COURT OF APPEAL - FOURTH APPELLATE DISTRICT DIVISION ONE STATE OF CALIFORNIA
December 19, 2008
PARTY CITY CORPORATION, PETITIONER,
THE SUPERIOR COURT OF SAN DIEGO COUNTY, RESPONDENT; REBECCA J. PALMER, REAL PARTY IN INTEREST.
Petition for writ of mandate from an order of the Superior Court of San Diego County, William R. Nevitt Jr., Judge. Petition granted. (San Diego County Super. Ct. No. 37-2007-00075158-CU-MC-CTL).
The opinion of the court was delivered by: Huffman, Acting P. J.
CERTIFIED FOR PUBLICATION
This writ proceeding arises from an order denying the motion of Party City Corporation (Petitioner) for summary judgment in a prospective class action brought by Rebecca J. Palmer (plaintiff or real party in interest) under the Song-Beverly Credit Card Act of 1971, Civil Code section 1747 et seq. (the "Act"; all further statutory references are to the Civ. Code unless noted). Section 1747.08, subdivision (a)(2) of the Act prohibits merchants that accept credit cards in transacting business from making requests that the cardholder provide "personal identification information" concerning the cardholder, and from recording that information. According to petitioner, when the trial court denied its motion for summary judgment, the court erroneously interpreted the definition in section 1747.08 of the term "personal identification information," with respect to requesting and recording postal zip code information in a transaction. (§ 1747.08, subd. (b); Code Civ. Proc., § 437c.) Petitioner contends the plain language and the legislative history of that provision do not support any conclusion that a merchant's requesting and recording a customer's zip code amounts to the requesting and recording of protected "personal identification information" that is "concerning the cardholder" (§ 1747.08, subd. (b)), because a zip code provides generalized group location identification, rather than "personal identification information" "concerning a cardholder."
We agree that the trial court erroneously interpreted the definitional portions of section 1747.08, on several grounds: on a plain language basis, with respect to related federal regulatory definitions of the meaning and purpose of zip codes, and with respect to the interpretation of legislative history that shows the Act's principal statutory purposes. Petitioner is entitled to summary judgment on the complaint on the threshold definitional issue presented in the pleadings. The petition will be granted, and a related judicial notice request by plaintiff, concerning other superior court rulings on the same issue in different cases, will be denied.
FACTUAL AND PROCEDURAL BACKGROUND
A. Transaction and Nature of Proceedings
In September 2007, plaintiff filed her complaint in one cause of action, pleading a putative class action for declaratory relief and civil penalties for alleged violations of the Act that occurred when one of petitioner's cashiers asked for and recorded her five-digit zip code before completing her credit card transaction. She alleges that section 1747.08, subdivision (a)(2) prohibits any requesting and recording of a plaintiff's zip code in connection with a credit card transaction, because under section 1747.08, subdivision (b), the zip code is protected "personal identification information" in this context.*fn1
In her class action allegations, plaintiff identifies common questions of law and fact arising from such practices and procedures, including whether petitioner has a company policy or practice to request and record "personal identification information" from class members during credit card transactions.*fn2 She seeks statutory damages pursuant to section 1747.08, subdivision (e), up to maximum civil penalties of $250 for the first violation and $1,000 for each subsequent violation. Attorney fees under Code of Civil Procedure section 1021.5 are sought.
In her substantive allegations, plaintiff contends that "[u]pon information and belief, the 'personal identification information' is then used by Party City to further its own business purposes, including target marketing to increase product sales." Additionally, these business practices are alleged to allow petitioner "to gain an unfair business advantage over its competitors by collecting customers' 'personal identification information' by, among other things, directly marketing its products to consumers with a known interest in those products"; and that "by collecting customers' 'personal identification information,' Party City unnecessarily exposes customers to the potential for credit card fraud and identity theft . . . ." (Despite those generalized claims, only violations of the Act are pled, not any unfair business practices under the Unfair Competition Law; Bus. & Prof. Code, § 17200, et seq.)
B. Summary Judgment Motion
Petitioner moved for summary judgment or adjudication that there had been no violation of the Act as alleged because, as a matter of law, a zip code is not "personal identification information" within the statutory definitions. Petitioner alternatively argued that in any case, plaintiff did not show undisputed facts that the cashier required her to provide the five-digit zip code information, or recorded it, as a condition to accepting her credit card as payment in her transaction. Petitioner trains its cashiers to ask for the customer's zip code before the type of payment is known, and to enter "99999" into the register if the customer does not provide a zip code, and then to complete the transaction.*fn3
Statutory interpretation rules were argued by each side in the moving and opposing papers, with respect to the key issue of whether a zip code constitutes "personal identification information" as defined by section 1747.08, subdivision (b). Petitioner's separate statement supplied definitions of the term from federal postal regulations, and explained petitioner's policy to use zip code information requested from customers for demographic purposes, to send promotional mailers to various zip codes throughout the country.*fn4 The declaration of the attorney for petitioner attaches deposition excerpts from plaintiff, together with United States Census Bureau publications, to demonstrate that as of the year 2000, there were approximately 24,953 individual addressees in the zip code of this plaintiff. In the zip code for the superior court that decided this case, there were 27,494 individual addressees in the year 2000.
With respect to computer security issues, petitioner's marketing personnel provided declarations and deposition excerpts stating that (1) customers' names and credit card numbers are immediately encrypted in a store's computer system and are completely inaccessible to anyone in the store ; (2) plaintiff has never been contacted by anyone from the store, or received any mail addressed to her name from the store; (3) at the end of a sales day at the store, transaction information is downloaded to a computer server and routed to the corporate IT system; (4) various programs distribute the transaction information to different departments at corporate headquarters for purposes such as auditing, loss prevention, and marketing; (5) zip code information is made available only to the company's marketing department, and zip code data is transmitted there alone, without customer names or credit card numbers; and (6) the company does not maintain a system or database that would allow it to locate a particular California customer's address or phone number utilizing only zip code, name or credit card number.
In opposition, plaintiff contended that triable issues of material fact remained on whether the request was a condition of accepting her credit card, based on her testimony that the cashier asked for the zip code before the credit card transaction was complete and did not inform her that providing the information was voluntary. Plaintiff argued the statutory scheme is remedial and should be liberally interpreted in favor of privacy concerns. The only evidentiary support identified in her separate statement was her own deposition testimony about her personal experience that once a retailer has her credit card number and her zip code, "I've had my identity stolen before with less information than that."*fn5
C. Trial Court Ruling and Writ Petition; Judicial Notice in Opposition; Amicus Curiae Briefing
The court issued a tentative ruling and confirmed it as final: "The language of section 1747.08(b) is clear and unambiguous and the cardholder's zip code falls within its definition of 'personal identification information.' " The trial court also found there were triable issues about whether obtaining a zip code was a condition of completing the credit card transaction (but see fn. 3, ante).*fn6
This petition followed. In response, plaintiff filed opposition, including a request for judicial notice of trial court orders in two unrelated pending superior court cases, on the same issues concerning the definition of personal identification information in section 1747.08, subdivision (b). Petitioners object in their reply papers that such trial court orders do not constitute binding authority. We deferred this request to the merits panel, and will address it post.
We issued an order to show cause and granted petitioner's request for a stay of the trial court proceedings, including an upcoming motion for certification of the proposed class. We granted an application to file an amicus curiae brief on behalf of petitioner, from the California Retailers Association. In addition, we issued an order allowing further amicus curiae briefing on behalf of plaintiff, although none was filed.
I. INTRODUCTION AND STANDARDS FOR REVIEW; NARROW ISSUE PRESENTED
Although pretrial writ relief is sparingly granted, where the trial court's ruling may properly be evaluated as to its correctness or erroneousness as a matter of law, and where leaving it in place may substantially prejudice the petitioner's case, appellate courts may entertain a writ petition. (Omaha Indemnity Co. v. Superior Court (1989) 209 Cal.App.3d 1266, 1274-1275 (Omaha Indemnity).) If the petitioner lacks an adequate means for seeking timely relief, such as a direct appeal, or where the petitioner may incur prejudice that is not correctable on appeal due to the challenged ruling, the appellate courts may decide to intervene. (Id. at p. 1274.) The criteria for allowing writ relief will be applied depending upon the facts and circumstances of the particular case. (Ibid.)
Here, we deem it appropriate for this court to review this petition for writ of mandate in challenge of the summary judgment ruling, to determine the correctness of the trial court's legal determinations on the motion's statutory interpretation questions. (Code Civ. Proc., § 437c.) In this case, "the issue tendered in the writ petition is of widespread interest [citation])" and "presents a significant and novel constitutional issue [citation]," and further, "conflicting trial court interpretations of the law require a resolution of the conflict [citation.]." (Omaha Indemnity, supra, 209 Cal.App.3d 1266, 1273.)
Petitioner's motion for summary judgment was made on two grounds, the second of which was that a zip code is not "personal identification information" within the meaning of section 1747.08, subdivision (b). To resolve this legal issue, we will address the statutory interpretation arguments presented by each side, and our resolution of those issues makes it unnecessary to address the alternative grounds for the motion (i.e., whether there were undisputed facts here that petitioner did not request any information from the plaintiff as a condition of accepting her credit card). The trial court was presented with only legal questions on undisputed facts on the statutory interpretation of the terminology of the statute, and therefore this summary judgment ruling may be appropriately addressed likewise, on a de novo basis, in this writ proceeding. (See fn. 3, ante.)
At the outset, we address plaintiff's judicial notice request regarding (1) a December 27, 2006 Los Angeles Superior Court order in a similar case, denying defendant Burlington Coat Factory's motion for a preliminary injunction and making a related finding that collecting zip codes on credit card purchases is a violation of the Act (together with a later docket sheet indicating that on March 8, 2007, the Second District Court of Appeal summarily denied that defendant's writ petition challenging that ruling), and (2) a June 17, 2008 Los Angeles Superior Court order overruling in part defendant Big 5's demurrer to a similar complaint, which challenged the merchant's requests for zip codes as contrary to the Act.
An appellate court will take notice of official acts and public records, but " 'we do not take judicial notice of the truth of all matters stated therein.' [Citations.] '[T]he taking of judicial notice of the official acts of a governmental entity does not in and of itself require acceptance of the truth of factual matters which might be deduced therefrom, since in many instances what is being noticed, and thereby established, is no more than the existence of such acts and not, without supporting evidence, what might factually be associated with or flow therefrom.' [Citation.]" (Mangini v. R. J. Reynolds Tobacco Co. (1994) 7 Cal.4th 1057, 1063 -1064, overruled on other grounds in In re Tobacco Cases II (2007) 41 Cal.4th 1257.) These requests for judicial notice do not provide legal authority for plaintiff's position, and they are not of assistance here. There is no contention that the elements of res judicata or collateral estoppel may apply to any final judgment represented in the requested material. (Sosinsky v. Grant (1992) 6 Cal.App.4th 1548, 1568-1569.) The request is denied. Instead, we will treat this as a legal issue subject to de novo analysis and resolution on the record presented.
II. GENERAL PRINCIPLES OF STATUTORY INTERPRETATION
In Mejia v. Reed (2003) 31 Cal.4th 657, 663 (Mejia), our Supreme Court set out well-established rules of statutory construction that are designed to enable the courts to " 'ascertain the intent of the drafters so as to effectuate the purpose of the law. [Citation.] Because the statutory language is generally the most reliable indicator of legislative intent, we first examine the words themselves, giving them their usual and ordinary meaning and construing them in context.' [Citation.] '[E]very statute should be construed with reference to the whole system of law of which it is a part, so that all may be harmonized and have effect.' [Citation.]"
In Mejia, supra, 31 Cal.4th 657, 663, the court was presented with an unusual situation in which portions of two separate state codes that dealt with the same subject were potentially in conflict, but did not refer to one another. The court explained there are specialized rules for this situation, as follows: " 'Where as here two codes are to be construed, they "must be regarded as blending into each other and forming a single statute." [Citation.] Accordingly, they "must be read together and so construed as to give effect, when possible, to all the provisions thereof." [Citation.]' [Citation.] [¶] When the plain meaning of the statutory text is insufficient to resolve the question of its interpretation, the courts may turn to rules or maxims of construction 'which serve as aids in the sense that they express familiar insights about conventional language usage.' [Citation.] Courts also look to the legislative history of the enactment. 'Both the legislative history of the statute and the wider historical circumstances of its enactment may be considered in ascertaining the legislative intent.' [Citation.] Finally, the court may consider the impact of an interpretation on public policy, for '[w]here uncertainty exists consideration should be given to the consequences that will flow from a particular interpretation.' [Citation.]" (Ibid.)
Further guidance for evaluating such legal consequences is provided in People ex rel. Lungren v. Superior Court (1996) 14 Cal.4th 294, 305 (Lungren), as follows: " ' "[W]here the language of a statutory provision is susceptible of two constructions, one of which, in application, will render it reasonable, fair and harmonious with its manifest purpose, and another which would be productive of absurd consequences, the former construction will be adopted." [Citation.] . . . Stated differently, "Where uncertainty exists consideration should be given to the consequences that will flow from a particular interpretation." [Citation.] A court should not adopt a statutory construction that will lead to results contrary to the Legislature's apparent purpose." ' [Citation.]"
Before we turn to the text of the section under discussion, section 1747.08, subdivisions (a) and (b), we first take note that only a basic statement of the legislative intention of the Act is set forth in section 1747.01, i.e.:
"It is the intent of the Legislature that the provisions of this title as to which there are similar provisions in the federal Truth in Lending Act, as amended (15 U.S.C. 1601, et seq.), essentially conform, and be interpreted by anyone construing the provisions of this title to so conform, to the Truth in Lending Act and any rule, regulation, or interpretation promulgated thereunder by the Board of Governors of the Federal Reserve System, and any interpretation issued by an official or employee of the Federal Reserve System duly authorized to issue such interpretation."
This statutory cross-reference to federal truth in lending laws is consistent with the Act's evident purpose, to allow lawful and appropriate use of credit cards in the marketplace, while protecting credit card holders from unauthorized privacy violations. Here, as explained by petitioner's management personnel, the challenged practice of requesting zip codes from customers applies across the board, whether the customer is paying with cash, debit card, credit card, or check, because the merchant is asking for a zip code for marketing purposes. In any case, section 1747.01 is quite uninformative as to the definitional issue before us, but it does provide some support for utilizing parallel federal law or definitions of terms, where they may be reconciled with the other purposes of the Act, which are clearly remedial in nature and designed to protect legitimate privacy rights.
In Florez v. Linens 'N Things (2003) 108 Cal.App.4th 447, 453 (Florez), the court analyzed the legislative history of section 1747.08, including the effect of a 1991 amendment adding the word "request" to subdivision (a), with respect to taking or recording personal identification information from the cardholder, as a condition to accepting the credit card. The legislative intent, originally and in amendments, "clarified that a 'request' for personal identification information was prohibited if it immediately preceded the credit card transaction, even if the consumer's response was voluntary and made only for marketing purposes." (Ibid.) The court concluded that this addition of the word "request" should bar "a preliminary request for personal identification information," i.e., one that occurs before the customer tenders payment or makes his or her preferred method of payment known. (Ibid., italics added.) In that case, the "personal identification information" was an individual's telephone number, and the holding was limited to those issues on demurrer.
As we next explain, although the Act is remedial in nature, it also contains significant civil penalty enforcement provisions, which activate further statutory interpretation rules and concerns.
III. CONTENTIONS AND SPECIALIZED STATUTORY INTERPRETATION RULES
A. Basic Interpretive Rules for Penalty Provision in the Act, Section 1747.08, Subdivision (e)
Under section 1747.08, subdivision (e), a violation of the Act "shall" subject the defendant "to a civil penalty not to exceed two hundred fifty dollars ($250) for the first violation and one thousand dollars ($1,000) for each subsequent violation, to be assessed and collected in a civil action brought by the person paying with a credit card, by the Attorney General, or by the district attorney or city attorney of the county or city in which the violation occurred. However, no civil penalty shall be assessed for a violation of this section if the defendant shows by a preponderance of the evidence that the violation was not intentional and resulted from a bona fide error made notwithstanding the defendant's maintenance of procedures reasonably adopted to avoid that error. When collected, the civil penalty shall be payable, as appropriate, to the person paying with a credit card who brought the action, or to the general fund of whichever governmental entity brought the action to assess the civil penalty." (§ 1747.08, subd. (e).)
Due to the potentially significant monetary consequences of doing business in the manner described in the petition, if it is illegal, petitioner relies on Weber v. Pinyan (1937) 9 Cal.2d 226, 229 to assert that this " ' "statute creating a new liability, or increasing an existing liability, or even a remedial statute giving a remedy against a party who would not otherwise be liable, must be strictly construed in favor of the persons sought to be subjected to their operation." ' " " 'Since the statute imposes a new and unusual liability which partakes of the nature of a penalty, it should not, at least, receive a construction favoring the imposition of such liability. [Citations.]' " (Ibid.)
These rules for construing penalty statutes that create new civil liabilities have been further developed in case law. In Lungren, supra, 14 Cal.4th 294, 312, the Supreme Court acknowledged, "It is indeed the case that '[w]hen language which is susceptible of two constructions is used in a penal law, the policy of this state is to construe the statute as favorably to the defendant as its language and the circumstance of its application reasonably permit.' [Citation.]" However, this rule of strict construction of penal statutes rule has been limited, and it " ' " 'is not an inexorable command to override common sense and evident statutory purpose.' " ' [Citation.]" (Ibid.) Where the statutory purpose is remedial in nature, and the statute being construed prescribes only civil monetary penalties, then the general rule continues to apply, "that civil statutes for the protection of the public are, generally, broadly construed in favor of that protective purpose. [Citations.]" (Id. at pp. 313-314.) The court stated, "Although there may be circumstances in which civil statutes should be strictly construed, we find no reason to do so in this case." (Id. at p. 314 [interpreting a clean water law as applying to faucet manufacturers].)
Case law has analyzed the penalty provisions of the Act in other procedural contexts. As explained in Linder v. Thrifty Oil Co. (2000) 23 Cal.4th 429, 446-448 (Linder), a class action, the penalties of section 1747.08 may be imposed for each separate act that affects an individual cardholder, into the thousands, and the section "does not mandate fixed penalties; rather, it sets maximum penalties of $250 for the first violation and $1,000 for each subsequent violation." (Linder, supra, at p. 448 [construing the predecessor statute to § 1747.08, i.e., § 1747.8].) Accordingly, in the discretion of the trial court, there is an entire range of penalties available under this statute. (Linder, supra, at p. 448.)
In TJX Companies, Inc. v. Superior Court (2008) 163 Cal.App.4th 80, 84-87 (TJX), the Court of Appeal construed section 1747.08 as allowing the trial court to utilize its discretion to determine penalties under the Act, up to the statutory limits. That determination was made in connection with deciding, for limitations purposes, whether this type of civil penalty imposed in subdivision (e) "is a 'liability created by statute, other than a penalty or forfeiture,' subject to the three-year statute of limitations of Code of Civil Procedure section 338, or '[a]n action upon a statute for a penalty,' subject to the one-year statute of limitations of Code of Civil Procedure section 340." (Id. at pp. 84-85.) The appellate court ruled that Code of Civil Procedure section 340, subdivision (a) should apply, because these civil penalties are mandatory in nature, although their amount is discretionary. (Id. at p. 85, relying on Linder, supra, 23 Cal.4th at p. 448.)
Linder, supra, 23 Cal.4th 429, and the language of section 1747.08, subdivision (e) therefore establish only that the amounts of the otherwise mandatory penalties to be awarded are discretionary, and a "range of penalties" is supplied. In TJX, supra, 163 Cal.App.4th 80, 86, the court opined, "Presumably this could span between a penny (or even the proverbial peppercorn we all encountered in law school) to the maximum amounts authorized by the statute. Linder does not hold that the court may deny a penalty if the conditions of the statute are met. It is the amount of the penalty assessment that would rest within the sound discretion of the trial court. [¶] . . . [¶] The language of subdivision (e) is mandatory. Violators 'shall be subject to.' [Citation.] A penalty must be imposed, although the amount of the penalty is within the discretion of the court, as long as it does not exceed the statutory maximums." Thus, the court in TJX acknowledged that the statutory language, "shall be subject to," imposes an obligation that is mandatory in nature. (Id. at pp. 86-87.) As it pertains to our case, TJX confirms that this section does create a mandatory civil penalty, and that this monetary amount may become significant in number, where violations are proven. We accordingly agree with petitioner that the definitions in the Act that give rise to exposure to this mandatory civil penalty should be strictly construed, even though the Act's remedial purpose must also be implemented.
B. Special Rules for Reconciling Two Statutes and Application of All Rules
With these various rules in mind, we return to the problem that section 1747.08, subdivision (b) does not expressly define what is "personal identification information." The Act does not refer to definitions found in the federal postal regulations, such as zip codes. In an analogous case, the Supreme Court in Mejia stated that the task was to harmonize the two statutes. (Mejia, supra, 31 Cal.4th 657, 668.) To do so, the courts will turn to the language of the statutes and their legislative history. If those are not dispositive, then the court "would have to turn to an analysis of the relevant policy considerations as they bear on the question of legislative intent." (Ibid.) We next set out our legislative history and plain language analyses, in light of the applicable policy considerations.
1. Statutory Interpretation in Existing Case Law
Section 1747.08, subdivision (a) disallows a business that accepts credit cards from requesting, requiring, and recording, as a condition to accepting the credit card as payment, that the cardholder supply personal identification information in the credit card transaction. Under subdivision (b), " 'personal identification information,' means information concerning the cardholder, other than information set forth on the credit card, and including, but not limited to, the cardholder's address and telephone number."
This statute has been interpreted in other factual and procedural contexts. In Florez, the court held that an allegation that the store's "Telephone Capture Policy," in which it requested and recorded personal identification information from its customers in the form of individuals' telephone numbers, was sufficient to state a viable cause of action for violation of the Act. The timing of the request was important. The court ruled that the statute forbids "a preliminary request for personal identification information," made before the customer tenders payment or makes the preferred method of payment known. (Florez, supra, 108 Cal.App.4th at p. 453; italics added.) "[W]e note [former] section 1747.8 is a consumer protection statute, and the retailer's request for personal identification information must be viewed from the customer's standpoint. In other words, the retailer's unannounced subjective intent is irrelevant. What does matter is whether a consumer would perceive the store's 'request' for information as a 'condition' of the use of a credit card." (Florez, supra, at p. 451.)
The court in Florez further noted: "[N]othing prevents a retailer from soliciting a consumer's address and telephone number for a store's mailing list, if that information is provided voluntarily. Retailers are not without options in this regard. A merchant can easily delay the request until the customer tenders payment or makes his or her preferred method of payment known. If the payment is made with cash, and the customer is so inclined, personal identification information can be recorded at that time. Alternatively, retailers could delete a customer's personal identification information as soon as the customer reveals an intention to pay by credit card." (Florez, supra, 108 Cal.App.4th at pp. 451-452.) These statements do not address the statutory definition of "personal identification information."
In Absher v. AutoZone, Inc. (2008) 164 Cal.App.4th 332, 341-346 (Absher), the appellate court determined that this prohibition on requiring personal identification information as a condition of "any credit card transaction" does not apply to a return that is made in exchange for a reversal of the original credit card purchase transaction. The court interpreted the restrictions in section 1747.08, subdivision (a) as applying only to purchase transactions, not to return transactions, as a "more reasonable result." (Absher, supra, at p. 346.) In part, this resulted from the exceptions that are provided in section 1747.08, subdivision (c) to the restrictions set forth in subdivision (a) (exceptions such as the use of a credit card as a deposit to secure payment in the event of default, loss, damage, or other similar occurrence). The court's interpretation read the contested provisions of the section in context, concluding that this "better harmonizes the enumerated prohibitions within that subdivision, while fulfilling the goals of the Legislature in enacting the statute and the legislative intent apparent in the statute. And, it allows merchants reasonable means to safeguard against potential abuses in connection with the return of merchandise." (Absher, supra, at p. 346.)*fn7
In Absher, supra, 164 Cal.App.4th at page 346, the court distinguished Florez as involving a factually different issue involving alleged requests for personal telephone numbers, made before the customer announced his or her preferred method of payment. (Florez, supra, 108 Cal.App.4th at p. 451.) The legislative history as outlined in Florez nevertheless made clear "that the Legislature sought to address the misuse of personal identification information for, inter alia, marketing purposes," if the information was not necessary to the completion of the credit card transaction. (Absher, supra, 164 Cal.App.4th at p. 345.) Returns were treated differently in the section. In neither of those cases did the courts address whether it is a "misuse" of "personal identification information" to request and record zip codes, whether in a credit or non-credit transaction. (§ 1747.08, subd. (a)(2).)
Likewise, in TJX, supra, 163 Cal.App.4th 80, 87-89, the statutory prohibition against requiring customers who use credit cards to provide personal identification information that was recorded was held not to apply to merchandise returns, due to legitimate fraud prevention concerns. Florez, supra, 108 Cal.App.4th 447, was distinguished as an interpretation of former section 1747.8, subdivision (a)(2), which deals with "payment" (not merchandise returns; same in renumbered section). (TJX, supra, at pp. 88-89.) As set forth above, the court in TJX also analyzed the nature of the civil penalty provided in the statute, finding it is mandatory as to imposition although discretionary as to amount. (Id. at pp. 84-87.)
The above cases are distinguishable on their facts as involving the timing and the recording of certain requested personal identification information, such as individual telephone numbers, and involving the particular circumstances of merchandise returns using a credit card. They do not answer the question of what definition should be given with regard to zip codes under the Act.
2. Legislative History Arguments
For purposes of the Act, section 1747.08, subdivision (b) defines "personal identification information," as information "concerning the cardholder, other than information set forth on the credit card, and including, but not limited to, the cardholder's address and telephone number." Information "concerning the cardholder" is protected pursuant to the purposes of the Act, in order to prevent customer identification that goes beyond what the consumer has consented to disclose.
With respect to the statutory term "including, but not limited to," the Supreme Court in Dyna-Med, Inc. v. Fair Employment & Housing Comm. (1987) 43 Cal.3d 1379, 1390-1393 (Dyna-Med), construed it in the context of deciding whether another remedial act, the FEHA, should allow the administrative agency that was enforcing it (the commission) to have the authority to award punitive damages. (Gov. Code, § 12970, subd. (a).) The Supreme Court applied statutory construction principles to make a "reasonable reading of the phrase 'including, but not limited to,' [as providing] that the Legislature intended to authorize the commission to take such other remedial action as in its judgment seems appropriate to redress a particular unlawful employment practice and to prevent its recurrence, thus eliminating the practice." (Dyna-Med, supra, at p. 1390, fns. omitted.) A reading of the phrase as permitting only additional corrective remedies, not punitive remedies, was "reasonable" in light of the legislative purpose of FEHA. (Id. at pp. 1390-1391.)
In Dyna-Med, the Supreme Court noted that legislative construction rules "are mere guides and will not be applied so as to defeat the underlying legislative intent otherwise determined . . . ." (Dyna-Med, supra, 43 Cal.3d at p. 1391.) In that case, they were utilized to achieve a result that was "consistent with both the remedial purpose of the Act and the ordinary import of the statutory language." (Ibid.) One of those doctrines is particularly relevant here in interpreting this definitional statute. That is, " '[T]he doctrine of ejusdem generis . . . states that where general words follow the enumeration of particular classes of persons or things, the general words will be construed as applicable only to persons or things of the same general nature or class as those enumerated. The rule is based on the obvious reason that if the Legislature had intended the general words to be used in their unrestricted sense, it would not have mentioned the particular things or classes of things which would in that event become mere surplusage.' [Citations.]" (Ibid., fn. 12.)
Here, petitioner relies on the canon of ejusdem generis as requiring this court to construe the phrase "information concerning the cardholder" to mean information that is most like an "address and telephone number" that relates to a particular cardholder, and that is specific or individualized in nature. Petitioner argues this reading is supported by legislative history, because the Legislature enacted the statute out of concerns that retailers were arbitrarily selling specific, personal information about individual consumers' spending habits, and it had also been possible for sales personnel to use such identification information to harass individual customers. However, a zip code is not of itself specific or personal information about an individual, but rather it serves as a group identifier about location; in this case, the individual is one of some 24,000 addressees there. Petitioner argues that accordingly, these statutory definitions have failed to put retailers on notice that a zip code is personal identification information, so that this court should adopt a construction that would avoid any void-for-vagueness problems.
In response, plaintiff argues that precluding retailers from requesting zip codes is consistent with the legislative history, to "protect the personal privacy of consumers who pay for transactions with credit cards." She says the author of the Act provided statements in legislative history that it should allow retailers to request and record "only pieces of information needed to process credit card transactions," such as the "amount of purchase, sales date, description of the goods or services sold, cardholder signature, merchant's information, and an authorization number." Based on her own deposition testimony, she contends that a credit card number, together with a zip code, might lead to identity theft concerns. Additionally, she argues that a zip code is no longer just a way of moving mail, and it is possible that sophisticated analyses of such aggregated information may be available to invade a consumer's privacy. Even though petitioner states it does not match zip codes with credit card numbers, she believes that its particular practice should make no difference to the goal of implementing the broad remedial purpose of the Act.
Plaintiff further contends the reading offered by petitioner would rewrite the statute, by adding the words "personal," "identifying," and "a particular cardholder," to modify and define the phrase "information concerning the cardholder." (§ 1747.08, subd. (b).) If the Legislature intended to exclude zip codes from "information concerning the cardholder," it could have expressly done so. Also, she would read the phrase "including, but not limited to" as one of enlargement, not limitation, and she argues against applying the canon of ejusdem generis if it would defeat an evident legislative purpose of protecting credit cards users from "misuse" of "personal identification information." (See Absher, supra, 164 Cal.App.4th at p. 345.)
At oral argument on the petition, plaintiff brought up a new point not argued below or in the briefs, by citing to section 1747.08, subdivision (d) for the idea that a retailer may request identification when a customer uses a credit card, but the retailer may not write down or record the identification information given "on the credit card transaction form or otherwise."*fn8 (Ibid.) For example, this might prevent the recording of a zip code as part of the information thus found on an identifying driver's license, so plaintiff thinks a zip code, as part of an address, is necessarily "personal identification information" that may not be recorded within the meaning of the entire section.
Normally, such new arguments raised for the first time at the appellate level need not be dealt with, but we will address this point in connection with our plain language discussion, as necessary.
3. Plain Language Reading
To resolve this dispute, it is appropriate to look first to federal regulations, to define our terms. It is fair to say that the definitions in this statutory scheme impliedly incorporate both the common meaning of its terminology and also technical federal zip code definitions. 39 Code of Federal Regulations sections 111.1 and 111.2 set forth mailing standards of the U.S. Postal Service, and supply a domestic mail manual, which incorporates by reference the regulations governing domestic mail services (pursuant to 5 U.S.C. § 552(a) [public information requirements of the Administrative Procedure Act].) In 39 Code of Federal Regulations, part 3001, subpart C, appendix A, setting forth rules of practice and procedure for the mail classification schedule, we find definitions for expedited mail, including section 1008, ZIP Code: "The ZIP Code is a numeric code that facilitates the sortation, routing, and delivery of mail." This definition of zip codes is set forth in the Mailing Standards of the United States Postal Service, DMM, Addressing, section 602:
"1.8 ZIP Codes [¶] 1.8.1 Purpose of ZIP Code [¶] The ZIP (Zone Improvement Plan) Code system is a numbered coding system that facilitates efficient mail processing. The USPS assigns ZIP Codes. All Post Offices are assigned at least one unique 5-digit ZIP Code. Larger Post Offices may be assigned two or more 5-digit ZIP Codes (multi-5-digit ZIP Code offices). Separate 5-digit ZIP Codes are assigned to each delivery unit at these offices."*fn9 (http://pe.usps.com/text/dmm300/602.htm)
In 39 Code of Regulations, part 3001, subchapter C, appendix A, section 4000 et seq., Postal Zones, further information is provided about the geographic units of area, used for determining postal zones: "[T]he earth is considered to be divided into units of area thirty minutes square, identical with a quarter of the area formed by the intersecting parallels of latitude and meridians of longitude. The distance between these units of area is the basis of the postal zones."
We think that these broadly worded statements in the official zip code definitions, made for the purpose of isolating particular population sectors for improved mail delivery, do not clearly bring an individual's zip code within the scope of "personal identification information" that may not be requested and recorded within the meaning of the Act. The record shows that in 2000, there were 24,953 individual addressees in the zip code of this plaintiff, and in the location of the superior court that decided this case, approximately 27,000. A zip code is not an address, but only a portion of it, and knowing a stand-alone zip code has not been shown to be potentially more helpful in locating a specific person than knowing his or her state or county of residence. A zip code is not an individualized set of identification criteria, such as telephone numbers would be, but rather zip codes provide identification of a relatively large group, on the present record.
The manner in which this petition for writ of mandate has been presented to us (to overturn a denial of summary judgment) has allowed us to limit our review to the issue of whether the Act's statutory definition, as a matter of law, supports the allegations made by plaintiff. (§ 1747.08, subd. (b).) It does not, because a zip code is not facially individualized information in the same way that a personal (or, e.g., an individual's work) telephone number is, such as Florez, supra, 108 Cal.App.4th 447, sought to protect, at the demurrer stage of the proceedings. Conversely, as noted in TJX, supra, 163 Cal.App.4th 80 and Absher, supra, 164 Cal.App.4th 332, individualized transactions such as returns on credit card purchases give rise to legitimate concerns for personal identification and fraud prevention, making disclosure and recording of personal information necessary and not forbidden. Also, there is nothing in section 1747.08, subdivision (d) to indicate that, as a matter of law, a retailer may not write down or record any particular portion of the identification information that is given in connection with a credit card transaction, if this is not a "misuse" of "personal identification information." A five-digit zip code is not, as a matter of law, that kind of personalized or individual identification information within the statutory terms.
As an aside, we note that the common practice of petroleum companies in requiring zip code identification for the use of credit cards at the gas pump was tangentially discussed at argument both before the trial court and this court, as relating to individualized transactions for which there are particular security concerns about the identity of the cardholder. On this point, it should be noted that both parties appear to argue that petroleum purchases on credit are separately dealt with in the Act, but that is only partially true. In section 1747.02, the definitions for use in the Act exclude from the covered "credit card" terminology this item: "(a)(3) Any key or card key used at an automated dispensing outlet to obtain or purchase petroleum products, as defined in subdivision (c) of Section 13401 of the Business and Professions Code [gas and oil products], that will be used primarily for business rather than personal or family purposes." (Italics added.) Then, under section 1747.03, subdivision (a)(2), the Act expressly excludes from its coverage such business-related key card transactions, i.e., those involving "the use of any key or a card key used at an automated dispensing outlet to obtain or purchase petroleum products . . . , which will be used primarily for business rather than personal or family purposes." Since this case has been brought as a consumer class action involving personal or family use of credit cards, those exclusions from coverage of the Act of such business-related key card transactions do not assist us in interpreting "personal identification information" with respect to zip codes.
At oral argument, the parties conceded that they do not believe the Act is violated when petroleum retailers request such zip code information, apparently for verification of identity of the cardholder at the gas pump. In any case, there is no evidence on this record about whether and how petroleum retailers "record" zip codes requested in that manner, or for what purposes. Those particular issues are not before us and we confine our holding to the facts presented.
In any case, if we carry to an extreme plaintiff's argument against requesting zip codes during a transaction, it would also prevent a retailer from ever inquiring into a customer's state of residence for promotional or marketing purposes (e.g., Southern California specials?). Plaintiff is painting with too broad a brush to state that under the Act, any component of an address is necessarily a "personal identification" item, since the zip code portion of an address does not in itself supply enough information to identify an individual. Although plaintiff has tried to contend that there are always identity theft concerns in any requested disclosure of any address components in connection with any credit card transaction, she did not create any triable issues of fact that would prevent a plain language reading of this definitional portion of the Act. (§ 1747.08, subd. (b).) This is not yet a case for which expert testimony is necessary to resolve specific identity theft factual disputes.
Thus, even though a zip code provides some "identification," it is primarily group identification within the meaning of the Act, because tens of thousands of people have the same zip code. We accept petitioner's argument that a zip code by itself does not qualify as "personal identification information" because it is not "personal" -- i.e., it is not information about a particular cardholder. (§ 1747.08, subd. (b).) Certainly, those definitional words "concerning the cardholder" have several possible meanings, and one such meaning could cover any and all information. Likewise, "personal identification information" can be interpreted different ways.
Nevertheless, the purpose of the Act requires us to read those definitional terms in a way that is consistent with the purpose and intent of the Act, i.e., to promote appropriate and lawful use of credit cards for consumers and merchants, while protecting credit card holders from unauthorized or potentially harmful disclosures or misuse of private, personal information. (See Absher, supra, 164 Cal.App.4th at p. 345.) If the Legislature intended "personal identification information" to include all components of an address, not just specific ones, it would not have specified in subdivision (b) that the protected information (address and telephone number) is of the kind that pertains to individuals, not groups of zip code inhabitants. The canon of ejusdem generis supports a construction of the phrase in section 1747.08, subdivision (b), "personal identification information," or "information concerning the cardholder, other than information set forth on the credit card," as meaning that the enumerated items (address and telephone number) were intended to be specific in nature regarding an individual, rather than a group identifier such as a zip code. If the Legislature had intended "address" to be used in its unrestricted sense, it would not also have mentioned a specific item such as a telephone number in this context. (Dyna-Med, supra, 43 Cal.3d 1379, 1391, fn. 12.)
In context, regulatory provisions relating to the same subject matter (addresses and the portions thereof, such as zip codes) should be harmonized to the extent possible. (Dyna-Med, supra, 43 Cal.3d at pp. 1386-1387.) The most reasonable reading of subdivision (b), in light of the statutory purposes, is one that identifies protected information as consisting of material pertaining to individuals or smaller groups than those who live in a particular zip code. This reading is bolstered by the potentially substantial nature of the mandatory civil penalties provided by the Act for "misuse" of "personal identification information." (See Absher, supra, 164 Cal.App.4th at p. 345.) Moreover, since zip codes do not fall within the protected category in the Act, the timing of any such request is immaterial. (See Florez, supra, 108 Cal.App.4th at pp. 451-453.) The undisputed facts are that petitioner requests and records zip codes of all of its customers, not only those who pay by credit card, and petitioner accepts a refusal to disclose them by recording an alternative figure (99999). Plaintiff has failed to bring her allegations within the coverage of the Act.
4. Federal and Other State Legislation; Policy Considerations
Although we believe that the statutory interpretation above disposes of the issue, we address additional arguments advanced by the parties. "[T]he use of identical language in analogous statutes requires like interpretation. [Citation.]" (Dyna-Med, supra, 43 Cal.3d 1379, 1398.) Petitioner points to several consumer protection statutes that define protected information as information of a specific personal nature, and that do not specify zip codes as protected (instead, designating private information as name, address, telephone number, and credit card number). (Bus. & Prof. Code, § 22947.1 [computer spyware regulation]; also see Civ. Code, §§ 1798.80, subd. (e), 1798.82 [part of the Civil Code regarding "obligations arising from particular transactions," pertaining to protections for customer records].) In particular, petitioner relies on the federal Driver's Privacy Protection Act, 18 United States Code section 2725, which exempts from the definition of personal identification information a five-digit zip code.*fn10 While interesting, these materials are not particularly significant one way or the other, due to the enormous scope of consumer protection legislation in the state and federal arenas. We prefer to focus on the definitions in this statutory scheme, and the zip code definitions impliedly incorporated into them.
Finally, petitioner argues that it has a business need to market its goods and that its preferred way of doing this is recording zip code information for purposes of sending out bulk mailings of flyers. This is a policy consideration more properly addressed to the Legislature. Even so, statutory interpretation is not conducted in a vacuum, and the factual context of a particular dispute will give shape to the application of statutory construction principles. As just noted, this statute imposes civil penalties that are mandatory in nature, if violations are proved, and therefore our duty is to construe the statute in the most limited way that will protect its remedial purpose. (Lungren, supra, 14 Cal.4th at pp. 313-314.)
This is the type of case described in Mejia, supra, 31 Cal.4th 657, in which different statutory bodies should be harmonized to implement the purposes of each. Absent express statutory language dictating that a group identifier such as a zip code qualifies as protected personal identification information under the Act, we are reluctant to conclude that Legislature intended to control business marketing decisions in this way. If the intention of this legislation was to single out credit card users in this respect, that legislative judgment could have been expressed more clearly.
Let a writ of mandate issue ordering the superior court to grant the motion for summary judgment in favor of petitioner. The stay of proceedings is dissolved. Costs are awarded to petitioner.
WE CONCUR: HALLER, J., McDONALD, J.