Court Rules that E-mail Addresses Are Protected Personal Data

Home » Blog »


Share on facebook
Share on twitter
Share on linkedin

Get a Free Compliance Review

Our trusted legal counsel can help ensure your business stays compliant.
  • This field is for validation purposes and should be left unchanged.
Print Friendly, PDF & Email

1369223_35747408Previously we informed our readers that California’s new Internet data privacy law, effective January 1st, 2014, requires operators of commercial websites or online services that collect personally identifiable information (“PII”) from California consumers to conspicuously post their privacy policies on their respective websites.  Now, the federal District Court for the Eastern District of California has ruled that consumers’ e-mail addresses are PII under California’s Song-Beverly Act, and that retailers may not require consumers to provide their e-mail addresses prior to making a purchase with their credit cards.

Song-Beverly Act Generally

In an effort to cut down on the amount of unsolicited marketing material sent to California consumers, the California legislature passed the Song-Beverly Act (the “Act”), which prohibits retailers from requiring consumers to provide their PII prior to purchasing a good or service by credit card.  The Act defines PII as “information concerning the cardholder, other than information set forth on the credit card, and including, but not limited to, the cardholder’s address and telephone number.”

Recent Federal Court Case Regarding E-mail Addresses

While on its face, the Act outlaws retailers from collecting consumers’ telephone numbers and street addresses, there had been uncertainty as to whether a consumer’s e-mail address is subject to the Act.  In a class-action lawsuit brought against the popular retailer Nordstrom’s, the federal District Court found that, like zip codes, which were previously found to be PII under the Act, consumers’ e-mail addresses fall within the broad definition of PII under the Act.

In reaching this decision, the Court found that an e-mail address is, in fact, more personal than a consumer’s zip code.  Expanding on this reasoning, the Court stated that “a cardholder’s e[-]mail address permits direct contact and implicates the privacy interests of a cardholder.”  In essence, while a consumer’s zip code may inform the retailer of the general vicinity in which the consumer lives, an e-mail address gives the retailer direct access to the consumer through which it may deliver unsolicited marketing messages.

In rejecting Nordstrom’s argument that that the Controlling the Assault of Non-Solicited Pornography and Marketing Act (“CAN-SPAM”) preempts application of the Act to the facts at issue, the federal District Court ruled that CAN-SPAM is not preemptive because, unlike CAN-SPAM, the Act does not address or regulate the content of the e-mail messages sent to consumers.  In fact, the Court found that retailers should comply with both the Act and CAN-SPAM.

The District Court’s inclusion of e-mail as PII covered under the Act may whet the appetites of plaintiff’s attorneys and result in a new wave of e-mail related lawsuits in both California State and federal courts.

If you are interested in learning more about this topic, please e-mail us at, or call us at (212) 246-0900.

The material contained herein is provided for informational purposes only and is not legal advice, nor is it a substitute for obtaining legal advice from an attorney.  Each situation is unique, and you should not act or rely on any information contained herein without seeking the advice of an experienced attorney.

Attorney Advertising

Trending Topics