Song-Beverly Credit Card Act

Plaintiffs routinely bring consumer class actions under statutes that allow only consumers—not businesses—to bring claims, or that are limited to transactions solely for personal or household purposes. See, e.g., Electronic Funds Transfer Act, 15 U.S.C. § 1693a(2); Real Estate Settlement Procedures Act, 12 U.S.C. § 2606(a)(1); California’s Consumer Legal Remedies Act, Cal. Civ. Code § 1780. But in some cases, the “consumer” requirement can be the Achilles’ heel for class certification. If it is difficult to determine whether a particular customer is a “consumer” without individualized inquiries, a proposed class action may flunk the predominance, ascertainability, and manageability requirements for class certification.

For example, in a recent zip-code class action, Leebove v. Wal-Mart Stores, Inc., the retailer was accused of improperly requiring customers paying by credit card to provide their phone numbers and addresses in violation of California’s Song-Beverly Credit Card Act. But that statute creates a private right of action only for a “natural person to whom a credit card is issued for consumer credit purposes.” Cal. Civ. Code § 1747.02(d). Business entities and people who use corporate credit cards are not eligible to sue.

That fact was crucial for defeating class certification in Leebove. As the court explained, “before liability could be established with respect to each class member, individualized proof regarding whether each class member’s credit card was issued as a consumer or as a business card would have to be produced.” Although the court also identified other defects in the proposed class, the need for mini-trials as to whether each class member qualified as a “consumer” under the statute was key to the court’s holding that the plaintiffs had failed to establish predominance.

There should be many other opportunities to make this kind of argument either in opposing a motion for class certification or in moving to strike class allegations at the very outset of the case. Here are some ideas (and helpful authority):

  • If the class is defined to include only consumers, does the need for individualized inquiries into whether a purchaser qualifies as a consumer or a business render the class non-ascertainable? See, e.g., Walewski v. Zenimax Media, Inc., 502 F. App’x 857, 861 (11th Cir. 2012).
  • Alternatively, is the class overbroad because it includes businesses? See, e.g., Mazur v. eBay Inc., 257 F.R.D. 563, 567 (N.D. Cal. 2009).
  • Or is the question whether the putative class member qualifies as a consumer so individualized as to either defeat predominance or make a classwide trial unmanageable? See, e.g., Kennedy v. Natural Balance Pet Foods (pdf), 361 F. App’x 785, 787 (9th Cir. 2010); Johnson v. Harley-Davidson Motor Co. Group, LLC (pdf), 285 F.R.D. 573, 583 (E.D. Cal. 2012); Ballard v. Branch Banking & Trust Co., 284 F.R.D. 9, 13-16 (D.D.C. 2012); Ewert v. eBay Inc., 2010 WL 4269259, at *9 (N.D. Cal. Oct. 25, 2010).
  • Finally, if the named plaintiff himself or herself arguably is not a “consumer” under the applicable law, are his or her claims typical of those of the absent class members? See, e.g., Aberdeen v. Toyota Motor Sales, U.S.A. (pdf), 2009 WL 7715964, at *6 (C.D. Cal. June 23, 2009), aff’d in relevant part, 422 F. App’x 617 (9th Cir. 2011).


Over the past two years, a big growth area for plaintiffs’ lawyers has been cases challenging the use of zip codes or other identifying information by merchants that process credit-card transactions.

In 2011, the California Supreme Court held in Pineda v. Williams-Sonoma Stores that a zip code constitutes “personal identification information” under California’s Song-Beverly Credit Card Act, thus potentially exposing retailers to civil penalties of up to $1,000 per violation if they request and record the zip codes of customers paying by credit card. (My colleagues John Nadolenco and Archis Parasharami did a teleconference about Pineda that you can listen to here.) Sensing blood in the water, the plaintiffs’ bar filed a wave of class actions against brick-and-mortar and online retailers.

Earlier this year, the California Supreme Court narrowed the scope of its ruling to exclude online retailers selling downloadable products. Because the court left undecided whether other online or non-face-to-face transactions are actionable, numerous California class actions against online retailers and catalog merchants remain pending. (In my view, these cases also should be dismissed; these vendors have no opportunity to inspect customers’ credit cards or identification physically, and need the customer’s address to ship the goods.)

Similar cases are being filed in other states. In March, the Massachusetts Supreme Judicial Court held that zip codes are “personal identification information” for purposes of Massachusetts’ equivalent to the Song-Beverly Credit Card Act, G.L. c. 93, § 105(a). See Tyler v. Michaels Stores Inc., No. SJC-11145 (Mass. Mar. 11, 2013). As in California, a number of new class actions under the Massachusetts law have been filed in the wake of Tyler.

But where will these lawsuits show up next? Nine other jurisdictions have privacy laws similar to California’s Song-Beverly Credit Card Act and the Massachusetts law: Delaware (Del. Code tit. 11, § 914), the District of Columbia (D.C. Code § 47-3153), Kansas (Kan. Stat. § 50-669a), Maryland (Md. Code Com. Law § 13-317), Minnesota (Minn. Stat. § 325F.982), New Jersey (N.J. Stat. § 56:11-17), New York (N.Y. Gen. Bus. Law § 520-A(3)), Rhode Island (R.I. Gen. Laws § 6-13-16), and Wisconsin (Wis. Stat. § 423.401).

Hopefully, courts in those jurisdictions will reject the broad interpretation of “personal identification information” that the California and Massachusetts high courts adopted; retailers have strong arguments that legislatures did not intend to subject businesses to liability for obtaining ZIP code information—especially because such information often is publicly available and does not raise the same kinds of privacy concerns as, say, social security numbers might.

That said, retailers should watch these jurisdictions carefully, review what data they collect from credit-card customers, and assess what is being done with that data. The wave of zip-code class actions may still be building.