Pineda v. Williams-Sonoma Stores, Inc.

51 Cal. 4th 524 (2011)

JESSICA PINEDA, Plaintiff and Appellant,
v.
WILLIAMS-SONOMA STORES, INC., Defendant and Respondent.

No. S178241.

Supreme Court of California.

February 10, 2011.

*526 Lindsay & Stonebarger, Stonebarger Law, Gene J. Stonebarger, James M. Lindsay, Richard D. Lambert; Harrison Patterson O'Connor & Kinkead, Harrison Patterson & O'Connor, James R. Patterson, Harry W. Harrison, Matthew J. O'Connor and Cary A. Kinkead for Plaintiff and Appellant.

Atkins & Davidson, Todd C. Atkins and Clark L. Davidson for the Consumer Federation of California and The Privacy Rights Clearinghouse as Amici Curiae on behalf of Plaintiff and Appellant.

Sheppard Mullin Richter & Hampton, P. Craig Cardon and Elizabeth S. Berman for Defendant and Respondent.

Linda A. Wooley; Venable, John F. Cooney, Michael B. Garfinkel and Paul A. Rigali for Direct Marketing Association as Amicus Curiae on behalf of Defendant and Respondent.

*527 Knox, Lemmon, Anapolsky & Schrimp and Thomas S. Knox for California Retailers Association as Amicus Curiae on behalf of Defendant and Respondent.

Cooley Godward Kronish, Cooley, Michelle C. Doolin, Lori R.E. Ploeger, Leo P. Norton and Darcie A. Tilly for The Gap, Inc., Old Navy, LLC, and Banana Republic, LLC, as Amici Curiae on behalf of Defendant and Respondent.

Call & Jensen, Matthew R. Orr, Melinda Evans and Scott R. Hatch for Kmart Holding Corporation as Amicus Curiae on behalf of Defendant and Respondent.

OPINION

MORENO, J.—

The Song-Beverly Credit Card Act of 1971 (Credit Card Act) (Civ. Code, § 1747 et seq.) is "designed to promote consumer protection." (Florez v. Linens 'N Things, Inc. (2003) 108 Cal. App. 4th 447, 450 [133 Cal. Rptr. 2d 465] (Florez).) One of its provisions, section 1747.08, prohibits businesses from requesting that cardholders provide "personal identification information" during credit card transactions, and then recording that information. (Civ. Code, § 1747.08, subd. (a)(2).)[1]

Plaintiff sued defendant retailer, asserting a violation of the Credit Card Act. Plaintiff alleges that while she was paying for a purchase with her credit card in one of defendant's stores, the cashier asked plaintiff for her ZIP code. Believing it necessary to complete the transaction, plaintiff provided the requested information and the cashier recorded it. Plaintiff further alleges that defendant subsequently used her name and ZIP code to locate her home address.[2]

(1) We are now asked to resolve whether section 1747.08 is violated when a business requests and records a customer's ZIP code during a credit card transaction. In light of the statute's plain language, protective purpose, and legislative history, we conclude a ZIP code constitutes "personal identification information" as that phrase is used in section 1747.08. Thus, requesting and recording a cardholder's ZIP code, without more, violates the Credit *528 Card Act. We therefore reverse the contrary judgment of the Court of Appeal and remand for further proceedings consistent with our decision.

FACTS AND PROCEDURAL HISTORY

Because we are reviewing the sustaining of a demurrer, we assume as true all facts alleged in the complaint. (Sheehan v. San Francisco 49ers, Ltd. (2009) 45 Cal. 4th 992, 996 [89 Cal. Rptr. 3d 594, 201 P.3d 472].)

In June 2008, plaintiff Jessica Pineda filed a complaint against defendant Williams-Sonoma Stores, Inc.[3] The complaint alleged the following:

Plaintiff visited one of defendant's California stores and selected an item for purchase. She then went to the cashier to pay for the item with her credit card. The cashier asked plaintiff for her ZIP code and, believing she was required to provide the requested information to complete the transaction, plaintiff provided it. The cashier entered plaintiff's ZIP code into the electronic cash register and then completed the transaction. At the end of the transaction, defendant had plaintiff's credit card number, name, and ZIP code recorded in its database.

Defendant subsequently used customized computer software to perform reverse searches from databases that contain millions of names, e-mail addresses, telephone numbers, and street addresses, and that are indexed in a manner resembling a reverse telephone book. The software matched plaintiff's name and ZIP code with plaintiff's previously undisclosed address, giving defendant the information, which it now maintains in its own database. Defendant uses its database to market products to customers and may also sell the information it has compiled to other businesses.

Plaintiff filed the matter as a putative class action, alleging defendant had violated section 1747.08 and the unfair competition law (UCL) (Bus. & Prof. Code, § 17200 et seq.). She also asserted an invasion of privacy claim. Defendant demurred, arguing a ZIP code is not "personal identification information" as that phrase is used in section 1747.08, that plaintiff lacked standing to bring her UCL claim, and that the invasion of privacy claim failed for, among other reasons, failure to allege all necessary elements. Plaintiff *529 conceded the demurrer as to the UCL claim, and the trial court subsequently sustained the demurrer as to the remaining causes of action without leave to amend. As for the Credit Card Act claim, the trial court agreed with defendant and concluded a ZIP code does not constitute "personal identification information" as that term is defined in section 1747.08.

The Court of Appeal affirmed in all respects. With respect to the Credit Card Act claim, the Court of Appeal relied upon Party City Corp. v. Superior Court (2008) 169 Cal. App. 4th 497 [86 Cal. Rptr. 3d 721] (Party City), which similarly concluded a ZIP code, without more, does not constitute personal identification information.[4]

Plaintiff sought our review regarding both her Credit Card Act claim and her invasion of privacy cause of action. We granted review, but only of plaintiff's Credit Card Act claim.[5]

DISCUSSION

(2) We independently review questions of statutory construction. (Imperial Merchant Services, Inc. v. Hunt (2009) 47 Cal. 4th 381, 387 [97 Cal. Rptr. 3d 464, 212 P.3d 736].) In doing so, we look first to the words of a statute, "because they generally provide the most reliable indicator of legislative intent." (Hsu v. Abbara (1995) 9 Cal. 4th 863, 871 [39 Cal. Rptr. 2d 824, 891 P.2d 804].) We give the words their usual and ordinary meaning (Lungren v. Deukmejian (1988) 45 Cal. 3d 727, 735 [248 Cal. Rptr. 115, 755 P.2d 299]), while construing them in light of the statute as a whole and *530 the statute's purpose (Walker v. Superior Court (1998) 47 Cal. 3d 112, 124 [253 Cal. Rptr. 1, 763 P.2d 852]). "In other words, `"we do not construe statutes in isolation, but rather read every statute `with reference to the entire scheme of law of which it is part so that the whole may be harmonized and retain effectiveness.'"'" (Smith v. Superior Court (2006) 39 Cal. 4th 77, 83 [45 Cal. Rptr. 3d 394, 137 P.3d 218].) We are also mindful of "the general rule that civil statutes for the protection of the public are, generally, broadly construed in favor of that protective purpose." (People ex rel. Lungren v. Superior Court (1996) 14 Cal. 4th 294, 313 [58 Cal. Rptr. 2d 855, 926 P.2d 1042] (Lungren); see Florez, supra, 108 Cal.App.4th at p. 450 [liberally construing former § 1747.8, now § 1747.08].) "If there is no ambiguity in the language, we presume the Legislature meant what it said and the plain meaning of the statute governs." (People v. Snook (1997) 16 Cal. 4th 1210, 1215 [69 Cal. Rptr. 2d 615, 947 P.2d 808].) "Only when the statute's language is ambiguous or susceptible of more than one reasonable interpretation, may the court turn to extrinsic aids to assist in interpretation." (Murphy v. Kenneth Cole Productions, Inc. (2007) 40 Cal. 4th 1094, 1103 [56 Cal. Rptr. 3d 880, 155 P.3d 284].) Our discussion thus begins with the words of section 1747.08.

(3) Section 1747.08, subdivision (a) provides, in pertinent part, "[N]o person, firm, partnership, association, or corporation that accepts credit cards for the transaction of business shall . . .: [¶] . . . [¶] (2) Request, or require as a condition to accepting the credit card as payment in full or in part for goods or services, the cardholder to provide personal identification information, which the person, firm, partnership, association, or corporation accepting the credit card writes, causes to be written, or otherwise records upon the credit card transaction form or otherwise." (§ 1747.08, subd. (a)(2), italics added.)[6] Subdivision (b) defines personal identification information as "information concerning the cardholder, other than information set forth on the credit card, and including, but not limited to, the cardholder's address and telephone number." (§ 1747.08, subd. (b).) Because we must accept as true plaintiff's allegation that defendant requested and then recorded her ZIP code, the outcome of this case hinges on whether a cardholder's ZIP code, without more, constitutes personal identification information within the meaning of section 1747.08. We hold that it does.

*531 Subdivision (b) defines personal identification information as "information concerning the cardholder . . . including, but not limited to, the cardholder's address and telephone number." (§ 1747.08, subd. (b), italics added.) "Concerning" is a broad term meaning "pertaining to; regarding; having relation to; [or] respecting. . . ." (Webster's New Internat. Dict. (2d ed. 1941) p. 552.) A cardholder's ZIP code, which refers to the area where a cardholder works or lives (see DMM, supra, ch. 602, subtopic 1.8.1 [as of Feb. 10, 2011] [each U.S. post office is assigned at least one unique five-digit ZIP code]), is certainly information that pertains to or regards the cardholder.

In nonetheless concluding the Legislature did not intend for a ZIP code, without more, to constitute personal identification information, the Court of Appeal pointed to the enumerated examples of such information in subdivision (b), i.e., "the cardholder's address and telephone number." (§ 1747.08, subd. (b).) Invoking the doctrine ejusdem generis, whereby a "general term ordinarily is understood as being `"restricted to those things that are similar to those which are enumerated specifically"'" (Costco Wholesale Corp. v. Superior Court (2009) 47 Cal. 4th 725, 743 [101 Cal. Rptr. 3d 758, 219 P.3d 736] (conc. opn. of George, C.J.)), the Court of Appeal reasoned that an address and telephone number are "specific in nature regarding an individual." By contrast, the court continued, a ZIP code pertains to the group of individuals who live within the ZIP code. Thus, the Court of Appeal concluded, a ZIP code, without more, is unlike the other terms specifically identified in subdivision (b).

(4) There are several problems with this reasoning. First, a ZIP code is readily understood to be part of an address; when one addresses a letter to another person, a ZIP code is always included. The question then is whether the Legislature, by providing that "personal identification information" includes "the cardholder's address" (§ 1747.08, subd. (b)), intended to include components of the address. The answer must be yes. Otherwise, a business could ask not just for a cardholder's ZIP code, but also for the cardholder's street and city in addition to the ZIP code, so long as it did not also ask for the house number. Such a construction would render the statute's protections hollow. Thus, the word "address" in the statute should be construed as encompassing not only a complete address, but also its components.

Second, the court's conclusion rests upon the assumption that a complete address and telephone number, unlike a ZIP code, are specific to an individual. That this assumption holds true in all, or even most, instances is doubtful. In the case of a cardholder's home address, for example, the *532 information may pertain to a group of individuals living in the same household. Similarly, a home telephone number might well refer to more than one individual. The problem is even more evident in the case of a cardholder's work address or telephone number—such information could easily pertain to tens, hundreds, or even thousands of individuals.[7] Of course, section 1747.08 explicitly provides that a cardholder's address and telephone number constitute personal identification information (id., subd. (b)); that such information might also pertain to individuals other than the cardholder is immaterial. Similarly, that a cardholder's ZIP code pertains to individuals in addition to the cardholder does not render it dissimilar to an address or telephone number.

More significantly, the Court of Appeal ignores another reasonable interpretation of what the enumerated terms in section 1747.08, subdivision (b) have in common, that is, they both constitute information unnecessary to the sales transaction that, alone or together with other data such as a cardholder's name or credit card number, can be used for the retailer's business purposes. Under this reading, a cardholder's ZIP code is similar to his or her address or telephone number, in that a ZIP code is both unnecessary to the transaction and can be used, together with the cardholder's name, to locate his or her full address. (Levitt & Rosch, Putting Internet Search Engines to New Uses (May 2006) 29 L.A. Law. 55, 55; see Solove, Privacy and Power: Computer Databases and Metaphors for Information Privacy (2001) 53 Stan. L.Rev. 1393, 1406-1408.) The retailer can then, as plaintiff alleges defendant has done here, use the accumulated information for its own purposes or sell the information to other businesses.

There are several reasons to prefer this latter, broader interpretation over the one adopted by the Court of Appeal. First, the interpretation is more consistent with the rule that courts should liberally construe remedial statutes in favor of their protective purpose (Lungren, supra, 14 Cal.4th at p. 313), which, in the case of section 1747.08, includes addressing "the misuse of personal identification information for, inter alia, marketing purposes." (Absher v. AutoZone, Inc. (2008) 164 Cal. App. 4th 332, 345 [78 Cal. Rptr. 3d 817] (Absher).)[8] The Court of Appeal's interpretation, by contrast, would *533 permit retailers to obtain indirectly what they are clearly prohibited from obtaining directly, "end-running" the statute's clear purpose. This is so because information that can be permissibly obtained under the Court of Appeal's construction could easily be used to locate the cardholder's complete address or telephone number. Such an interpretation would vitiate the statute's effectiveness. Moreover, that the Legislature intended a broad reading of section 1747.08 can be inferred from the expansive language it employed, e.g., "concerning" in subdivision (b) and "any personal identification information" in subdivision (a)(1). (Italics added.) The use of the broad word "any" suggests the Legislature did not want the category of information protected under the statute to be narrowly construed.

(5) Second, only the broader interpretation is consistent with section 1747.08, subdivision (d). Subdivision (d) permits businesses to "requir[e] the cardholder, as a condition to accepting the credit card . . ., to provide reasonable forms of positive identification, which may include a driver's license or a California state identification card, . . . provided that none of the information contained thereon is written or recorded . . . ." (§ 1747.08, subd. (d), italics added.) Of course, driver's licenses and state identification cards contain individuals' addresses, including ZIP codes. (Veh. Code, §§ 12811, subd. (a)(1)(A), 13005, subd. (a); People v. McKay (2002) 27 Cal. 4th 601, 620 [117 Cal. Rptr. 2d 236, 41 P.3d 59].) Thus, under Civil Code section 1747.08, subdivision (d), a business may require a cardholder to provide a driver's license, but it may not record any of the information on the license, including the cardholder's ZIP code. Under the Court of Appeal's interpretation, the Legislature inexplicably permitted in section 1747.08, subdivision (a)(2), what it explicitly forbade in subdivision (d)—the requesting and recording of a ZIP code.[9] We decline to conclude such an inconsonant result was intended. (Absher, supra, 164 Cal.App.4th at p. 343 ["A statute open to more than one interpretation should be interpreted so as to `"avoid anomalous or absurd results."' [Citations.]"].)[10]

*534 (6) In light of the foregoing, and particularly given the internal inconsistency that would arise under the Court of Appeal's alternate construction, we conclude that the only reasonable interpretation of section 1747.08 is that personal identification information includes a cardholder's ZIP code. We disapprove Party City Corp. v. Superior Court, supra, 169 Cal. App. 4th 497, to the extent it is inconsistent with our opinion.

Even were we to conclude that the alternative interpretation urged by defendant and adopted by the Court of Appeal was reasonable, the legislative history of section 1747.08 offers additional evidence that plaintiff's construction is the correct one.[11] The Credit Card Act was enacted in 1971 to "impose[] fair business practices for the protection of the consumers." (Young v. Bank of America (1983) 141 Cal. App. 3d 108, 114 [190 Cal. Rptr. 122].) It made "major changes in the law dealing with credit card practices by prescribing procedures for billing, billing errors, dissemination of false credit information, issuance and unauthorized use of credit cards." (Sen. Song, sponsor of Sen. Bill No. 97 (1971 Reg. Sess.) enrolled bill mem. to Governor Reagan (Oct. 12, 1971) p. 1.) As originally enacted, however, the Credit Card Act did not contain section 1747.08 or any analogous provision.

In 1990, the Legislature enacted former section 1747.8[12] (Assem. Bill No. 2920 (1989-1990 Reg. Sess.) § 1), seeking "to address the misuse of personal identification information for, inter alia, marketing purposes, and [finding] that there would be no legitimate need to obtain such information from credit card customers if it was not necessary to the completion of the credit card transaction." (Absher, supra, 164 Cal.App.4th at p. 345.) The statute's overriding purpose was to "protect the personal privacy of consumers who pay for transactions with credit cards." (Assem. Com. on Finance and Ins., Analysis of Assem. Bill No. 2920 (1989-1990 Reg. Sess.) as amended Mar. 19, 1990, p. 2.)

The Senate Committee on Judiciary's analysis highlighted the motivating concerns: "The Problem [¶] . . . [¶] Retailers acquire this additional personal information for their own business purposes—for example, to build mailing and telephone lists which they can subsequently use for their own in-house marketing efforts, or sell to direct-mail or tele-marketing specialists, or to *535 others." (Sen. Com. on Judiciary, Analysis of Assem. Bill No. 2920 (1989-1990 Reg. Sess.) as amended June 27, 1990, pp. 3-4.) To protect consumers, the Legislature sought to prohibit businesses from "requiring information that merchants, banks or credit card companies do not require or need." (Assem. Com. on Finance and Ins., Analysis of Assem. Bill No. 2920 (1989-1990 Reg. Sess.) as amended Mar. 19, 1990, p. 2.)

A year later, in 1991, the Legislature amended former section 1747.8. (Assem. Bill No. 1477 (1991-1992 Reg. Sess.) § 2.) Two of the changes shed further light on the Legislature's intent regarding former section 1747.8's scope. First, the Legislature added a provision (former § 1747.8, subd. (d)) (former subdivision (d)) substantially similar to the subdivision (d) now in section 1747.08, permitting businesses to require cardholders provide identification so long as none of the information contained thereon was recorded. (Stats. 1991, ch. 1089, § 2, p. 5042.) The adoption of former subdivision (d) was described as "a clarifying, nonsubstantive change." (State and Consumer Services Agency, Enrolled Bill Rep. on Assem. Bill No. 1477 (1991-1992 Reg. Sess.) Sept. 9, 1991, p. 3.) Defendant argues that, because the adoption of former subdivision (d) was intended to be nonsubstantive, it is irrelevant to our inquiry here. We draw the opposite conclusion. That former subdivision (d) was considered merely clarifying and nonsubstantive suggests the Legislature understood former section 1747.8 to already prohibit the requesting and recording of any of the information, including ZIP codes, contained on driver's licenses and state identification cards.

Second, the 1990 version of former section 1747.8 forbade businesses from "requir[ing] the cardholder, as a condition to accepting the credit card, to provide personal identification information . . . ." (Stats. 1990, ch. 999, § 1, p. 4191.) In 1991, the provision was broadened, forbidding businesses from "[r]equest[ing], or requir[ing] as a condition to accepting the credit card . . ., the cardholder to provide personal identification information . . . ." (Stats. 1991, ch. 1089, § 2, p. 5042, italics added.) "The obvious purpose of the 1991 amendment was to prevent retailers from `requesting' personal identification information and then matching it with the consumer's credit card number." (Florez, supra, 108 Cal.App.4th at p. 453.) "[T]he 1991 amendment prevents a retailer from making an end-run around the law by claiming the customer furnished personal identification data `voluntarily.'" (Ibid.) That the Legislature so expanded the scope of former section 1747.8 is further evidence it intended a broad consumer protection statute.

To be sure, the legislative history does not specifically address the scope of section 1747.08, subdivision (b) or whether the Legislature intended a ZIP code, without more, to constitute personal identification information. However, the legislative history of the Credit Card Act in general, and section *536 1747.08 in particular, demonstrates the Legislature intended to provide robust consumer protections by prohibiting retailers from soliciting and recording information about the cardholder that is unnecessary to the credit card transaction. Plaintiff's interpretation of section 1747.08 is the one that is most consistent with that legislative purpose.

Thus, in light of the statutory language, as well as the legislative history and evident purpose of the statute, we hold that personal identification information, as that term is used in section 1747.08, includes a cardholder's ZIP code.

(7) We briefly address defendant's contention that this construction violates due process. First, defendant argues such an interpretation is unconstitutionally oppressive because it would result in penalties "approach[ing] confiscation of [defendant's] entire business . . . ." Not so. As we have previously noted (fn. 8, ante at p. 532), the statute "does not mandate fixed penalties; rather, it sets maximum penalties of $250 for the first violation and $1,000 for each subsequent violation." (Linder v. Thrifty Oil Co., supra, 23 Cal.4th at p. 448.) "Presumably this could span between a penny (or even the proverbial peppercorn we all encountered in law school) to the maximum amounts authorized by the statute." (The TJX Companies, Inc. v. Superior Court (2008) 163 Cal. App. 4th 80, 86 [77 Cal. Rptr. 3d 114].) Thus, the amount of the penalties awarded rests within the sound discretion of the trial court. (Ibid.)

Second, defendant contends that plaintiff's interpretation renders the statute unconstitutionally vague and, thus, our adoption of that interpretation should be prospectively applied only. We are not persuaded. In our view, the statute provides constitutionally adequate notice of proscribed conduct, including its reference to a cardholder's address as an example of personal identification information (§ 1747.08, subd. (b)) as well as its prohibition against retailers recording any of the information contained on identification cards (id., subd. (d)). Moreover, while Party City, supra, 169 Cal. App. 4th 497, reached a contrary conclusion, both defendant's conduct and the filing of plaintiff's complaint predate that decision; it therefore cannot be convincingly argued that the practice of asking customers for their ZIP codes was adopted in reliance on Party City. Indeed, it is difficult to see how a single decision by an inferior court could provide a basis to depart from the assumption of retrospective operation. (See People v. Guerra (1984) 37 Cal. 3d 385, 401 [208 Cal. Rptr. 162, 690 P.2d 635], disapproved on another ground in People v. Hedgecock (1990) 51 Cal. 3d 395, 409-410 [272 Cal. Rptr. 803, 795 P.2d 1260].) In sum, defendant identifies no reason that would justify a departure from the usual rule of retrospective application. (See Grafton Partners v. Superior Court (2005) 36 Cal. 4th 944, 967 [32 Cal. Rptr. 3d 5, 116 P.3d 479].)

*537 DISPOSITION

The judgment of the Court of Appeals is reversed and the case is remanded for further proceedings consistent with this decision.

Cantil-Sakauye, C.J., Kennard, J., Baxter, J., Werdegar, J., Chin, J., and Corrigan, J., concurred.

NOTES

[1] All unlabeled statutory references are to the Civil Code.

[2] ZIP is an acronym that stands for "Zone Improvement Plan." (U.S. Postal Service, Mailing Standards of the United States Postal Service: Domestic Mail Manual, ch. 602, subtopic 1.8.1 [as of Feb. 10, 2011] (DMM).)

[3] According to its Web site, Williams-Sonoma is "the premier specialty retailer of home furnishings and gourmet cookware in the United States." (Williams-Sonoma, About Us [as of Feb. 10, 2011].) The company operates "more than 250 stores nationwide, a direct-mail business that distributes millions of catalogs a year, and a highly successful e-commerce site." (Ibid.)

[4] Both opinions were issued by Division One of the Fourth District Court of Appeal.

[5] In its answer brief, defendant argues our jurisdiction to grant review lapsed under California Rules of Court, rule 8.512(b). Under the rule, we may order review within 60 days after a petition for review is filed. (Ibid.) Before the 60 days have expired, we may extend the time in which to consider review, to a date not later than 90 days after a petition was filed. (Ibid.) If we have not ruled on the petition within the time allowed, it is deemed denied. (Ibid.)

The docket shows plaintiff's petition for review was filed on November 25, 2009. On February 4, 2010, after 60 days had already run, an order was entered extending time for review to February 23, 2010, 90 days after the petition was filed. The order was entered nunc pro tunc as of January 22, 2010, a date before the original 60-day window had expired. Defendant contends such a nunc pro tunc order was invalid. We disagree.

The petition was originally due to be considered prior to the expiration of the 60 days. Concluding we needed more time, we put the matter over to a later petitions conference. The act of putting the matter over necessarily included our extending time for review. However, the clerk inadvertently failed to enter an order reflecting that act. Under the circumstances, the nunc pro tunc order merely caused the record to show something that was actually done but that was mistakenly not entered in the record at the time the act was done. Thus, the use of a nunc pro tunc order was appropriate and our subsequent grant of review on February 10, 2010, was within this court's jurisdiction. (See Cowdery v. London & San Francisco Bank (1903) 139 Cal. 298, 306 [73 P. 196].)

[6] Section 1747.08 contains some exceptions, including when a credit card is being used as a deposit or for cash advances, when the entity accepting the card is contractually required to provide the information to complete the transaction or is obligated to record the information under federal law or regulation, or when the information is required for a purpose incidental to but related to the transaction, such as for shipping, delivery, servicing, or installation. (Id., subd. (c).)

[7] Party City, upon which the Court of Appeal opinion heavily relies, assumes that a cardholder's work address or telephone number constitutes personal identification information. (Party City, supra, 169 Cal.App.4th at p. 518.) While we express no opinion on this point, we acknowledge that nothing in section 1747.08, subdivision (b), explicitly limits its scope to a cardholder's home address or telephone number.

[8] Party City, supra, 169 Cal.App.4th at pages 510-511, by contrast, concludes that section 1747.08, subdivision (b), should be strictly construed under the rule for construing penal statutes because violations of section 1747.08 are subject to a "mandatory civil penalty." We disagree. First, as we held in Linder v. Thrifty Oil Co. (2000) 23 Cal. 4th 429, 448 [97 Cal. Rptr. 2d 179, 2 P.3d 27], section 1747.08, subdivision (e), "does not mandate fixed penalties; rather, it sets maximum penalties of $250 for the first violation and $1,000 for each subsequent violation." Second, "the rule of strict construction of penal statutes has generally been applied in this state to criminal statutes, rather than statutes which prescribe only civil monetary penalties." (Lungren, supra, 14 Cal.4th at p. 312.)

[9] Defendant points out that a cardholder's name, which all parties agree can permissibly be obtained by the retailer, also appears on a driver's license. This is true, albeit irrelevant, as subdivision (b) explicitly excludes information appearing on the credit card, such as a cardholder's name, from the definition of personal identification information. (§ 1747.08, subd. (b).)

[10] The Court of Appeal did not discuss subdivision (d) of section 1747.08. While Party City, supra, 169 Cal.App.4th at page 518, did briefly mention the issue, the court dismissed it without explanation.

[11] The Court of Appeal did not discuss the legislative history of section 1747.08. And, while the opinion in Party City, supra, 169 Cal.App.4th at pages 514-516, has a section titled "Legislative History Arguments," the court did not actually cite or discuss any of the statute's legislative history.

[12] The statute was later amended and renumbered as section 1747.08. (Stats. 2004, ch. 183, § 29.)