Ad Law Access : Washington D.C. Advertising Lawyer & Attorney : Kelley Drye & Warren Law Firm : New York, Chicago, Connecticut, New Jersey, Brussels

Last month, a class action lawsuit was filed against Michael Stores, Inc., accusing the arts and crafts retailer of violating a Massachusetts consumer protection statute when it collects and records zip codes during consumer credit card transactions. The lawsuit, Tyler v. Michaels Stores, Inc. filed in Massachusetts District Court, comes several months after the California Supreme Court decision in Pineda v. Williams-Sonoma Stores, Inc., which held that zip code information is personal identification information (“PII”) under California’s Song-Beverly Credit Card Act. (the “Song-Beverly Act”).

In Tyler, the plaintiff made a purchase at a Michael’s store with her credit card and, during the sales process, the cashier requested the plaintiff’s zip code. The plaintiff provided her zip code to the cashier allegedly based on the belief that it was necessary to complete the transaction. The plaintiff asserts that Michaels subsequently combined her zip code with other information to obtain her home mailing address, and began sending unwanted marketing materials. According to the complaint, the collection and recording of zip codes during a credit card transaction violates Mass. Gen. Laws ch. 93 § 105, under which a business cannot “write, cause to be written or require that a credit card holder write [PII], not required by the credit card issuer, on the credit card transaction form.”

The plaintiff in Tyler argues that Mass. Gen. Laws ch. 93 § 105 should be interpreted in a manner consistent with the California Supreme Court’s interpretation of the Song-Beverly Act in Pineda. In that case, the court held that a cardholder’s zip code qualified as “information concerning the cardholder. . .” as used within the Song-Beverly Act’s definition of PII. As a result, businesses in California face restrictions from requesting and recording a person’s zip code as part of a credit card transaction. The Massachusetts statute defines PII in a different, though arguably similar fashion to the Song-Beverly Act. Specifically, the statute includes an open-ended definition of PII that is not limited to a credit card holder’s address or telephone number. The plaintiff in Tyler is seeking injunctive relief, damages, and attorneys’ fees.

Businesses that collect customer information at the sales register should pay close attention to this case, as it may signal lawsuits in other states with statutes that are similar to California’s Song-Beverly Act.

• Email This
• Print
• Share Link

Our May 31, 2010 BNA Privacy & Security Law Report article, "Scrutiny on Payment Card Data Pass: Raising the Profile of Personal Information Sharing Among Marketers," summarized then-recent legislation introduced in Congress regarding an online marketing practice commonly known as “payment card data pass.” As described more fully in the Scrutiny article, payment card data pass occurs when a consumer’s credit or debit card information is passed on to a third-party merchant following a sale. Frequently, the third-party merchant uses the billing information to enroll the consumer in various negative option subscription programs, wherein the consumer’s silence, or failure to take action to cancel the agreement, is interpreted by the seller as the consumer’s ongoing acceptance to continue to receive and pay for the goods or services offered by the third party merchant. In many instances, consumers, regulators, and plaintiffs in class action suits have alleged that consumers are unaware that their billing information has been passed to the third party and that they have been enrolled in a negative option program.

Over the past year, Congress, state and federal regulators, and the private bar, have taken steps to ensure that rigorous consumer protections are in place when data pass offers are made. These protections affect not only the companies who receive the financial information from other companies, but also the merchants who are sharing the information with third parties. This article in the current issue of BNA Privacy & Security Law Report provides an update on several of the developments that have occurred since the publication of the Scrutiny article and discusses practical considerations for businesses engaged in online marketing in light of these recent developments.

Click here to download the article by Kelley Drye attorneys Alysa Z. Hutnik, Joseph D. Wilson, and Jeffrey A. Kauffman: “‘Payment Card Data Pass’ Rules Gain Some Teeth: An Update on the Legal Landscape.”

• Email This
• Print
• Share Link

The “Restore Online Shoppers’ Confidence Act”, which would ban online sales companies from enrolling consumers in services without their consent and bring an end to the practice of “data pass,” was passed by Congress yesterday. Senate Commerce Committee Chairman Jay Rockefeller (D-W.Va.) introduced the bill in May after a year-long investigation into the practices of certain online “negative option” plans. In these programs, retailer websites were sharing customers’ billing information, including credit and debit card numbers, with third parties who would enroll the customers in membership programs with monthly fees billed to the same credit or debit cards. Consumers were required to contact the third party companies to cancel their memberships in the programs.

In a statement released by the FTC today, Chairman Liebowitz said, “We’re pleased Congress passed this legislation…Consumers should be able to make informed decisions, so the terms and conditions of any offer must be disclosed clearly and conspicuously.” The Act requires the following:

1. Online sellers of goods and services who market on the site of a merchant after a consumer has initiated a transaction are prohibited from charging a consumer unless the material terms of the transaction are clearly and conspicuously disclosed and the seller has obtained the consumer’s consent before charging his or her credit or debit card. Consent requires that the consumer provide the seller with full and complete credit or debit card information.
2. Online sellers are prohibited from transferring consumer credit or debit card information to third parties.
3. Sellers are prohibited from charging under a negative option plan unless the material terms are disclosed, consent is obtained, and consumers are provided a simple means of cancellation.

Online retailers should take care to review their current billing policies in light of the requirements contained in this bill.

• Email This
• Print
• Share Link

On May 19, 2010, Senator John D. Rockefeller, Chairman of the U.S. Senate Committee on Commerce, Science, and Transportation, introduced legislation that may have a significant impact on Internet retailers offering negative option programs. Negative option programs generally cover offers in which goods or services are provided automatically and consumers must either pay for the service or specifically decline it in advance of billing.

The proposed legislation was released on the same day that the Committee on Commerce released the second of two reports regarding companies that allegedly used aggressive sales tactics to enroll online consumers in services without their consent. The proposed bill contains a number of provisions relevant to companies that offer negative options:

• Requirements for Certain Internet-Based Sales. The proposed bill would make it unlawful for any post-transaction third-party seller to charge a consumer’s credit card for a good or service without providing clear disclosures regarding the terms of the offer and receiving the consumer’s express informed consent to billing. Express informed consent requires that the consumer provide all billing information and take an additional affirmative step (such as clicking on a box that indicates the consumer’s consent to billing).
• Prohibition on Data Pass of Billing Information. Sen. Rockefeller’s proposed legislation would prohibit the practice of merchants disclosing and transferring a consumer’s billing information to any post-transaction third party seller for use in any Internet-based sale of goods or services from the third-party seller.
• Limitations on the Use of Negative Options in Internet-Based Sales. The proposed bill would make it unlawful to charge a consumer through an Internet-based negative option program unless: (1) the seller clearly and conspicuously discloses, prior to the sale, the material terms of the offer and the identity of the entity making the offer; (2) the seller has obtained the express informed consent to bill; (3) the seller provides a simple process to cancel billing that must be available through both the Internet and telephone; and, (4) the seller provides a notice of billing to a purchaser at least 10 days prior to each billing interval.

Companies who offer any type of Internet-based negative option program would be well-served to keep a close eye on how this proposed legislation makes its way through the Senate. As evidenced by the report released with the proposed legislation, Senator Rockefeller has taken on a strong pro-consumer agenda, and he will certainly seek to bring further attention to these types of offers.

• Email This
• Print
• Share Link