• explores a rule recently announced by VISA and legislation recently proposed by Senate Commerce Committee Chairman, Jay Rockefeller (D-W.Va.) entitled “The Restore Online Shoppers’ Confidence Act” (S. 3386), both of which restrict companies’ ability to share customer payment card information. (Visit Kelley Drye's Advertising Law Blog for related articles on these topics);

• reviews two recently filed class actions, Ferrington, et al. v. McAfee Inc., 5:10-cv-1455 (N.D. Cal.), and Van Tassell, et al. v. United Marketing Group Inc., et al., 1:10-cv-2675 (N.D. Ill.), alleging that the data pass practices of certain on-line marketers violated numerous state consumer protection laws;

• advises on steps companies should consider taking to mitigate the risk that their data pass practices will come under FTC scrutiny; and

• discusses considerations companies should make if they find themselves the subject of a class action relating to their data pass practices.

The Song-Beverly Credit Card Act prohibits merchants that accept credit cards in transacting business from making requests that the cardholder provide “personal identification information” and from recording that information. (Cal. Civ Code § 1747.08, subd. (a)(2).) Under the Act, “personal identification information” means information concerning the cardholder, other than information set forth on the credit card, and including, but not limited to, the cardholder’s address and telephone number. In Party City Corp. v. Superior Court, 169 Cal.App.4th 497 (Cal. App. Ct. 2008) (discussed previously on this blog), the California Court of Appeals considered the language of the Act and the legislative history and concluded, as a matter of law, that a zip code is not “personal identification information” within the meaning of section 1747.08, subdivision (b) because a zip code is not facially individualized information. Last year, in Pineda v. Williams-Sonoma Stores, Inc., 100 Cal.Rptr.3d 458 (Cal. App. Ct. 2009), the California Court of Appeals followed Party City and affirmed the decision below that Williams-Sonoma did not violate the Act by requesting and recording the customer’s zip code for the purpose of using it and the customer’s name to obtain the customer’s address through the use of reverse data mining. The Court of Appeals in Pineda also held that using a legally-obtained zip code to acquire and use an address that is public is not “a serious invasion of privacy,” which is a necessary element of a privacy claim. Pineda failed to allege facts showing that her home address was not otherwise publicly available or that she undertook efforts to keep it private.

While the Party City and Pineda decisions provided clarity for companies in California that collect customer zip codes and then reverse data mine, the California Supreme Court’s decision to review this issue again creates uncertainty as to whether the practice is permissible. Stay tuned for future posts on any developments.

Several states have statutes specifically regulating layaway transactions, setting forth the maximum service charges, the refund policies, and other terms required by law. In some cases, the penalties for noncompliance can be severe, including statutory penalties or multiples of actual damages. Maryland, Ohio, Rhode Island, and the District of Columbia, among others, have statutes which specify terms that must be included in all layaway transactions, and in some cases those terms may be such that it is no longer profitable for the retailer to offer layaways. In particular, retailers may be seriously restricted in their ability to charge service fees or impose penalties for noncompliance with the terms of the agreement. As a result, some retailers are specifically excluding certain jurisdictions, or providing for alternative contractual terms in those jurisdictions. For example, the layaway program for Toys ‘R Us and Babies ‘R Us stores is apparently not available in Maryland and is subject to different terms in Ohio and Rhode Island.

Layaway may very well prove to be a reliable business model for bringing consumers into stores (or onto websites) but its also an area where a patchwork of local laws can create dangerous legal minefields.

If you answered E, “All of the above,” you are CORRECT. However, many companies do not realize their businesses are subject to consumer financial services laws. Consequently, their businesses may not be compliant and may be subject to litigation risk.

The focus of the Consumer Finance Law Blog is to keep – all on one site – traditional and non-traditional financial service providers subject to consumer financial services laws abreast of recent developments in:

• State consumer protection statutes and regulations
• State privacy statutes
• Privacy and consumer protection litigation
• Card Association Rules
• Equal Credit Opportunity Act
• Electronic Funds Transfer Act
• Fair Credit Reporting Act
• Fair Credit Transactions Act
• Fair Debt Collection Practices Act
• Payment Card Industry Data Security Standard
• State Money Transmitter Statutes
• State Retail Installment Sales Act
• State and Federal Unfair and Deceptive Trade Practices Acts
• TILA, RESPA, and related federal and state consumer disclosure and notice requirements
• Insurance coverage issues
• Legislation that may impact company compliance or create new litigation risk.

We welcome you and hope that you find our posts interesting, educational, and thought provoking. We also welcome your feedback and invite you to suggest topics or recent decisions of interest that you would like us to address.