Class Actions Focus On Retailers, Again
Richard J. Rosensweig

The latest class action development from California is that plaintiff attorneys looking for a new litigation vehicle have discovered the state’s Song-Beverly Credit Card Act, which allows consumers to sue retailers who request personal information (i.e., address and telephone number) in connection with a retail credit card sale. The statute does not require consumers to demonstrate that they suffered any loss. Even where they have provided the personal information voluntarily, the law allows consumers to recover a civil penalty for breach of the statute of up to $250 for the first violation and up to $1,000 for each subsequent violation.

For retailers who may do hundreds of thousands of individual credit card transactions in California every year, the potential exposure is enormous. Moreover, the Song-Beverly Credit Card Act is not just another example of California passing a peculiar law. Similar laws exist in the District of Columbia and at least 23 other states, including Delaware, Maryland, Massachusetts, New York, Nevada and Rhode Island, although other states do not generally prohibit a request for voluntary disclosure.

Moreover, California and Massachusetts, and a number of other states, including Florida, Georgia and Illinois, have similar laws prohibiting recording credit card information in to accept payment by check. However, in many states with such laws, retailers are generally entitled to record a consumer’s name, address and license number in connection with a check purchase. Some laws contain a further carve out to allow recording of a credit card number and expiration date in lieu of requiring a cash deposit to secure payment.

If there is money to be made in other states, the class action industry will not overlook the opportunity; and the California experience shows that there is indeed money to be made. Specifically, at least a half-dozen class actions have been settled recently in California, with plaintiff legal fees (paid by defendants) in the six- or seven-figure range. Class Members have received cash, coupons or gift cards toward future purchases. One California case is scheduled for trial in 2007.

The laws that resemble California’s the most are in New York and Massachusetts. Massachusetts General Laws Chapter 93, Section 105 mandates that no one accepting a credit card for a transaction “shall write, cause to be written or require that a credit card holder write personal identification information, not required by the credit card issuer, on the credit card transaction form.” Prohibited personal information includes, at the very least, address and telephone number, which most credit card companies do not require when a consumer uses a credit card. NY CLS Gen Bus. Section 520-a also prohibits requiring or recording personal information to accept payment by credit card. The New York law further requires that credit card forms be carbonless or do not render a piece of paper that readily identifies the cardholder’s name and card number.

Massachusetts and New York, like most other states, allow for exceptions where a retailer requests personal information where it is necessary to ship, deliver or install purchased merchandise, or provide service or sell an extended warranty, as long as such information is provided voluntarily by a credit card holder.

As in California, and numerous other states, many state laws provide for monetary penalties against retailers who improperly obtain personal information, where as other states such as Delaware, declare offenses to be misdemeanors. New York has the same maximum $250 first offense and maximum $1,000 for each subsequent offense penalty scheme. Any violation of the Massachusetts credit and check privacy law is considered to be a violation of Massachusetts’ Unfair and Deceptive Trade Practices legislation, commonly known as “Chapter 93A,” which — in contrast to New York and California where there is no minimum penalty — provides for a minimum damage award of $25 for each violation, regardless of whether any loss is proved by the consumer, but damage awards can go higher. Indeed, Chapter 93A contemplates doubling or tripling awards as a punitive measure. Even at the minimum award of $25 per violation, retailers accepting hundreds of thousands of credit card transactions each year in Massachusetts could face substantial exposure in a class action, which could encompass all consumers paying by credit card over a 4-year period. Moreover, a retailer could face simultaneous or serial lawsuits in other states with similar laws, such as California and New York.

The state privacy laws discussed here are merely examples of a number of federal and state laws throughout the country that provide for small damage awards or penalties on an individual consumer basis, where a retailer’s exposure can mushroom into tens of millions of dollars in a class action scenario. Another example that comes to mind is the Federal law prohibiting unsolicited faxes from being sent to parties with whom the fax sender has no prior relationship, which have resulted in dozens, if not hundreds, of class actions around the country. Like the awards provided for in state privacy laws, the Federal anti-fax statute provides for a modest award to each recipient of an unsolicited fax. Given the potential exposure for companies with retail operations in California, New York and Massachusetts, a company’s careful review of its policies and practices relating to the collection of customer information to ensure compliance with applicable law is now more necessary than ever.

Richard J. Rosensweig is a director in the litigation group at the Boston-based law firm Goulston & Storrs.


©2007 France Publications, Inc. Duplication or reproduction of this article not permitted without authorization from France Publications, Inc. For information on reprints of this article contact Barbara Sherer at (630) 554-6054.