BILL NUMBER: SB 383 AMENDED
BILL TEXT
AMENDED IN ASSEMBLY JUNE 15, 2014
AMENDED IN SENATE JANUARY 28, 2014
AMENDED IN SENATE MAY 24, 2013
AMENDED IN SENATE APRIL 1, 2013
INTRODUCED BY Senator Jackson
FEBRUARY 20, 2013
An act to amend Sections 1747.02 and 1747.08 of the Civil Code,
relating to credit cards.
LEGISLATIVE COUNSEL'S DIGEST
SB 383, as amended, Jackson. Credit cards: personal information.
Existing state and federal law regulates the provision of credit
and the use of credit cards. The Song-Beverly Credit Card Act of 1971
generally regulates credit card transactions and prohibits a person
or entity that accepts credit cards for the transaction of business
from requesting, or requiring as a condition to accepting the credit
card, that the cardholder write any personal identification
information, as defined, upon the credit card transaction form or
otherwise. Existing law prohibits a person or entity that accepts
credit cards for the transaction of business from requesting, or
requiring as a condition to accepting the credit card, that the
cardholder provide his or her personal identification information to
the person or entity to be written or caused to be written upon the
credit card transaction form or otherwise. Notwithstanding those
provisions, existing law authorizes a person or entity that accepts
credit cards for the transaction of business to require the
cardholder, as a condition to accepting the credit card, to provide
reasonable forms of positive identification, which may include a
driver's license or a California state identification card, provided
that the information is not written or recorded on the credit card
transaction form or otherwise. Existing law authorizes the use of ZIP
Code information in a sales transaction at a retail motor fuel
dispenser or retail motor fuel payment island with an automated
cashier that uses the ZIP Code information solely for prevention of
fraud, theft, or identity theft.
This bill would authorize a person or entity that accepts credit
cards in an online transaction involving an electronic downloadable
product, as defined, to require a cardholder, as a condition to
accepting a credit card as payment in full or in part, in an online
transaction involving an electronic downloadable product, to provide
the billing ZIP Code and street address number associated
with the credit card, if used solely for the detection,
investigation, or prevention of fraud, theft, identity theft, or
criminal activity, or enforcement of terms of sale. The bill would
authorize the person or entity accepting the credit card to require a
cardholder, as a condition to accepting a credit card as payment in
full or in part, in an online transaction involving an electronic
downloadable product, to provide additional personal
identification information, as defined, if it
requires that information for the detection, investigation, or
prevention of fraud, theft, identity theft, or criminal activity, or
for enforcement of terms of sale, and the additional
personal identification information is used
solely for those purposes. The bill would require that person or
entity to destroy or dispose of the ZIP Code, street address
number, and any additional personal identification
information it requires in a secure manner after it is no
longer needed for those purposes. The bill would prohibit
that person or entity from aggregating the ZIP Code, street
address number, or additional personal information it requires with
any other personal identification information, as
defined, information and from sharing
the ZIP Code, street address number, or additional personal
identification information it requires with any other
person or entity, as specified. The bill, notwithstanding the
foregoing provisions, would also authorize a person or entity
accepting a credit card in an online transaction involving an
electronic downloadable product to request, but not require,
personal information if the cardholder actively elects to provide
the personal information by opting in to the collection of the
information and specified conditions are met require a
consumer to establish an account as a condition for purchase of the
product and to provide personally identifiable information in
connection with that account, as specified. The bill would also
authorize a consumer, concurrent with completing a transaction for an
electronically downloadable product, to elect to opt in to the
collection and use of personally identifiable information provided
certain disclosures are made and he or she is permitted to opt out
prior to completing the transaction .
Vote: majority. Appropriation: no. Fiscal committee: no.
State-mandated local program: no.
THE PEOPLE OF THE STATE OF CALIFORNIA DO ENACT AS FOLLOWS:
SECTION 1. (a) The Legislature finds and declares all of the
following:
(1) The Song-Beverly Credit Card Act of 1971 establishes privacy
and other protections for cardholders. These protections prohibit a
person, firm, partnership, association, or corporation from
requesting or requiring a cardholder to provide personal
identification information in a credit card transaction, with
specified, limited exceptions.
(2) The Song-Beverly Credit Card Act of 1971 applies to credit
card transactions without reference to the method, platform, or
technology used to process or to complete the transaction.
(3) The California Supreme Court, in Apple Inc. v. Superior Court
(2013) 56 Cal.4th 128, declared the Song-Beverly Credit Card Act of
1971 not applicable to an online transaction involving a downloadable
product. As a result, the privacy protections of the act do not
apply to those transactions.
(b) It is the intent of the Legislature to advance privacy
protections by limiting the scope of personally identifiable
information that may be required to be collected for an online
transaction involving an electronic downloadable product.
SEC. 2. Section 1747.02 of the Civil Code is amended to read:
1747.02. As used in this title:
(a) "Credit card" means any card, plate, coupon book, or other
single credit device existing for the purpose of being used from time
to time upon presentation to obtain money, property, labor, or
services on credit. "Credit card" does not mean any of the following:
(1) Any single credit device used to obtain telephone property,
labor, or services in any transaction under public utility tariffs.
(2) Any device that may be used to obtain credit pursuant to an
electronic fund transfer, but only if the credit is obtained under an
agreement between a consumer and a financial institution to extend
credit when the consumer's asset account is overdrawn or to maintain
a specified minimum balance in the consumer's asset account.
(3) Any key or card key used at an automated dispensing outlet to
obtain or purchase petroleum products, as defined in subdivision (c)
of Section 13401 of the Business and Professions Code, that will be
used primarily for business rather than personal or family purposes.
(b) "Accepted credit card" means any credit card that the
cardholder has requested or applied for and received or has signed,
or has used, or has authorized another person to use, for the purpose
of obtaining money, property, labor, or services on credit. Any
credit card issued in renewal of, or in substitution for, an accepted
credit card becomes an accepted credit card when received by the
cardholder, whether the credit card is issued by the same or a
successor card issuer.
(c) "Card issuer" means any person who issues a credit card or the
agent of that person for that purpose with respect to the credit
card.
(d) "Cardholder" means a natural person to whom a credit card is
issued for consumer credit purposes, or a natural person who has
agreed with the card issuer to pay consumer credit obligations
arising from the issuance of a credit card to another natural person.
For purposes of Sections 1747.05, 1747.10, and 1747.20, the term
includes any person to whom a credit card is issued for any purpose,
including business, commercial, or agricultural use, or a person who
has agreed with the card issuer to pay obligations arising from the
issuance of that credit card to another person.
(e) "Retailer" means every person other than a card issuer who
furnishes money, goods, services, or anything else of value upon
presentation of a credit card by a cardholder. "Retailer" shall not
mean the state, a county, city, city and county, or any other public
agency.
(f) "Unauthorized use" means the use of a credit card by a person,
other than the cardholder, (1) who does not have actual, implied, or
apparent authority for that use and (2) from which the cardholder
receives no benefit. "Unauthorized use" does not include the use of a
credit card by a person who has been given authority by the
cardholder to use the credit card. Any attempted termination by the
cardholder of the person's authority is ineffective as against the
card issuer until the cardholder complies with the procedures
required by the card issuer to terminate that authority.
Notwithstanding the above, following the card issuer's receipt of
oral or written notice from a cardholder indicating that the
cardholder wishes to terminate the authority of a previously
authorized user of a credit card, the card issuer shall follow its
usual procedures for precluding any further use of a credit card by
an unauthorized person.
(g) "Inquiry" means a writing that is posted by mail to the
address of the card issuer to which payments are normally tendered,
unless another address is specifically indicated on the statement for
that purpose, then to that other address, and that is received by
the card issuer no later than 60 days after the card issuer
transmitted the first periodic statement that reflects the alleged
billing error, and that does all of the following:
(1) Sets forth sufficient information to enable the card issuer to
identify the cardholder and the account.
(2) Sufficiently identifies the billing error.
(3) Sets forth information providing the basis for the cardholder'
s belief that the billing error exists.
(h) "Response" means a writing that is responsive to an inquiry
and mailed to the cardholder's address last known to the card issuer.
(i) "Timely response" means a response that is mailed within two
complete billing cycles, but in no event later than 90 days, after
the card issuer receives an inquiry.
(j) "Billing error" means an error by omission or commission in
(1) posting any debit or credit, or (2) in computation or similar
error of an accounting nature contained in a statement given to the
cardholder by the card issuer. "Billing error" does not mean any
dispute with respect to value, quality, or quantity of goods,
services, or other benefit obtained through use of a credit card.
(k) "Adequate notice" means a printed notice to a cardholder that
sets forth the pertinent facts clearly and conspicuously so that a
person against whom it is to operate could reasonably be expected to
have noticed it and understood its meaning.
( l ) "Secured credit card" means any credit card
issued under an agreement or other instrument that pledges,
hypothecates, or places a lien on real property or money or other
personal property to secure the cardholder's obligations to the card
issuer.
(m) "Student credit card" means any credit card that is provided
to a student at a public or private college or university and is
provided to that student solely based on his or her enrollment in a
public or private university, or is provided to a student who would
not otherwise qualify for that credit card on the basis of his or her
income. A "student credit card" does not include a credit card
issued to a student who has a cocardholder or cosigner who would
otherwise qualify for a credit card other than a student credit card.
(n) "Retail motor fuel dispenser" means a device that dispenses
fuel that is used to power internal combustion engines, including
motor vehicle engines, that processes the sale of fuel through a
remote electronic payment system, and that is in a location where an
employee or other agent of the seller is not present.
(o) "Retail motor fuel payment island automated cashier" means a
remote electronic payment processing station that processes the
retail sale of fuel that is used to power internal combustion
engines, including motor vehicle engines, that is in a location where
an employee or other agent of the seller is not present, and that is
located in close proximity to a retail motor fuel dispenser.
(p) "Online transaction involving an electronic downloadable
product" means a credit card transaction for a product, service,
subscription, or any other consideration, in which the product,
service, subscription, or consideration is provided by means of a
download to a computer, telephone, or other electronic device.
SEC. 3. Section 1747.08 of the Civil Code is amended to read:
1747.08. (a) Except as provided in subdivision (c), a person,
firm, partnership, association, or corporation that accepts credit
cards for the transaction of business shall not do any of the
following:
(1) Request, or require as a condition to accepting the credit
card as payment in full or in part for goods or services, the
cardholder to write any personal identification information upon the
credit card transaction form or otherwise.
(2) Request, or require as a condition to accepting the credit
card as payment in full or in part for goods or services, the
cardholder to provide personal identification information, which the
person, firm, partnership, association, or corporation accepting the
credit card writes, causes to be written, or otherwise records upon
the credit card transaction form or otherwise.
(3) Utilize, in any credit card transaction, a credit card form
that contains preprinted spaces specifically designated for filling
in any personal identification information of the cardholder.
(b) For purposes of this section, "personal identification
information" means information concerning the cardholder, other than
information set forth on the credit card, and including, but not
limited to, the cardholder's address and telephone number.
(c) Subdivision (a) does not apply in the following instances:
(1) If the credit card is being used as a deposit to secure
payment in the event of default, loss, damage, or other similar
occurrence.
(2) Cash advance transactions.
(3) If any of the following applies:
(A) The person, firm, partnership, association, or corporation
accepting the credit card is contractually obligated to provide
personal identification information in order to complete the credit
card transaction.
(B) The person, firm, partnership, association, or corporation
accepting the credit card in a sales transaction at a retail motor
fuel dispenser or retail motor fuel payment island automated cashier
uses the ZIP Code information solely for prevention of fraud, theft,
or identity theft.
(C) The person, firm, partnership, association, or corporation
accepting the credit card is obligated to collect and record the
personal identification information by federal or state law or
regulation.
(4) If personal identification information is required for a
special purpose incidental but related to the individual credit card
transaction, including, but not limited to, information relating to
shipping, delivery, servicing, or installation of the purchased
merchandise, or for special orders.
(d) (1) This section does not prohibit any person, firm,
partnership, association, or corporation from requiring the
cardholder, as a condition to accepting the credit card as payment in
full or in part, for goods or services, to provide reasonable forms
of positive identification, which may include a driver's license or a
California state identification card, or where one of these is not
available, another form of photo identification, provided that none
of the information contained thereon is written or recorded on the
credit card transaction form or otherwise. If the cardholder pays for
the transaction with a credit card number and does not make the
credit card available upon request to verify the number, the
cardholder's driver's license number or identification card number
may be recorded on the credit card transaction form or otherwise.
(2) Notwithstanding subdivision (a), a person, firm, partnership,
association, or corporation accepting the credit card may require a
cardholder, as a condition to accepting a credit card as payment in
full or in part, in an online transaction involving an electronic
downloadable product, to provide the billing ZIP Code number
and numerical portion of the street address associated with the
credit card, if used solely for the detection, investigation, or
prevention of fraud, theft, identity theft, or criminal activity, or
for enforcement of terms of sale. The person, firm, partnership,
association, or corporation accepting the credit card may require a
cardholder, as a condition to accepting a credit card as payment in
full or in part, in an online transaction involving an electronic
downloadable product, to provide additional personal
identification information, if it requires that information for
the detection, investigation, or prevention of fraud, theft,
identity theft, or criminal activity, or for enforcement of terms of
sale, and the additional personal
identification information is used solely for the
detection, investigation, or prevention of fraud, theft, identity
theft, or criminal activity, or for enforcement of terms of sale.
those purposes. The person, firm, partnership,
association, or corporation accepting the credit card shall destroy
or dispose of the ZIP Code, street address number, and any
additional personal identification information
it requires pursuant to this subdivision in a secure manner after it
is no longer needed for the detection, investigation, or
prevention of fraud, theft, identity theft, or criminal activity, or
for enforcement of terms of sale purposes authorized
under this paragraph . The person, firm,
partnership, association, or corporation accepting the credit card
shall not aggregate the ZIP Code, street address number, or
additional personal identification information
it requires pursuant to this subdivision with any other personal
identification information and shall not share the ZIP Code,
street address number, or additional personal
identification information it requires pursuant to this
subdivision with any other person, firm, partnership, association, or
corporation unless it is required to do so by state or federal law,
or is contractually obligated to share the information with another
entity to verify the information, complete the transaction, or for
the detection, investigation, or prevention of fraud, theft, identity
theft, or criminal activity, or for enforcement of terms of sale.
(3) (A) Notwithstanding subdivision (a), a person, firm,
partnership, association, or corporation may request, but not
require, personal information from a cardholder as part of an online
transaction involving an electronic downloadable product, as long as
the cardholder actively elects to provide the personal information by
opting in to the collection of the information and is
contemporaneously notified of all of the following:
(i) That providing the information is not required to complete the
transaction.
(ii) The purpose of the request.
(iii) The intended use of the information.
(B) A cardholder shall be provided with an additional opportunity
to opt out of the collection of the information before the online
transaction involving an electronic downloadable product is
completed.
(3) (A) Notwithstanding subdivision (a), a person, firm,
partnership, association, or corporation that provides an electronic
downloadable product may require a consumer to establish an account
as a condition for the purchase of an electronic downloadable product
and may require a consumer to provide personally identifiable
information to establish, maintain, or update that account. Except as
provided in subparagraph (B), the personal identification
information collected pursuant to this subdivision may only be used
for the establishment, maintenance, or updating of the account, or to
process a credit card transaction.
(B) (i) Concurrent with completing a transaction for an
electronically downloadable product, or when establishing an account
pursuant to subparagraph (A), a cardholder may elect to provide
personally identifiable information by opting in to the collection
and use of that information if he or she is contemporaneously
notified of the following:
(I) That providing the information is not required to complete the
transaction.
(II) The purpose of the request.
(III) The intended use of the information.
(ii) A cardholder shall be provided with an opportunity to opt out
of the collection of the information before the online transaction
involving an electronic downloadable product is completed.
(e) Any person who violates this section shall be subject to a
civil penalty not to exceed two hundred fifty dollars ($250) for the
first violation and one thousand dollars ($1,000) for each subsequent
violation, to be assessed and collected in a civil action brought by
the person paying with a credit card, by the Attorney General, or by
the district attorney or city attorney of the county or city in
which the violation occurred. However, no civil penalty shall be
assessed for a violation of this section if the defendant shows by a
preponderance of the evidence that the violation was not intentional
and resulted from a bona fide error made notwithstanding the
defendant's maintenance of procedures reasonably adopted to avoid
that error. When collected, the civil penalty shall be payable, as
appropriate, to the person paying with a credit card who brought the
action, or to the general fund of whichever governmental entity
brought the action to assess the civil penalty.
(f) The Attorney General, or any district attorney or city
attorney within his or her respective jurisdiction, may bring an
action in the superior court in the name of the people of the State
of California to enjoin violation of subdivision (a) and, upon notice
to the defendant of not less than five days, to temporarily restrain
and enjoin the violation. If it appears to the satisfaction of the
court that the defendant has, in fact, violated subdivision (a), the
court may issue an injunction restraining further violations, without
requiring proof that any person has been damaged by the violation.
In these proceedings, if the court finds that the defendant has
violated subdivision (a), the court may direct the defendant to pay
any or all costs incurred by the Attorney General, district attorney,
or city attorney in seeking or obtaining injunctive relief pursuant
to this subdivision.
(g) Actions for collection of civil penalties under subdivision
(e) and for injunctive relief under subdivision (f) may be
consolidated.
(h) The changes made to this section by Chapter 458 of the
Statutes of 1995 apply only to credit card transactions entered into
on and after January 1, 1996. Nothing in those changes shall be
construed to affect any civil action that was filed before January 1,
1996.