectively, Devanlay's policy of waiting until the customer has her receipt in hand conveys that the transaction has concluded and that providing a zip code is not necessary to complete the transaction.

The court also indicated that even if a particular clerk had failed to comply with the merchant's policy and asked for the customer's information before the receipt had been produced (as plaintiff claimed occurred in this case), the company's written procedures would be sufficient to comply with the "safe harbor" provisions of the Song-Beverly Act, protecting the merchant from liability.

The takeaways for retail merchants that wish to collect personal information from customers in connection with face-to-face credit card transactions include:

First, they should develop written policies and procedures that, at a minimum, require salespeople to delay making any requests for personal information until after the customer's transaction is completed, as evidenced by the delivery of a receipt to the customer. A better policy would be to require salespeople to inform customers that providing such information is completely voluntary (as did Devanlay's policy) and instruct them to wait until both the merchandise and receipt have been provided to the customer before requesting the information.

Second, retailers should institute training materials and programs, and document the completion of those programs, to ensure that employees are familiar with the procedures for collecting consumer information and understand that they must follow these procedures. These materials and training records will be invaluable in demonstrating the company's compliance with the Act and its "safe harbor" provisions.

Finally, merchants should not yet breathe too easily. As the California Supreme Court showed in Pineda, it will not hesitate to take positions on Song-Beverly that are inconsistent with those taken by other reviewing courts. Until the state's highest court actually addresses this issue, merchants cannot be 100 percent certain that their information collection methods are consistent with the Act's requirements. In the words of the late, great Yogi Berra, "It ain't over 'til it's over."

For more information about the content of this alert, please contact Michael Mallow or Michael Thurman.

Circular 230 Disclosure: To assure compliance with Treasury Department rules governing tax practice, we inform you that any advice (including in any attachment) (1) was not written and is not intended to be used, and cannot be used, for the purpose of avoiding any federal tax penalty that may be imposed on the taxpayer, and (2) may not be used in connection with promoting, marketing or recommending to another person any transaction or matter addressed herein.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Loeb & Loeb LLP | Attorney Advertising

Written by:


Loeb & Loeb LLP on:

JD Supra Readers' Choice 2016 Awards
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.