Zip Code Ruling Spawns class action lawsuits - but do they trigger Coverage?
A rash of class action suits have been filed following a recent ruling by California Supreme Court in Pineda v. Williams-Sonoma Stores, Inc., S178241 (Cal. Sup. Ct. Feb. 10, 2011), which found that Williams-Sonoma violated the state’s credit card law by asking a customer to provide her zip code when making a purchase with a credit card. The customer sued the retailer, contending that it used her name and the zip code to determine her home address, which is now contained in the company’s data base. The Supreme Court found a zip code is part of one’s address and, therefore, the request and recording of same violates “the Song-Beverly Credit Card Act of 1971 (“the Credit Card Act”),Cal. Civ. Code, Section 1747.08, subd. (a)(2). Companies that violate the Act face fines of $250 for the first violation and as much as $1000 for each subsequent violation.
Do “zip code” suits trigger coverage under the “personal and advertising injury” coverage?
Do they qualify as “oral or written publication, in any manner, of material that violates a person’s right of privacy?” One might harken back to the class action suits filed against companies for violation of the Telephone Consumer Protection Act (“TCPA”). Courts were been split on the issue of whether TCPA claims fell within the right of privacy offense. The privacy interest that was the impetus for the TCPA was the consumer’s interest to be left alone from the intrusion of unwanted and unsolicited facsimile advertisements.
In contrast, the Credit Card Act Act was designed to address “the misuse of personal identification information for marketing purposes” and the Act’s overriding purpose was to “protect the personal privacy of consumers who pay for transactions with credit cards.” In other words, the privacy interest at issue is one of secrecy – keeping confidential information that the consumer does not want disclosed. That is the same interest that exists with respect to the Fair and Accurate Transaction Act (“the FACTA”), 15 U.S.C. § 1681c(g), which prohibits a retailer from “print[ing] more than the last 5 digits of the card number or the expiration date upon any receipt provided to the cardholder at the point of the sale or transaction.”
In a zip code suit, one might contest whether there was a “publication” of such material where liability is predicated solely on requesting and recording that information – as opposed to publishing it. This argument has been rejected with respect to coverage for FACTA violations. See, Creative Hospitality v. United States Liablity Ins. Co., 655 F. Supp. 2d 1316, 1329 (S.D. FL 2009). The issue could also be academic. In Pineda, the opinion indicates that after the customer provided her credit card information and her zip code, the retailer recorded that information in its database and used customized computer software to perform reverse searches. Those, in turn, provided the retailer with the customer’s previously undisclosed address, which it now maintains in its database. Indeed, the retailer uses its datebase to market products to customers and may sell all the information it has compiled to other businesses. Thus, in Pineda, there was a publication of the private information that the retailer obtained in violation of the Act.
Paragraph 3 of the “Distribution of Material” exclusion will likely be relied upon by insurers to deny a defense and indemnity obligations for zip code suits. That exclusion precludes coverage for alleged violations of the TCPA and CAN-Spam Act of 2003. It also states: This insurance does not apply to “personal and advertising injury” arising directly or indirectly out of any action or omission that violates or is alleged to violate:
(3) Any statute, ordinance or regulation, other than the TCPA or CAN-SPAM Act of 2003, that prohibits or limits the sending, transmittal, communication or distribution of material or information.
This exclusion was relied upon by the court in Creative Hospitality to preclude a defense and indemnity obligation for a suit alleging violation of the FACTA statute. The court looked to the ordinary meaning of "communication” and “distribution." The court noted that while the definitions demonstrate that the more common usage of the word "distribution" involves dissemination to a group, the term, nonetheless, also includes the act of providing something to a single person. The court held that "communicating" means, among other definitions, "shar[ing]," "... convey [ing] knowledge of or information about: mak[ing] known ..., and caus[ing] to pass from one to another ...." www. merriam-webster.com/dictionary/ communicating. Id., 655 F.Supp. 2d at 1340.
The court concluded that because the FACTA is a statute that limits the information that such an electronically printed receipt may include and prohibits the inclusion of certain information, the FACTA qualifies as a statute that "prohibits and limits the ... communicating or distribution of material or information," within the ordinary meaning of the terms of this exclusion. So too does the Credit Card Act at issue in Pineda. Both the FACTA and the Credit Card Act seek to protect the secrecy privacy interest by preventing financial or personal identification information from becoming known to others.
