SB 383

Bill Subjects

Abstract

Existing state and federal law regulates the provision of credit and the use of credit cards. The Song-Beverly Credit Card Act of 1971 generally regulates credit card transactions and prohibits a person or entity that accepts credit cards for the transaction of business from requesting, or requiring as a condition to accepting the credit card, that the cardholder write any personal identification information, as defined, upon the credit card transaction form or otherwise. Existing law prohibits a person or entity that accepts credit cards for the transaction of business from requesting, or requiring as a condition to accepting the credit card, that the cardholder provide his or her personal identification information to the person or entity to be written or caused to be written upon the credit card transaction form or otherwise. Notwithstanding those provisions, existing law authorizes a person or entity that accepts credit cards for the transaction of business to require the cardholder, as a condition to accepting the credit card, to provide reasonable forms of positive identification, which may include a driver's license or a California state identification card, provided that the information is not written or recorded on the credit card transaction form or otherwise. Existing law authorizes the use of ZIP Code information in a sales transaction at a retail motor fuel dispenser or retail motor fuel payment island with an automated cashier that uses the ZIP Code information solely for prevention of fraud, theft, or identity theft. This bill would authorize a person or entity that accepts credit cards in an online transaction involving an electronic downloadable product, as defined, to require a cardholder, as a condition to accepting a credit card as payment in full or in part, in an online transaction involving an electronic downloadable product, to provide personal identification information, as defined, if it requires that information for the detection, investigation, or prevention of fraud, theft, identity theft, or criminal activity, or for enforcement of terms of sale, and the personal identification information is used solely for those purposes. The bill would require that person or entity to destroy or dispose of the personal identification information it requires in a secure manner after it is no longer needed for those purposes. The bill would prohibit that person or entity from aggregating personal identification information and from sharing personal identification information it requires with any other person or entity, as specified. The bill, notwithstanding the foregoing provisions, would also authorize a person or entity accepting a credit card in an online transaction involving an electronic downloadable product to require a consumer to establish an account as a condition for purchase of the product and to provide personally identifiable information in connection with that account, as specified. The bill would also authorize a consumer, concurrent with completing a transaction for an electronically downloadable product, to elect to opt in to the collection and use of personally identifiable information provided certain disclosures are made and he or she is permitted to opt out prior to completing the transaction.