Retailers Beware: Common Credit Card and Marketing Data Collection Practices Could Violate Law

more+
less-

Already home to one of the toughest data protection laws in the country, Massachusetts now joins California in having expansive protections for data exchanged during a credit card transaction.

On March 11, 2013, in Tyler v. Michaels Stores Inc., No. SJC-11145, (Mass. Mar. 11, 2013), Massachusetts' highest court held that a retailer can violate credit card data and consumer protection statutes if:

• a consumer pays in-store with a credit card; and
• that consumer's zip code is recorded at the point of sale.

Crucially, the violation can be triggered:
• even if no actual fraud was perpetrated; and
• even if no subsequent data theft occurs.

When courts in California reached a similar conclusion in the now infamous Pineda case (Pineda v. Williams-Sonoma Stores, Inc. (2011) 120 Cal.Rptr.3d 531, 246 P.3d 612), more than 150 class action lawsuits ensued.

Retailers in Massachusetts need to promptly review, therefore, not only their in-store point-of-sale practices but their online sales and marketing activities as well. A critical first step is development of careful, auditable means to distinguish between use of consumer data collected online and data separately collected from the same consumer in-store. Otherwise, a lawful online campaign conducted with full disclosure under a compliant privacy policy may, if point-of-sale data is also collected, be sufficient to sustain a cause of action by an entire class of plaintiffs, at least through the costly summary judgment phase.

Our initial recommendations are that retailers:
• review in-store and online data collection practices and modify as necessary to mitigate the risks raised by Tyler;
• establish a process to track consumer complaints related to marketing campaigns; and
• put a process in place to respond timely to such complaints and thereby leverage the available safe harbors.

Please do not hesitate to contact Rich Green rgreen@mccarter.com 860.275.6757 with questions regarding this new ruling.

Topics:  Credit Cards, Data Collection, Marketing, Retailers, ZIP Codes

Published In: Communications & Media Updates, Consumer Protection Updates, Finance & Banking Updates, Privacy Updates, Science, Computers & Technology Updates

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© McCarter & English, LLP | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »