Data is hugely important in running a successful restaurant
today. Targeted email marketing campaigns can be an invaluable
marketing tool. But trying to collect too much data can land your
bistro in hot water. California has specific laws limiting what
data can and cannot be collected – restaurants need to be
aware of these limitations or it can be very costly.
For example, California enacted the Song-Beverly Credit Card Act in order to
promote consumer protection. The Act's purpose is to protect
people's personal privacy and personal identification
information during credit card transactions. California courts have
found the Act's purpose is to protect against the misuse of
personal identification information for, among other things,
"marketing purposes" – which is exactly why
businesses want this data. They want to email you their weekly
specials and happy hour deals!
The statute specifically prohibits merchants from requesting or
requiring personal identification information as a condition of
using a credit card. The key language of the Act is as follows:
... [no] corporation that accepts credit cards for the
transaction of business shall ... [r]equest, or require as a
condition to accepting the credit card ... personal identification
Courts have found that "personal identification
information" includes a customer's phone number,
addresses, and even email addresses. In other words, if a
restaurant or diner asks for a customer's email, phone number,
or ZIP code during the credit card payment process, it could open
the restaurant to liability under the Act.
And liability is potentially huge – $250 for the first
violation and $1,000 per each subsequent violation. That means if a
restaurant requests a mere 100 email addresses a day in violation
of the Act, within a couple of weeks the business could be facing
over a million dollars in potential liability – a very
expensive electronic mailing list.
The other day, I ate lunch at a fast casual restaurant chain.
Sure enough, in the middle of the credit card transaction came a
request for my email address. Businesses need to be very careful
about how they collect, store, monitor, and use customer data. The
rules are tricky, and missteps can lead to disaster.
Disclaimer:This Alert has been
prepared and published for informational purposes only and is not
offered, nor should be construed, as legal advice. For more
information, please see the firm's
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
The Los Angeles City Attorney's office has filed civil lawsuits on behalf of the State of California against four of the largest retailers in the United States, alleging that they have engaged in deceptive "false reference pricing"...
On January 26, the United States District Court for the Southern District of Indiana granted preliminary approval of a $17.5 million Telephone Consumer Protection Act class action against Navient Solutions Inc.
A federal appeals court recently held void a product contamination policy issued to H.J. Heinz Company on the basis that Heinz failed to disclose previous contamination claims on its insurance application.
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).