On a related note, the California Court of Appeals, Fourth Appellate Division, recently issued a decision in Carson v. Michaels Stores, Inc., which addressed several issues under the Act. See id. at No. 37-2008-00089773-CU-BT-CTL, 2010 WL 2862077 (Cal. App. Ct. July 22, 2010). Carson filed a complaint against Michaels Stores, Inc., alleging violations of the Act and her constitutional right to privacy by requesting and recording her zip code, and then using her zip code to obtain her address from a public database. First, the court, following Pineda v. Williams-Sonoma Stores, Inc., 100 Cal.Rptr.3d 458 (Cal. App. Ct. 2009), affirmed the trial court’s holding that zip codes are not personal identification information under the Act. Because zip codes are not personal identification information under the Act, Michael’s use of this information to obtain plaintiff’s address was also held not to be prohibited under the Act. Id. at 7. (See our prior posts discussing Pineda and issues under the Act.)

In addition, the court held that plaintiff had no reasonable expectation of privacy in her address – as it was obtained from public databases available on the Internet – and therefore plaintiff did not have a valid invasion of privacy claim under the California constitution. Id. at 9-10.

Notably, the court declined to decide a significant open issue under the Act – whether the Act prohibits a retailer from requesting personal information as a condition of accepting the customer’s credit card payment. Id. at n.4. This open issue is discussed in detail in the above-referenced article.

Recaps of the long day and night of negotiations and the final bill are available from Poltico, the Wall Street Journal, and American Banker, among many others.

With regard to certain of the issues we have been following closely here, in the end, auto dealers will be exempt from the purview of the new Consumer Financial Protection Bureau, but payday lenders and other non-bank financial service providers will be subject to the new regulator. In addition, the Federal Reserve will be permitted to cap interchange fees, except for those on cards issued by governments.

The bill includes myriad other important provisions related to mortgage lending, the activities of banks, insurance regulation, corporate governance, and more. The Wall Street Journal provides an overview of some of the “major” provisions. Over the coming weeks and months we will be taking a closer look at certain aspects of the final bill and their implications, for example, increased litigation risk for financial service providers, including merchants and retailers.

The trial court sustained Williams-Sonoma’s demurrer to Pineda’s Section 1747.08 claim on the grounds that under Party City Corp. v. Superior Court, 169 Cal. App. 4th 497 (2008) (discussed previously on this blog), zip codes can never constitute “personal identification information” for purposes of that section. In its brief, Pineda asks the Supreme Court to disregard this well-reasoned precedent on the grounds that zip codes are expressly defined as “information concerning the cardholder, other than information set forth on the credit card, and including, but not limited to, the cardholder’s address and telephone number.” Pineda argues that the trial court and court of appeal erred by inserting an additional criteria into the definition and requiring that the information be “unique” to the cardholder, rather than merely “concerning” the cardholder as set forth in the statute. In addition, Pineda argues that Williams-Sonoma preys on its credit card customers who are accustomed to providing their zip codes for legitimate verification purposes at gas stations and mistakenly assume that Williams-Sonoma is requesting their zip codes to process their credit cards. Meanwhile, according to Pineda, their sole intent is to use its customers’ zip codes to “covertly” obtain their home addresses to build its customer database.

Williams-Sonoma, on the other hand, argues first that the question of whether a zip code is “personal identification information” was not certified for review by the California Supreme Court, thus, the court of appeal’s decision in Party City stands. In addition, Williams-Sonoma argues that the Song Beverly Credit Card Act does not prohibit the use of information that is collected by a retailer at the point of sale. Instead, Song Beverly is silent as to any conduct other than the request and recording of “personal identification information” during a credit card transaction. Because a zip code has already been held to not fit within the definition of “personal identification information,” the inquiry ends there – it cannot be transformed into “personal identification information” based on how the zip code is used. Further, according to Williams-Sonoma, there is nothing improper about using zip codes to have third party vendors narrow down publicly available information about customers, such as their address.

How the California Supreme Court resolves this issue may have a substantial impact on retailers that collect customer zip codes. If the Supreme Court accepts Pineda’s interpretation of Song Beverly that zip codes are “personal identification information,” retailers could be left wondering what other conduct is prohibited, since neither “zip codes” nor “reverse data searches” are expressly mentioned in the language of the statute. In addition, after having relied on Party City, retailers could be left wondering whether they are now liable for this conduct under Song Beverly for up to $1,000 per transaction.

This appeal has not yet been set for oral argument. We will keep you updated as to any developments.

The Act directed the Federal Reserve to develop implementation guidance and requirements, which were finalized on January 12, 2010. While most credit card issuers have been working for several months to comply with the Act, the Fed rules provide further detailed guidance. For example, the rules outline factors issuers should consider when determining a consumer’s ability to repay.

Notably, the Fed rules impact Regulation Z and, therefore, do not relate to debit card overdraft fees. Those fees fall under Regulation E, which is subject to a separate ongoing rulemaking process.

Nor do the portions of the CARD Act that take effect today relate to gift cards. Another Fed rulemaking to provide guidance related to gift cards is underway. Those Fed rules should be finalized soon, and together with the gift card provisions of the Act will take effect in August 2010. We will keep you posted on further developments.

While such scams obviously cost consumers, merchants are also victims due to loss of consumer trust, the time and expense of cooperating with authorities and, if applicable, notifying potentially affected customers, and potential lawsuits under negligence and/or negligent hiring theories. Although merchants can never be completely assured that rogue employees will not engage in theft, they should consider the following steps to mitigate their risk:

(1) Handle credit cards in view of the customer. If the customer never loses sight of the credit card, theft is more difficult if not impossible. Retailers, restaurants and other businesses may wish to consider switching to portable credit card processing devices that allow customers to pay at the table.

(2) Carefully screen job applicants. Simple background checks can identify applicants with prior criminal histories.

(3) Educate and monitor employees. Ensure that employees are aware of the risks and consequences of credit card fraud (e.g., mere possession of a skimming device is a felony in many states), and adopt policies for employees handling customer credit cards. Monitor employees and encourage them to report any suspicious activity on behalf of their coworkers.

The overwhelming body of case law upholds the enforceability of such arbitration and class waiver provisions. See Adler v. Dell, Inc., No. 08-CV-13170, 2008 WL 5351042 (E.D. Mich. Dec. 18, 2008) (enforcing consumer arbitration provision with class waiver); Jenkins v. First Am. Cash Advance of Ga., LLC, 400 F.3d 868 (11th Cir. 2005) (class waiver in borrowers’ payday loan agreements did not render arbitration agreements unconscionable or unenforceable); and Snowden v. CheckPoint Check Cashing, 290 F.3d 631 (4th Cir. 2002) (rejecting argument that arbitration agreement was unenforceable as unconscionable due to class waiver).

However, recently some courts have taken issue with these provisions and deemed them unconscionable. A recent example of such a case is Homa v. American Express Co., No. 06-02985, 2009 WL 440912 (3rd Cir. Feb. 24, 2009).

In Homa, plaintiff brought a putative class action suit against American Express and its Centurion unit, alleging that they misrepresented the actual terms of the Blue Cash card rewards program and that defendants failed to award him the promised amount of cash back in violation of the New Jersey Consumer Fraud Act. However, the credit card member agreement that accompanied the Blue Cash card contained an arbitration and class waiver provision. Further, the agreement contained a choice-of-law provision indicating that any disputes arising out of the agreement would be governed by Utah law. Defendants argued that the plaintiff should be required to arbitrate his claims on an individual basis, because Utah law expressly allows arbitration and class waiver provisions in consumer credit agreements. On the other hand, the plaintiff argued that New Jersey law applied, because, as the application of Utah law would violate New Jersey’s public policy against certain class-arbitration waivers, New Jersey choice-of-law principles dictated that the agreement’s choice of Utah law was invalid. The district court sided with the defendants and dismissed plaintiff’s complaint.

The Third Circuit Court of Appeals reversed the trial court’s decision. In the opinion, the Third Circuit held that that the Federal Arbitration Act (“FAA”), 9 U.S.C. §§ 1-16, did not preclude the district court from applying New Jersey unconscionability principles to void the arbitration and class waiver clause, and therefore, plaintiff was entitled to pursue a class action against defendants in federal court in New Jersey. In so doing, the Court relied on the holding in a New Jersey state court decision styled Muhammad v. County Bank of Rehoboth Beach, Delaware, 912 A.2d 88 (N.J. 2006), that “‘[t]he public interest at stake in . . . consumers[’] [ability to effectively] pursue their statutory rights under [New Jersey’s] consumer protection laws’ constituted the ‘most important’ reason for holding a similar class-arbitration waiver unconscionable.” Further, the Third Circuit held that this interest “overrides” a defendant’s right to seek enforcement of a class-arbitration waiver in an agreement, particularly where the claims at issue are of such a low value as effectively to preclude relief if pursued individually. The case is now back in the district court.

Furthermore, this issue may be resolved by pending federal legislation that seeks to ban certain types of arbitration provisions. The Arbitration Fairness Act of 2009 would ban provisions requiring arbitration of (1) an employment, consumer, or franchise dispute, or (2) a dispute arising under any statute intended to protect civil rights. See H.R. 1020 The bill, which was referred to the House Judiciary Committtee on Feb. 12, 2009, currently has 43 co-sponsors, including that Committee Chairman Conyers (D-MI). A recent Legal Times report noted the plaintiffs bar's efforts to push the arbitration legislation on Capitol Hill. If enacted, the Act could start a wave of litigation in the consumer financial services sector.

The bottom line is that businesses should re-examine their customer agreement’s arbitration and class waiver provisions, paying particular attention to any choice of law provisions, and monitor these legal developments on a state-by-state basis. Homa tells us that the same arbitration and class waiver provision, while being upheld in one state, could be rejected in another.

Stay tuned for future posts analyzing cases decided in the wake of Homa and reporting on further developments with the Arbitration Fairness Act of 2009.

In Watkins, plaintiff brought a putative class action alleging that Autozone violated the California Song-Beverly Credit Card Act, California Civil Code §1747.08 (the “Act” or “Section 1747.08”) by unlawfully requesting and recording personal customer information, and then “covertly” engaging in a “reverse search” to determine additional customer personal information, in violation of the California Constitution’s privacy provision.

First, the court held that plaintiff plead facts sufficient to support a claim for a violation of Section 1747.08. See 2008 WL 5132092, at *6. Second, and more significantly, in holding that plaintiff sufficiently plead a claim for invasion of privacy, the court reasoned that:

• plaintiff adequately alleged a legally protected privacy interest in his home address;
• the allegations that Autozone obtained and subsequently used his home address information from using his telephone number and credit card information after plaintiff’s purchase at Autozone satisfied the pleading requirements of a reasonable expectation of privacy in these circumstances; and
• plaintiff sufficiently alleged that the invasion into his privacy was "serious," given his allegation that Autozone used his private information for profit without his consent and without informing him of the use of his information. See id.
• Further, the court stated that the purpose of statutory provisions (including Section 1747.08) prohibiting the requesting of personal information from credit card customers “speaks to the potential seriousness of invasions that may occur.” Id. at *7 (citation omitted).

This holding creates great uncertainty for companies in determining in what circumstances collecting customer information and then reverse data mining is permissible. For instance:

• Can a company utilize information that was obtained from a credit card customer for shipping purposes to reverse data mine for additional information about that customer?
• Does a retail company violate a customer’s right to privacy by using a credit card customer’s zip code to obtain additional information about that customer given the recent California Court of Appeal holding that a zip code is not “personal identification information” under Section 1747.08? See Party City Corp. v. Sup. Ct. of San Diego County, No. D053530 (Cal. Ct. App. Dec. 19, 2008).

While Party City dealt with a retailer’s request for zip codes for demographic reasons, rather than for reverse data mining (like in Watkins), the decision itself is not so limited. Thus, arguably this decision, unlike Watkins, would permit retailers to request zip codes, and then reverse data mine for additional customer information. (For a more detailed discussion of California’s Song-Beverly Credit Card Act and its implication on retailers, please see the Kelley Drye Advisory entitled “Sellers Beware: Another Flurry of Class Actions Being Filed Against Retailers Accepting Credit Cards in California.” )

Further, given the minimal pleading requirements to state a right to privacy claim after Watkins, more plaintiffs are likely to add such a claim to actions brought under Section 1747.08 merely to increase the amounts and types of relief available. While Section 1747.08 provides for up to $1,000 in civil penalties per violation, a right to privacy claim under the California Constitution may permit an award of damages and/or injunctive relief, to which private citizens are not entitled under Section 1747.08.

However, your company is not without recourse. Several compelling arguments can be made against a right to privacy claim brought pursuant to Watkins, including:

• Any such alleged wrong does not rise to the level of the “serious invasion,” which is typically reserved for conduct such as stalking and filming of neighbors in their homes.
• A home address or telephone number – commonly found in publicly available telephone directories, on the Internet, and even on envelopes – is not the type of information that carries an objectively reasonable expectation of privacy.
• In light of these decisions, companies would be well-advised to reconsider their ability to collect customer personal information, and to reverse data mine.

First, on January 22, 2009, Rep. Maloney (D-NY) re- introduced the Credit Card Holders’ Bill of Rights (H.R. 627), a prior version of which passed the House in 2008 but did not make it through the Senate. Then, on February 11, 2009, Chairman of the Senate Banking Committee Chris Dodd (D-CT), re-introduced The Credit Card Accountability, Responsibility and Disclosure Act (S. 414). That legislation likewise had a prior life, though it did not make it out the Senate Banking Committee during the 110th Congress.

The apparent purpose of the legislation is to attempt to fill perceived gaps in and to expedite implementation of the changes offered by the Fed rules. As a representative from the American Bankers Association testified during a recent Senate hearing regarding Senator Dodd’s bill, the legislation goes beyond the Fed rules in certain respects. For example, among other things, that bill would prohibit card companies from charging customers for paying their bill by phone, it would attempt to control charges for late payments or other violations of the cardholder agreement, and it would prohibit the issuance of cards to consumers under 21 years of age. These and other measures would significantly restrict institutions’ abilities to manage their business and offer choices to consumers. Further, in attempting to bring about reform more quickly, both pieces of legislation would shorten the implementation period needed by financial institutions to alter their business practices and comply with the new rules.

With so much government and public attention on financial services and given the consumer protection focus of the Obama Administration and Democrats on the Hill, credit card legislation may pick up substantial support and momentum in the current Congress. Whether lawmakers can agree on how to move forward, and whether they can do so before the Federal Reserve rules take effect, remains to be seen. In any event, credit card providers should stay tuned!

If you answered E, “All of the above,” you are CORRECT. However, many companies do not realize their businesses are subject to consumer financial services laws. Consequently, their businesses may not be compliant and may be subject to litigation risk.

The focus of the Consumer Finance Law Blog is to keep – all on one site – traditional and non-traditional financial service providers subject to consumer financial services laws abreast of recent developments in:

• State consumer protection statutes and regulations
• State privacy statutes
• Privacy and consumer protection litigation
• Card Association Rules
• Equal Credit Opportunity Act
• Electronic Funds Transfer Act
• Fair Credit Reporting Act
• Fair Credit Transactions Act
• Fair Debt Collection Practices Act
• Payment Card Industry Data Security Standard
• State Money Transmitter Statutes
• State Retail Installment Sales Act
• State and Federal Unfair and Deceptive Trade Practices Acts
• TILA, RESPA, and related federal and state consumer disclosure and notice requirements
• Insurance coverage issues
• Legislation that may impact company compliance or create new litigation risk.

We welcome you and hope that you find our posts interesting, educational, and thought provoking. We also welcome your feedback and invite you to suggest topics or recent decisions of interest that you would like us to address.