Privacy at stake in state Senate bill

There are two compelling reasons for the California Senate to approve legislation that would extend basic consumer-privacy protections to online transactions.

One is fairness to consumers: Californians should not be forced to turn over more personal information than is necessary to execute a transaction and protect against fraud when they buy a downloadable product.

The other is fairness to brick-and-mortar stores that are struggling to compete against online businesses that already enjoy myriad savings in tax and labor costs. Those online merchants should not get the additional advantage of being able to collect, aggregate and exploit personal information for marketing purposes.

Under long-standing California law, a store clerk can ask to see a customer’s photo identification (such as a driver’s license), but cannot record personal information (such as a phone number or home address) as part of a credit card transaction. That law also applies to purchases made over the telephone. An exception was made in 2011 for gas stations to require customers to punch in their ZIP codes at self-serve islands.

Apple and other online retailers have argued that the law should not apply to them because they don’t have the opportunity to visually inspect a credit card signature or ID. They insisted they needed additional information to guard against fraud and identity theft.

The state Supreme Court sided with the online retailers in a 4-3 decision in February. Justice Goodwin Liu, writing for the majority, said it was clear the Legislature intended to balance privacy concerns with the need to protect consumers and retailers from "undue risk of fraud."

The dissents were vigorous and persuasive. Justice Joyce Kennard called the ruling "a major loss for consumers, who in their online activities already face an ever-increasing encroachment upon their privacy." The court effectively gave online retailers a green light to collect whatever personal information they desire – to use as they wish – as a routine part of a credit card transaction.

That ruling led to SB383, authored by Sen. Hannah-Beth Jackson, D-Santa Barbara, which is expected to come to a full Senate vote this week. It would limit online retailers to collecting the verification they actually need to prevent fraud on a credit card purchase: namely, a customer’s ZIP code and street-address number.

The bill also would prevent online merchants from storing or aggregating that information in a manner that could be used for marketing purposes.

Just think about the personal profile that could be compiled through an individual’s downloaded purchases: everything from financial details and dating interests to medical needs and political views.

California legislators need to close this gaping hole in privacy law.

Senate Bill 383

The Song-Beverly Credit Card Act of 1971 prohibits retailers from recording personal information (such as address or phone number) as part of a credit card transaction. However, a recent state Supreme Court ruling declared that those privacy protections do not extend to the sale of downloadable products.

SB 383 would:

— Limit the collection of personal information in an online credit card transaction to the billing ZIP code and the numerical portion of the customer’s street address.

— That information could be used "solely for the prevention of fraud, theft or identity theft." It could not be aggregated with other personal identifying information or shared with a third party.

— The online seller would be required to dispose of a customer’s ZIP code and address number "in a secure manner" once it is no longer needed.