California

Subscribe to California via RSS

On December 19, 2008, in Party City Corp. v. The Superior Court of San Diego County, the California Court of Appeal in the Fourth Appellate District held that zip codes are not “personal identification information” under California’s Song-Beverly Credit Card Act of 1971, California Civil Code Sec. 1747.08 (the “Act.”). The Act prohibits a retailer that accepts credit cards from, among other things, “request[ing], or require[ing] as a condition to accepting the credit card as payment in full or in part for goods or services, the cardholder to provide personal identification information, which the [retailer] writes, causes to be written, or otherwise records upon the credit card transaction form or otherwise.” Id. at § 1748.08(a)(2). Under the Act, “personal identification information” is “information concerning the cardholder, other than information set forth on the credit card, and including, but not limited to, the cardholder’s address and telephone number.” Id. at § 1747.08(b). Subdivision (e) of the statute provides that “[a]ny person who violates this section shall be subject to a civil penalty not to exceed two hundred fifty dollars ($250) for the first violation and one thousand dollars ($1,000) for each subsequent violation, to be assessed and collected in a civil action brought by the person paying with a credit card, by the Attorney General, or by the district attorney or city attorney of the county or city in which the violation occurred.”

The June 18, 2008 Ninth Circuit panel decision in Quon et al. v. Arch Wireless et al., No. 07-55282 (9th Cir. June 18, 2008) has sparked a flurry of news reports and speculation regarding employers’ ability to monitor employees’ e-mails and text messages. In fact, the decision appears to change very little for private employers who wish to review employee communications stored on, or sent through, their own servers and computers. However, Quon does limit employers’ ability to request from third-party providers the contents of employees’ electronic communications.

The new year brings with it many new California privacy laws. Included are the following:

S.B. 202 – Telephone Record Pretexting

As previously reported, S.B. 202 amends Penal Code § 638 to prohibit the purchase or sale of any telephone pattern record or list without the written consent of the subscriber.

A.B. 424 – Identity Theft: Personal Information

A.B. 424 expands the definition of identity theft victim, for purposes of Penal Code §§ 530.5, 530.6 and 530.8, to include firms, associations, organizations, partnerships, businesses, trusts, companies, corporations, limited liability companies or public entities.

A.B. 618 – Financial Crime

Upon request from law enforcement agencies, banks, credit unions and savings associations must provide surveillance photos and videos of anyone accessing the financial account of a crime victim, whether such access occurred at an ATM or inside the financial institution. Government Code § 7480.

A.B. 2043 – Identity Theft and Debt Collection

This law amends Civil Code §§ 1788.2 and 1788.18 to extend to firms, associations, organizations, partnerships, business trusts, companies, corporations, and limited liability companies protections previously available to consumers to contest debts where they are victims of identity theft.

A.B. 2886 – Identity Theft Penalties

This law amends Penal Code §§ 530.5 and 530.55 to define new crimes, enhance penalties and create court procedures concerning crimes of identity theft, including: 1) penalty enhancements for repeat offenders and for those stealing the identities of ten or more people; 2) a requirement that court records reflect that the person whose identity was stolen was not responsible for the crime committed; 3) penalties for selling, transferring or conveying personal information with the knowledge that it will be used to commit identity theft or with the intent to defraud; 4) state penalty for mail theft and 5) the addition of professional or occupational number to the definition of "personal identifying information."