The United States District Court for the Central District of California in two recent cases has limited the applicability of the credit card data collection provisions of California’s Song-Beverly Act (the Act) to “brick and mortar” transactions. In orders dismissing with prejudice Mehrens v. Redbox Automated Retail LLC and Salmonson v. Microsoft Corporation et al., the court ruled that the collection of ZIP codes with credit card transactions at selfservice unattended kiosks and on-line Internet transactions did not fall within Section 1747.08 of the Act which prohibits collection of certain “personal identification information” from credit cardholders.
In reaching this conclusion, the court interpreted the Act’s prohibition against collection of “personal identification information,” including ZIP codes, as limited only to situations involving “pen and paper transactions” requiring the “cardholder to write personal identification information on the credit card form, requiring the cardholder to provide personal identification information that merchants then write on the credit card form and utilizing forms with preprinted spaces for personal identification information.” (Emphasis in original.) In Redbox, the court dismissed plaintiff's claim that the collection of ZIP codes for credit card transactions at Redbox's self-service DVD rental and purchase kiosks violated the Act. Similarly, the same judge in the separate Microsoft case dismissed a claim that Microsoft's collection of ZIP codes for a credit card purchase of downloaded software violated the Act...
Please see full publication below for more information.