Summary
In Alvarez, the Court of Appeal also rejected the defendant's argument that it had reasonably relied on Party City's interpretation in deciding how to conduct its credit card transactions because, like Pineda, the defendant's conduct and the filing of the complaint predated Party City.
Summary of this case from Dardarian v. OfficeMax North America, Inc.Opinion
No. D054355.
October 8, 2009. As modified October 30, 2009. REVIEW GRANTED February 10, 2010.
Appeal from the Superior Court of San Diego County, No. 37-2008-00086061-CU-BT-CTL, Ronald S. Prager, Judge.B
Lindsay Stonebarger, Gene J. Stonebarger, James M. Lindsay, Richard D. Lambert; Harrison Patterson O'Connor Kinkead, James R. Patterson, Harry W. Harrison and Cary A. Kinkead for Plaintiff and Appellant.
Atkins Davidson, Todd C. Atkins and Clark L. Davidson for The Consumer Federation of California and The Privacy Rights Clearinghouse as Amici Curiae on behalf of Plaintiff and Appellant.
Sheppard Mullin Richter Hampton, P. Craig Cardon and Elizabeth S. Berman for Defendant and Respondent.
Cooley Godward Kronish, Michelle C. Doolin, Lori R.E. Ploeger and Leo P. Norton for Old Navy as Amicus Curiae on behalf of Defendant and Respondent.
OPINION
California's Song-Beverly Credit Card Act of 1971 (Civ. Code, § 1747 et seq.; hereafter the Act) prohibits merchants that accept credit cards in transacting business from requesting and recording "personal identification information" concerning the cardholder. (Civ. Code, § 1747.08, subd. (a)(2); all undesignated statutory references are to the Civil Code.)
In this case, we conclude that the trial court properly sustained a merchant's demurrer to a customer's claims for violation of the Act and invasion of privacy based on allegations that the merchant requested and recorded the customer's zip code for the purpose of using it and the customer's name to obtain the customer's address through the use of a "reverse search" database. Accordingly, we affirm the judgment in the merchant's favor.
FACTUAL AND PROCEDURAL BACKGROUND
In accordance with the principles governing our review of a ruling sustaining a demurrer, the following factual recitation is taken from the allegations of the complaint. ( Moore v. Regents of University of California (1990) 51 Cal.3d 120, 125 [ 271 Cal.Rptr. 146, 793 P.2d 479].)
Jessica Pineda visited a store in California owned by Williams-Sonoma Stores, Inc. (the Store), and selected an item to purchase. She then went to the cashier to pay for the item with her credit card. The cashier asked for her zip code, but did not tell her the consequences if she declined to provide the information. Believing that she was required to provide her zip code to complete the transaction, Pineda provided the information. The cashier recorded it into the electronic cash register and then completed the transaction. At the end of the transaction, the Store had Pineda's credit card number, name and zip code recorded in its databases.
After acquiring this information, the Store used customized computer software to perform reverse searches from databases that contain millions of names, e-mail addresses, residential telephone numbers and residential addresses, and are indexed in a manner that resembles a reverse telephone book. The Store's software then matched Pineda's now known name, zip code or other personal information with her previously unknown address, thereby giving the Store access to her name and address. The Store then maintains all this information in a database.
Pineda filed this matter as a putative class action. She alleged that the Store's conduct violated the Act and Business and Professions Code section 17200 et seq. She also claimed that the Store invaded her privacy by requesting and recording her zip code; using this information, without her knowledge, to obtain her address; and viewing, printing, distributing and using her address for its own profit.
The Store demurred to the complaint on the following grounds: (1) the claim for violation of the Act failed because a zip code is not "personal identification information" under the Act; (2) Pineda lacked standing to sue for a violation of Business and Professions Code section 17200; and (3) her claim for invasion of privacy failed because (a) she did not allege any public disclosure, (b) it was uncertain, and (c) she did not allege all necessary elements.
After Pineda conceded the demurrer to her claim for violation of Business and Professions Code section 17200, the trial court sustained the demurrer to the remaining causes of action without leave to amend. The trial court concluded that a zip code did not fall within the definition of "personal identification information." (§ 1747.08, subd. (b).) It also concluded that Pineda's claim for invasion of privacy failed because she did not show she had a reasonable expectation of privacy in her zip code or home address, what steps she took to keep this information private, or how marketing to her caused unjustified embarrassment or indignity.
Pineda timely appealed. We declined Pineda's subsequent request to dismiss the appeal because it involved a matter of continuing public interest based on numerous similar actions filed statewide.
DISCUSSION I. Standard of Review
We review an order sustaining a demurrer without leave to amend de novo ( Blank v. Kirwan (1985) 39 Cal.3d 311, 318 [ 216 Cal.Rptr. 718, 703 P.2d 58]), assuming the truth of all properly pleaded facts as well as facts inferred from the pleadings, and give the complaint a reasonable interpretation by reading it as a whole and its parts in context ( Palacin v. Allstate Ins. Co. (2004) 119 Cal.App.4th 855, 861 [ 14 Cal.Rptr.3d 731]). However, we give no credit to allegations that merely set forth contentions or legal conclusions. ( Financial Corp. of America v. Wilburn (1987) 189 Cal.App.3d 764, 768-769 [ 234 Cal.Rptr. 653].) A complaint will be construed "liberally . . . with a view to substantial justice between the parties." (Code Civ. Proc., § 452.) If the complaint states a cause of action on any possible legal theory, we must reverse the trial court's order sustaining the demurrer. ( Palestini v. General Dynamics Corp. (2002) 99 Cal.App.4th 80, 86 [ 120 Cal.Rptr.2d 741].) Whether a plaintiff will be able to prove its allegations is not relevant. ( Alcorn v. Anbro Engineering, Inc. (1970) 2 Cal.3d 493, 496 [ 86 Cal.Rptr. 88, 468 P.2d 216].)
II. Analysis
A. Violation of the Act
The Act prohibits merchants that accept credit cards in transacting business from making requests that the cardholder provide "personal identification information" and from recording that information. (§ 1747.08, subd. (a)(2).) "`[P]ersonal identification information,' means information concerning the cardholder, other than information set forth on the credit card, and including, but not limited to, the cardholder's address and telephone number." (§ 1747.08, subd. (b).)
In Party City Corp. v. Superior Court (2008) 169 Cal.App.4th 497 [ 86 Cal.Rptr.3d 721] ( Party City), another panel of this court considered the language of the Act and the legislative history arguments presented by the parties. It concluded, as a matter of law, that a zip code is not "personal identification information" within the meaning of section 1747.08, subdivision (b) because a zip code is not facially individualized information. ( 169 Cal.App.4th at pp. 506, 518.)
Specifically, the Party City court noted that "[i]f the Legislature intended `personal identification information' to include all components of an address, not just specific ones, it would not have specified in subdivision (b) of section 1747.08 that the protected information (address and telephone number) is of the kind that pertains to individuals, not groups of ZIP Code inhabitants. The canon of ejusdem generis supports a construction of the phrase in section 1747.08, subdivision (b), `personal identification information,' or `information concerning the cardholder, other than information set forth on the credit card,' as meaning that the enumerated items (address and telephone number) were intended to be specific in nature regarding an individual, rather than a group identifier such as a ZIP Code. If the Legislature had intended `address' to be used in its unrestricted sense, it would not also have mentioned a specific item such as a telephone number in this context. [Citation.]" ( Party City, supra, 169 Cal.App.4th at p. 520.)
Pineda argues that Party City is distinguishable because there was no evidence in that case showing that the defendant used the collected zip codes to obtain its customers' addresses. She claims that the different factual context takes the instant case outside the Party City holding. The Store asserts that Party City is controlling. We agree with the Store.
In Party City, the plaintiff alleged, among other things, that the defendant used the zip codes it obtained to further its own business purposes through target marketing its products to consumers with a known interest in those products and that the collection of this information exposed customers to potential credit card fraud and identity theft. ( Party City, supra, 169 Cal.App.4th at p. 503.) The defendant moved for summary judgment on the ground a zip code is not "personal identification information" as a matter of law and, alternatively, that the plaintiff could not show that the cashier required a zip code as a condition to accepting a credit card payment. ( Ibid.) The plaintiff argued why a zip code constituted "personal identification information" as defined by the Act. The plaintiff also attempted to support her allegations by presenting evidence that online searches could be conducted to locate individuals using a zip code. ( 169 Cal.App.4th at pp. 504 — 505, fn. 5.) Accordingly, the Party City court was well aware of the allegation that the defendant used the collected zip codes to locate individuals before it concluded, as a matter of law, that a zip code did not constitute "personal identification information" within the meaning of the Act.
Simply put, the Act either allows a retailer to ask customers for a zip code or it prohibits this conduct. The Party City court concluded, and we agree, that the Act does not prohibit this conduct. Although Pineda asserts a zip code should be covered by the Act because existing technology allows any company or person to locate an individual based on the individual's name and zip code, this argument is best presented to the Legislature.
B. Invasion of Privacy
Pineda contends that her privacy claim is not dependent upon a finding that a zip code constitutes "personal identification information" within the meaning of the Act; rather, she asserts that her claim is based on the Store's alleged use of her name, credit card number and zip code to obtain her home address without her consent. The Store contends Pineda is improperly arguing a new theory on appeal, i.e., that the initial request for the zip code need not be wrongful or illegal. The question on demurrer, however, is whether the complaint states a cause of action "`under any possible legal theory.'" ( Fox v. Ethicon Endo-Surgery, Inc. (2005) 35 Cal.4th 797, 810 [ 27 Cal.Rptr.3d 661, 110 P.3d 914].) With this principle in mind, we review whether Pineda has sufficiently alleged the necessary elements to state a valid claim for invasion of privacy.
To establish a claim for invasion of privacy under the California Constitution, a plaintiff must show (1) a legally protected privacy interest; (2) a reasonable expectation of privacy; and (3) a serious invasion of that right. ( Hill v. National Collegiate Athletic Assn. (1994) 7 Cal.4th 1, 39-40 [ 26 Cal.Rptr.2d 834, 865 P.2d 633] ( Hill).) The three "threshold elements" set out in Hill allow courts to weed out claims that involve insignificant or de minimis intrusions not requiring explanation or justification. ( Loder v. City of Glendale (1997) 14 Cal.4th 846, 893 [ 59 Cal.Rptr.2d 696, 927 P.2d 1200].) Whether a legally protected privacy interest exists is a question of law. ( Hill, supra, at p. 40.) The second and third elements of the privacy claim involve mixed questions of law and fact. ( Ibid.) However, "[i]f the undisputed material facts show no reasonable expectation of privacy or an insubstantial impact on privacy interests, the question of invasion may be adjudicated as a matter of law." ( Ibid.)
Pineda argues that individuals have a protected privacy interest and a reasonable expectation of privacy in their home addresses. For purposes of our analysis we will assume, without deciding, that Pineda adequately alleged these elements and focus our attention on whether she alleged sufficient facts showing a serious invasion of that privacy right.
To be actionable, invasions of privacy "must be sufficiently serious in their nature, scope, and actual or potential impact to constitute an egregious breach of the social norms underlying the privacy right." ( Hill, supra, 7 Cal.4th at p. 37.) As a matter of law, Pineda has not alleged facts showing a substantial impact on her privacy interests. Pineda alleges that she suffered from an offensive intrusion to her privacy when the Store obtained her address, then viewed, printed, distributed and used the address for its own profit. Pineda, however, alleged no facts showing that her home address is not otherwise publicly available or what efforts she undertook to keep her home address private. Without such facts, using a legally obtained zip code to acquire, view, print, distribute or use an address that is otherwise publicly available does not amount to an offensive intrusion of her privacy.
Although Pineda argues that she adequately alleged that the Store sold her home address to third parties for profit, this allegation is not in the complaint. Even assuming Pineda had made such an allegation, we fail to see how selling an address that is otherwise publicly available amounts to "an egregious breach of the social norms underlying the privacy right." ( Hill, supra, 7 Cal.4th at p. 37; cf. Jeffrey H v. Imai, Tadlock Keeney (2000) 85 Cal.App.4th 345, 355 [ 101 Cal.Rptr.2d 916] [law firm's disclosure of the irrelevant HIV status of a litigant in an automobile accident case sufficient to allege egregious conduct invading privacy], disapproved of on other grounds in Jacob B. v. County of Shasta (2007) 40 Cal.4th 948, 962 [ 56 Cal.Rptr.3d 477, 154 P.3d 1003]; Egan v. Schmock (N.D.Cal. 2000) 93 F.Supp.2d 1090, 1095 [stalking and filming of neighbors in their home sufficient to allege invasion of privacy].)
Additionally, "the extent and gravity of the invasion is an indispensable consideration in assessing an alleged invasion of privacy." ( Hill, supra, 7 Cal.4th at p. 37.) Although Pineda seeks damages for the alleged invasion of her privacy, the complaint contains absolutely no facts showing the extent and gravity of the alleged invasion of privacy. Under the facts alleged, the disclosure of Pineda's address amounted to a trivial invasion of her assumed privacy interest.
DISPOSITION
The judgment is affirmed. The respondent is entitled to recover its costs on appeal.Benke, Acting P. J., and Huffman, J., concurred.