Law Review: Merchants may not ask for personal info with credit cards

Jim Porter
Law Review
Jim Porter

When you are purchasing merchandise from a merchant and using a credit card to pay, have you ever been asked to give your zip code or email address or other personal identification information? Spoiler alert: you do not have to provide it.


In 1971 Williams-Sonoma began requesting zip codes during point-of-sale transactions in California and began requesting email addresses in 2004.

Employees had discretion not to solicit customers’ zip codes or email addresses, but as a general rule they would ask for that information, sometimes telling customers that the information was not required and was only being collected for marketing purposes.


In 2013, a group of individuals sued Williams-Sonoma in a class action lawsuit claiming the Song-Beverly Credit Card Act of 1971 prohibited Williams-Sonoma from asking for personal identification information.

In fact, the Song-Beverly Act makes it unlawful for merchants to request or require customers to provide “personal identification information” as a condition to accepting a credit card for payment.

Williams-Sonoma defended claiming the information requested was voluntary and not requested as a condition to accepting the credit card payment.


The Song-Beverly Act was enacted to protect consumer privacy and to prohibit merchants from obtaining personal identification information under the mistaken impression the information is required to process a credit card transaction.

The question in the case was whether a reasonable customer might perceive the request for the personal information to be a condition of paying by credit card. Here we go again, another case talking about the reasonable person standard. It’s either the reasonable person standard, what would a reasonable person believe, or a subjective standard, what in fact did the customer believe.


The First Appellate District Court of Appeal ruled for Williams-Sonoma noting that each store had a sign next to the cash register stating that zip codes and email addresses were requested solely for marketing purposes and were not required. And the cashiers often didn’t even ask for the information or told customers that the personal information was not required.

The Court of Appeal denied the class certification claiming that these transactions were different and not all similar enough to be categorized as a class action lawsuit, and further concluded that a reasonable customer would likely understand that zip codes and email addresses were not required to process a credit card transaction.


Point being, you do not need to provide personal identification information unless you want to get bombarded with marketing emails.

Jim Porter is an attorney with Porter Simon licensed in California and Nevada, with offices in Truckee and Tahoe City, California, and Reno, Nevada. Jim’s practice areas include: real estate, development, construction, business, HOAs, contracts, personal injury, accidents, mediation and other transactional matters. He may be reached at or

Support Local Journalism


Support Local Journalism

Readers around Lake Tahoe, Truckee, and beyond make the Sierra Sun's work possible. Your financial contribution supports our efforts to deliver quality, locally relevant journalism.

Now more than ever, your support is critical to help us keep our community informed about the evolving coronavirus pandemic and the impact it is having locally. Every contribution, however large or small, will make a difference.

Your donation will help us continue to cover COVID-19 and our other vital local news.