Editor’s Note: This post is a joint submission with BakerHostetler’s Data Privacy Monitor blog.
In a victory for Wal-Mart Stores, Inc., a federal district court judge has refused to certify a Rule 23(b)(3) class in a lawsuit for violation of California’s Song-Beverly Credit Card Act (Cal. Civ. Code § 1747 et seq., available here.
Plaintiff Joel Leebove brought suit on behalf of himself and others similarly situated against Wal-Mart over the big box retailer’s practice of requesting telephone numbers and addresses in connection with certain credit card purchases. Wal-Mart successfully argued that this information was necessary and its collection legal, as the putative class consisted of Wal-Mart customers whose purchases were to be subsequently picked-up or delivered.
The Song-Beverly Credit Card Act (“Song-Beverly”) makes it illegal for any companies that accept credit cards to record “personal identification information” in connection with any credit card transaction (see Cal. Civ. Code § 1747.08(a)(1)-(3)). (“Personal identification information is defined as “information concerning the cardholder, other than information set forth on the credit card, and including, but not limited to, the cardholder’s address and telephone number.” (see Cal. Civ. Code § 1747.08(b).) Exceptions apply, including if such information is “required for a special purpose incidental but related to the individual credit card transaction, including, but not limited to, information relating to shipping, delivery, servicing, or installation of the purchased merchandise, or for special orders.” (see Cal. Civ. Code § 1747.08(c)(4)).
In entering its bench order from September, the Court held that individualized factual and legal questions predominated over questions common to the class (slip op. at 1), and refused to certify a class. As the Court noted, the California Court of Appeal has held that credit cards issued for business purposes are not entitled to protection under Song-Beverly, thereby necessitating individualized inquiries into the original purpose of every credit card at issue in the case (id. at 2, citing Archer v. United Rentals, Inc., 195 Cal.App.4th 807 (2011)). Furthermore, individualized inquiries would be required to determine if Wal-Mart was justified in requesting telephone numbers and addresses in connection with pick-ups and deliveries, situations in which such information may fall within an exception to Song-Beverly. For example, the Court noted that Wal-Mart had adduced “evidence that many delivery carriers require a customer phone number” (id.).
Importantly, companies that face potential class action litigation for alleged data privacy breaches now have additional support for arguments that class certification is inappropriate where individualized inquiries into the purpose and necessity of the data collected are required. Furthermore, plaintiffs faced with facts similar to those encountered by the Plaintiff here must now ask themselves if the $250-$1000 available per violation of Song-Beverly justify the costs of bringing individual suits.