Federal Court Rules E-Mails Are Personal Data Under California Song-Beverly Act

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

Oct. 24 --The California Supreme Court would likely decide that an e-mail address constitutes “personal identification information” under the state's Song-Beverly Credit Card Act, the U.S. District Court for the Eastern District of California ruled Oct. 21 in addressing an issue of first impression (Capp v. Nordstrom, Inc., E.D. Cal., No. 2:13-cv-00660-MCE-AC, motion to dismiss denied 10/21/13).

The federal court denied a motion to dismiss a lawsuit brought against Nordstrom Inc. on behalf of a proposed class. The plaintiff alleged that the retailer and other unnamed defendants requested his e-mail address to send him an electronic receipt and then used his e-mail address to send him unsolicited marketing materials in violation of the act.

The court also concluded that the defendant failed to meet its burden to demonstrate that the plaintiff failed to state a claim because his Song-Beverly Act claim is preempted by the federal CAN-SPAM Act.

E-Mail Address Like ZIP Code

The Song-Beverly Act, at Cal. Civ. Code § 1747.08(a)(2), prohibits retailers from requiring that a cardholder provide “personal identification information” as a condition for accepting a credit card for payment. Section 1747.08(b) of the act defines “personal identification information” as “information concerning the cardholder, other than information set forth on the credit card, and including, but not limited to, the cardholder's address and telephone number.”

In addressing whether or not an e-mail address fits within that definition, the federal district court relied on the California Supreme Court's ruling in Pineda v. Williams-Sonoma Stores Inc., 246 P.3d 612, 2011 BL 36467 (Cal. 2011), holding that “personal identification information” includes ZIP codes .

The federal court predicted that the California Supreme Court would decide that, like ZIP codes, e-mail addresses would fall under that definition. “In this case, an email address is within the scope of the statute's 'broad term[s]' 'concerning the cardholder' as well because a cardholder's email address 'pertain[s] to or regards to a cardholder' in a more specific and personal way than does a ZIP code,” the federal court said, quoting Pineda.

“Instead of referring to the general area in which a cardholder lives or works, a cardholder's email address permits direct contact and implicates the privacy interests of a cardholder,” the court said.

“Instead of referring to the general area in which a cardholder lives or works, a cardholder's email address permits direct contact and implicates the privacy interests of a cardholder.”

This interpretation is also consistent with the Song-Beverly Act as a whole and the purpose of the act, to address the misuse of consumers' personal information, the court said.

“Here, the statute at issue provides constitutionally adequate notice of the proscribed conduct because the statute's language is not overly vague and ambiguous and includes a specific reference to the example of a cardholder's physical mail 'address' which, as discussed above, is not unreasonably distinct from a cardholder's electronic mail address,” the court said.

The court denied the defendant's motion to dismiss for failure to state a claim, noting that certain issues--such as whether the plaintiff's e-mail address was required for the credit card transaction--require additional factual development.

No Preemption

The court also rejected the defendant's argument that the Song-Beverly Act is preempted by the federal CAN-SPAM Act, which prohibits the transmission of materially false or misleading information through e-mail, 15 U.S.C. § 7704(a)(1).

The CAN-SPAM Act, at Section 7707(b)(1), contains an express preemption clause stating:

This chapter supersedes any statute, regulation, or rule of a State or political subdivision of a State that expressly regulates the use of electronic mail to send commercial messages, except to the extent that any such statute, regulation, or rule prohibits falsity or deception in any portion of a commercial electronic mail message or information attached thereto.  


This language does not encompass the Song-Beverly Act because the state statute does not regulate the contents of e-mail messages or the manner in which they are transmitted, the court said. In addition, the court interpreted the phrase “expressly regulates” in the preemption clause to apply to statutes that regulate e-mail messages, not e-mail addresses.

The court added that the Song-Beverly Act “does not stand as an obstacle to the accomplishment of the objectives of Congress in enacting CAN-SPAM.” It is possible for the defendant to comply with both acts, and the Song-Beverly Act will likely further the purpose of the CAN-SPAM Act by reducing the collection of e-mail addresses, the court said.

In addition to denying the defendant's motion to dismiss, the court deemed the plaintiff's complaint amended to seek only civil penalties and to omit his requests for injunctive relief and a jury trial.

James M. Lindsay of Lindsay Law Corp. in Folsom, Calif., represented the plaintiff. Dana J. Dunwoody, of Sheppard Mullin Richter & Hampton LLP, in San Diego; Elizabeth S. Barcohana of the firm's Los Angeles office; and Brian R. Blackman of the firm's San Francisco office represented the defendant.

Full text of the court's opinion is available at http://www.bloomberglaw.com/public/document/Capp_v_Nordstrom_Inc_Docket_No_213cv00660_ED_Cal_Apr_04_2013_Cour.

Request Bloomberg Law: Privacy & Data Security