Relates to the personal information of a credit or debit card holder: adds zip code, email address and home, cell and work telephone numbers to the personal information protected.
TITLE OF BILL: An act to amend the general business law, in relation to the personal information of a credit or debit card holder
PURPOSE: To protect consumers by prohibiting businesses from requiring personal identification information to complete credit or debit card transactions unless required by the credit or debit card issuer.
SUMMARY OF PROVISIONS: Amends subdivision 3 of section 520-a of the general business law, as amended by chapter 233 of the laws of 2007, to require that businesses accepting credit or debit cards may not require the credit or debit card holder to write or otherwise electronically enter any personal identification information. Such personal identification information includes but it not limited to address, zip code, email address, and telephone numbers (home, cell, and work).
EXISTING LAW: Current law prohibits retailers and businesses from requesting personal information to complete a credit or debit card transaction. However, personal information is loosely defined as address only. Additionally, the current law does not prohibit businesses from collecting electronically entered personal information.
JUSTIFICATION: At present, many businesses in New York and other states across the country require personal information, such as a zip code, when consumers complete credit or debit card transactions, despite the fact that such information is unnecessary when completing an in-person transaction. Such personal information can then be used in customized computer software to perform reverse searches from databases that contain millions of names, e-mail addresses, telephone numbers, and street addresses that are indexed in a manner resembling a reverse phonebook. The software can then match a person's name and zip code with their previously undisclosed address, giving the business the ability to market products to customers and to sell this information to other businesses.
In February 2011, the Supreme Court of California held in Pineda v. Williams-Sonoma Stores, Inc. that "personal identification information," as the term is used in their state Credit Card Act, includes a cardholder's zip code and that requesting and recording such information violates the Credit Card Act. As such, businesses in California can no longer require zip codes to complete credit transactions unless required by the credit or debit card issuer. A similar law suit was filed in Massachusetts in May 2011.
The language in the California Credit Card Act is nearly identical to the language used in subdivision 3 of section 520-a of the general business law in New York. By further defining what constitutes "personal identification information," consumer interests in New York
can be protected. Additionally, by prohibiting such information from being entered electronically, the statute becomes current with the technological advances made since the statute was originally passed in 1987.
LEGISLATIVE HISTORY: 2011-2012: S.6041 - Died in Committee
FISCAL IMPLICATIONS: None.
EFFECTIVE DATE: This act shall take effect immediately.
STATE OF NEW YORK ________________________________________________________________________ 1420 2013-2014 Regular Sessions IN SENATE (PREFILED) January 9, 2013 ___________Introduced by Sens. MONTGOMERY, KRUEGER -- read twice and ordered print- ed, and when printed to be committed to the Committee on Consumer Protection AN ACT to amend the general business law, in relation to the personal information of a credit or debit card holder THE PEOPLE OF THE STATE OF NEW YORK, REPRESENTED IN SENATE AND ASSEM- BLY, DO ENACT AS FOLLOWS: Section 1. Subdivision 3 of section 520-a of the general business law, as amended by chapter 233 of the laws of 2007, is amended to read as follows: 3. No person, firm, partnership or corporation which accepts credit or debit cards for the transaction of business shall require the credit or debit card holder to write OR ELECTRONICALLY ENTER on the credit or debit card transaction form, nor shall it write
[or], cause to be writ- ten, OR ELECTRONICALLY ENTERED on such form or on any attachment there- to, any personal identification information, including but not limited to the credit or debit card holder's address [or], ZIP CODE, EMAIL ADDRESS OR telephone [number]NUMBERS, INCLUDING HOME, CELL AND WORK TELEPHONE NUMBERS, that is not required by the credit or debit card issuer to complete the credit or debit card transaction; provided, however, that the credit or debit card holder's address and telephone number may be required [on such form or attachment thereto]where (i) such information is necessary for shipping, delivery or installation of purchased merchandise or for special orders; or (ii) the person, firm, partnership or corporation processes credit or debit card transactions by mailing transaction forms to a designated bankcard center for settle- ment. S 2. This act shall take effect immediately.EXPLANATION--Matter in ITALICS (underscored) is new; matter in brackets [ ] is old law to be omitted. LBD04040-01-3