Our May 31, 2010 BNA Privacy & Security Law Report article, “Scrutiny on Payment Card Data Pass: Raising the Profile of Personal Information Sharing Among Marketers,” summarized then-recent legislation introduced in Congress regarding an online marketing practice commonly known as “payment card data pass.” As described more fully in the Scrutiny article, payment card data pass occurs when a consumer’s credit or debit card information is passed on to a third-party merchant following a sale. Frequently, the third-party merchant uses the billing information to enroll the consumer in various negative option subscription programs, wherein the consumer’s silence, or failure to take action to cancel the agreement, is interpreted by the seller as the consumer’s ongoing acceptance to continue to receive and pay for the goods or services offered by the third party merchant. In many instances, consumers, regulators, and plaintiffs in class action suits have alleged that consumers are unaware that their billing information has been passed to the third party and that they have been enrolled in a negative option program.

Over the past year, Congress, state and federal regulators, and the private bar, have taken steps to ensure that rigorous consumer protections are in place when data pass offers are made. These protections affect not only the companies who receive the financial information from other companies, but also the merchants who are sharing the information with third parties. This article provides an update on several of the developments that have occurred since the publication of the Scrutiny article and discusses practical considerations for businesses engaged in online marketing in light of these recent developments.

‘Payment Card Data Pass’ Rules Gain Some Teeth: An Update on the Legal Landscape