As a result of the California Supreme Court’s unanimous decision in Pineda v. Williams-Sonoma Stores, Inc., 246 P.3d 612 (Cal. 2011), many retailers are facing litigation and potentially big fines for requesting consumers’ ZIP codes during purchases. 

The maximum penalty for a first violation is $250, and $1,000 for each subsequent violation.  Moreover, the court approved retrospective application of the ZIP code ban and Justice Miranda pointed out that large penalties aren’t necessarily mandatory under law, and trial judges have broad discretion. 

Commercial General Liability/Umbrella Insurance

Most retailers may have a policy of insurance that would, at the very least, pay for defense counsel fees and other litigation expenses under their Commercial General Liability policy, above their SIR (self-insured retention) or deductible.  No court has yet ruled regarding coverage for the Song-Beverly Act violations. 

Most CGL policies cover a variety of claims that violate a “person’s right of privacy” under the “personal injury” offense within their policy.  The definition of “personal injury” frequently includes “oral or written publication, in any manner, of material that violates a person’s right of privacy.”  Thus, in many of the complaints for violation of the Song-Beverly Act, some form of publication of a person’s private information is implicated. 

In an instructive case regarding the interpretation of CGL policies in this area, the court in Netscape Communications Corp. v. Federal Insurance Company, No. 08-15120, 2009 WL 2634945 (9th Cir. (Cal.) Aug. 27, 2009) broadly defined “personal injury” as “making known to any person or organization written or spoken material that violates a person’s right to privacy.”  The court found that Netscape’s internal distribution of the collected information sufficient to constitute both a violation of “a person’s right of privacy” and a “publication” because “the underlying complaints sufficiently alleged that AOL had intercepted and internally disseminated private online communications.”  Id. at *1. 

The Netscape case and a similar case in the Southern District of Florida, Creative Hospitality Ventures, Inc. v. United States Liability Insurance Co., 655 F. Supp. 2d 1316 (S.D. Fla. 2009), which addressed FACTA claims where a restaurant’s printed credit card receipt handed to a patron included more than the last four digits of the account number, evidence why insurance coverage may be available to pay for Pineda-type lawsuits.  In fact, in the Pineda suit, as well as other suits that have been recently filed, the complaint specifically includes an express cause of action for “invasion of privacy.”   

Statutory Exclusions

Many policies today contain statutory exclusions.  They preclude coverage for “personal and advertising injury arising directly or indirectly out of any action or omission that violates or is alleged to violate any statute, ordinance or regulation that prohibits or limits the sending, transmitting, communicating or distribution of material information.”  The same facts that support a finding of publication may also trigger an exclusion regarding “sending, transmitting, communicating or distribution” of the material. 

Fortunately, many plaintiffs’ lawyers are not only filing under the Song-Beverly Act itself but include allegations or stated causes of action for common law and constitutional privacy claims.  These claims may trigger the retailer’s CGL policy, even if its policy has a statutory exclusion, to at least provide defense reimbursement.