Hospitality & Retail -


Are mandatory arbitration provisions recognized in your state? If so, are there any limitations to its enforcement?

The California Arbitration Act (“CAA”) regulates arbitration in the Golden State.  Generally, outside of the employment context, when minimum standards are met, arbitration provisions are recognized in California.

To be binding in California, a non-employment arbitration provision must:

  • Be reciprocally biding on all parties and parties may seek remedies in small claims court within that Court’s jurisdiction;
  • The consumer may be given notice of the arbitration clause;
  • All remedies available under federal, state, or local laws must be available in the arbitration proceeding;
  • The arbitrator must be neutral;
  • The consumer has a right to a hearing in their hometown area;
  • The arbitration provision must not dissuade the use of counsel;
  • All costs (except for a filing fee) must be paid by the Company;
  • Not provide for any consumer to pay the fees and costs incurred by the opposing party;
  • Permit reasonable discovery; and
  • Require a written arbitrator award.

In the employment context, the Federal Arbitration Act (FAA), which favors arbitration and pre-empts state laws that discriminate against it has come in conflict with the CAA and there is on-going tension between California Courts, the Legislature, and the United States Supreme Court on the enforceability of such agreements in the employment context.

Further complicating the matter is Assembly Bill 51 which states that employers will no longer be able to require employees to sign mandatory arbitration agreements forcing discrimination, harassment, and wage claims into arbitration. Applicants and employees may choose not to sign such agreements, and the employer may not retaliate against an applicant’s or employee’s election to refuse to sign such agreements.

The new law does not, however, apply to agreements already in existence in California, or to any agreements an applicant or employee would enter into voluntarily after January 2020. Further complicating matters is a current stay of AB 51 imposed by the Ninth Circuit.  That decision, which is currently being reconsidered by the Ninth Circuit, currently allows for California employers to require employees and applicants to sign arbitration agreements on the ground that AB 51 is preempted by the FAA.

Apart from the AB 51 restrictions, and the current stay of that law, California’s employment arbitration standards are very rigorous.  An employment arbitration agreement will not be enforced in California if it is both “procedurally unconscionable” and “substantively unconscionable.” Any substantive provisions of the arbitration agreement must not be unfair to the employee (i.e., substantively unconscionable). For example, the employer must also be required to arbitrate disputes, substantive rights that an employee would have had in litigation if the dispute were decided in court must be permitted in arbitration, and any agreement must not impose any added costs or fees on an employee that would not have applied in litigation.

Further complicating matters is California’s on-going campaign against forced arbitration of representative actions, including those brought under the California Private Attorney’ General Act (PAGA).  Recently, however, California employers were handed a victory (although likely short-lived) from the United States Supreme Court.

The Court’s holding in Viking River Cruises, Inc. v. Moriana[i] rests on the interplay between PAGA, a California law; the FAA, a federal law; and Iskanian v. CLS Transproation[ii], a California Supreme Court decision.

PAGA creates a private cause of action for collection of civil penalties previously only enforceable by the State.  Prior to PAGA’s enactment, only California’s Labor and Workforce Development Agency (“LWDA”) could bring actions for civil penalties against employers for violations of California Labor Code.  In 2004, the Legislature enacted the PAGA, which allows “aggrieved employees” to bring such enforcement actions on behalf of the state.  PAGA allows an aggrieved employee to collect civil penalties for violations of the Labor Code that they themselves allegedly experienced, as well as for violations sustained only by “other current or former employees.”  The scopes of such PAGA suits are enormous and often seek millions of dollars in civil penalties.

The Federal Arbitration Act (“FAA”) is a federal law that makes arbitration agreements “valid, irrevocable, and enforceable” and which “preempts any state rule discriminating on its face against arbitration.”  Under the FAA, arbitration is considered a matter of consent, and parties are generally free to decide the rules by which they will arbitrate and the issues that will be arbitrated.  Thus, state rules cannot require arbitration of a claim, issue, or dispute outside the consent of the parties.

The California Supreme Court’s decision in Iskanian discussed the interplay between PAGA and the FAA.  The relevant issue involved an arbitration agreement that contained a “class action waiver,” by which the employee agreed to submit all disputes to arbitration on an individual basis and to waive any right to a representative action before the arbitrator.  Pursuant to that agreement, the employer sought to compel the individual portion of the plaintiff’s PAGA claim to arbitration—i.e., the portion based solely on Labor Code violations experienced by the plaintiff.  The Iskanian Court determined the individual portion could not be compelled pursuant to the waiver because such a waiver is not enforceable as to a PAGA action.  The crux of the Court’s reasoning was that a PAGA claim cannot be divided into arbitrable individual claims and non-arbitrable representative claims because the action is a single claim for civil penalties brought entirely on behalf of the state.  As such, Iskanian held that either the entire PAGA claim had to be tried in court or sent to arbitration.  Any waiver as to the non-individual portion was unenforceable.  Today, United States Supreme Court disagreed.

The United States Supreme Court reversed the Court of Appeal, holding the portion of Iskanian dealing with the indivisibility of individual portions of a PAGA claim is preempted by the FAA.  In so finding, the Court rejected the argument that each PAGA cause of action is a singular claim: “[A] PAGA action asserting multiple code violations affecting a range of different employees does not constitute ‘a single claim’ in even the broadest possible sense, because the violations asserted need not even arise from a common ‘transaction’ or ‘nucleus of operative facts.’”  Rather, the Court cited to California precedent for the view that PAGA is a procedural mechanism that “permits ‘aggrieved employees’ to use the Labor Code violations they personally suffered as a basis to join to the action any claims that could have been raised by the State in an enforcement proceeding.”

Within that backdrop, the Court explained that any prohibition on the ability of parties to divide a PAGA action into constituent claims “unduly circumscribes the freedom of parties to determine ‘the issues subject to arbitration and ‘the rules by which they will arbitrate.’”  In effect, the Iskanian indivisibility rule forces parties that wish to arbitrate PAGA claims to submit to the State’s expansive rules regarding joinder of claims pertaining to other aggrieved employees.  In other words, “[t]he only way for parties to agree to arbitrate one of an employee’s PAGA claims is to also ‘agree’ to arbitrate all other PAGA claims in the same arbitral proceeding.”  Such a coercive result is “incompatible with the FAA,” and is therefore preempted by it.  Accordingly, parties may agree to arbitrate individual portions of the FAA as part of a valid arbitration agreement.

The Court further explained that once a plaintiff’s individual PAGA claims are sent to arbitration, the “representative” claims remaining in Superior Court (brought as to Labor Code violations sustained by other employees) must be dismissed.  The Court held that “[w]hen an employee’s own dispute is pared away from a PAGA action, the employee is no different from a member of the general public, and PAGA does not allow such persons to maintain suit.”

There are two limitations to the holding in Viking River Cruises:

First, the Court did not overrule the portion of Iskanian that held waivers as to the entire right to a PAGA claim (as opposed to just the non-individual portion) are unenforceable.  The waiver in Viking River Cruises indeed had such a blanket waiver.  However, it was saved by a “severability clause” that provided “if the waiver provision is invalid in some respect, any ‘portion’ of the waiver that remains valid must still be ‘enforced in arbitration.’”  The Court held such a severability clause would save the waiver provision, but, without it, the agreement would have been unenforceable because it waived a “substantive right” in its entirety.

Second, in a concurring opinion, Justice Sotomayor left open the possibility that the California Courts or Legislature may decide differently with respect to the Court’s final point on dismissal of the representative claims: “Of course, if this Court’s understanding of state law is wrong, California courts, in an appropriate case, will have the last word.  Alternatively, if this Court’s understanding is right, the California Legislature is free to modify the scope of statutory standing under PAGA within state and federal constitutional limits.”  This roadmap for the Legislature will likely lead to a modification of the PAGA standing requirements soon and therefore the Viking River Cruises holding’s respite for California employers may be short-lived.

What is your state’s law, if any, regarding gift cards, subscription services and loyalty programs?

Gift Cards:

California has robust laws and regulations relating to the regulation of gift cards and subscription services.  At its core, California requires (among other items):

  • Gift cards sold by retail sellers for use with the seller and its affiliates cannot contain an expiration date or a service fee, including a fee for failing to use the card;
  • Gift cards / certificates sold after January 1, 1997 are redeemable in cash for its cash value, or subject to replacement with a new gift certificate at no cost to the purchaser or holder.4 Effective January 1, 2008, any gift certificate with a cash value of less than $10 is redeemable in cash, which includes currency or check, for its cash value.
  • California laws governing gift cards and gift certificates cannot be waived.
Subscription Services:

California regulates subscription services through several statutes and regulations. Primarily, through California’s automatic renewal law, which applies to businesses that offer “automatic renewal offers or continuous service offers” to California consumers.

The automatic renewal law was amended in July 2022.  Those amendments added two new additional requirements for cancellation and notice (see #6 and #7, below).  The law requires:

(1) clearly and conspicuously disclose notice of the recurring nature of the transaction;

(2) obtain consumers’ “affirmative consent” to the automatic renewal terms;

(3) provide a post-transaction acknowledgment that includes the automatic renewal terms and cancellation policy in a way that can be retained by the consumer;

(4) provide consumers with an “easy-to-use mechanism for cancellation”, including information about how to cancel;

(5) provide notice of material changes to any offer terms;

(6) provide online consumers with the option to immediately cancel their subscription through a “prominently located” link or a preformatted e-mail cancelling; and

(7) provide consumers with a notice as to free, discounted, or promotional pricing that last more than 31 days.

Loyalty Programs:

Business may offer financial incentives such as loyalty programs in California.  However, strict state privacy laws require these programs to comply with certain requirements, including complying with the California Consumer Privacy Act (“CCPA”).  Any loyalty program that offers a benefit or other type of offering (including, but not limited to, rewards, coupons, or points) which may relate, in any way, to the collection, deletion, or sale of personal information must comply with the CCPA.

The CCPA is designed to protect California consumer privacy rights by imposing duties on business that collect or maintain “personal information.”  Businesses operating in California who offer loyalty programs should provide consumers participating in the program with a Notice of Financial Incentive which provides:

  • A summary of the financial incentive or price of service difference offered;
  • The material terms of the financial incentive or price or service difference;
  • A description of how the consumer can opt-in;
  • A statement of the consumer’s right to withdraw; and
  • An explanation of how the financial incentive is reasonably related to the value of the consumer’s data.

Companies offering such loyalty programs should immediately contact counsel to ensure compliance with these requirements.  Noncompliance may lead to significant exposure for the company, including $7,500 in penalties per violation.

What is your state’s law, if any, regarding safeguarding consumer credit card or other private data (i.e., cyber security)?

The California Consumer Privacy Act (“CCPA”) gives consumers control over their personal information that businesses collect about the consumer, which includes safeguarding consumer credito card information and other private data.  In general, the CCPA defines “personal information” broadly to include information that can identify, relate to, describe, be associated with, or be reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.

The CCPA provides privacy rights for individual consumers that ensure a “right to know” about the personal information a business collects about them and how it is used and shared; the “right to delete” personal information collected; the “right to opt-out” of the sale or sharing of their personal information; and the “right to non-discrimination” for exercising rights under the CCPA.  Businesses that are subject to the CCPA have responsibilities to ensure consumers are not deprived of these rights, including a requirement to provide consumer notices explaining the company’s privacy practices.  As it pertains to safeguarding credit card or other private data, the CCPA permits consumers to direct businesses to only use sensitive personal information for limited purposes, such as only using that sensitive information to provide the consumer with the services requested/purchased.

On November 3, 2020, California residents passed Proposition 24, which included the California Privacy Rights Act (“CPRA”), which builds and expands on the CCPA.  The CPRA expands the CCPA’s definition of “personal information” to include, among other things, a consumer’s account log-in, financial account, debt card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account.


As explained above, the CCPA and CPRA provide businesses with obligations to develop programs to manage and ensure compliance with the CCPA and CPRA.  In addition to the many “right to . . .” provisions explained above, the CPRA expands and clarifies many of these provisions.  Under the “right to know” prong, the CPRA requires the notice to consumers to include the purposes for which such categories of information is being collected and whether that information is being sold or shared.  When responding to a verified request for specific pieces of personal information, the CPRA requires the business to provide the specific pieces in a format easily understandable to the average consumer, and to the extent technically feasible, in a structured, commonly used, machine-readable format that can be transmitted to another entity at the consumer’s request.

As for the “right to delete” prong, the CCPA provides some exceptions in situations when it is reasonably necessary to maintain the personal information to complete the transaction for which it was collected or to comply with other legal obligations.  Finally, under the “right to opt out” prong, the CPRA also provides for regulatory activity that would empower consumers to opt out of the use of automated decision-making technology, but that addition does not impact the safeguarding of credit card information.

What is your state’s law, if any, regarding the collection and handling of financial information?

In addition to the discussion above regarding safeguarding credit card information, there are numerous other California provisions/laws that impact the collection and handling of an individual’s financial information.

To start, the California Constitution provides the right to privacy as an inalienable right of all persons.  In 2003, California enacted the Online Privacy Protection Act (“OPPA”), which is codified in California’s Business and Professions Code sections 22575-22579.  The OPPA addresses the privacy notice disclosure obligations of a website operator that gathers personally identifiable information from California residents.

Moreover, California also enacted the Financial Information Privacy Act (“FIPA”) codified in the California Financial Code sections 4050-4060.  The purpose of FIPA is to require financial institutions to provide their consumers with notice and a meaningful choice about how their nonpublic personal information is shared or sold by their financial institutions. “Nonpublic personal information” means “personally identifiable financial information (1) provided by a consumer to a financial institution, (2) resulting from any transaction with the consumer or any service performed for the consumer, or (3) otherwise obtained by the financial institution.”  Generally, FIPA precludes financial institutions from disclosing sensitive financial information of consumers without the consumer’s prior consent.

Another provision relating to the collection and handling of financial information is California’s Customer Records Law, which is codified in California Civil Code sections 1798.80-1798.84.  These laws require that a business “take all reasonable steps to dispose, or arrange for the disposal, of customer records within its custody or control containing personal information when the records are no longer to be retained by the business by shredding, erasing, or otherwise modifying the personal information in those records to make it unreadable or undecipherable through any means.”  These laws require companies to maintain security procedures and practices to protect financial information from unauthorized access, destruction, use, modification, or disclosure.

[i] See, Viking River Cruises, Inc. v. Moriana, 213 L. Ed. 2d 179, 142 S. Ct. 1906 (2022)

[ii] See, Iskanian v. CLS Transportation Los Angeles, LLC, 59 Cal. 4th 348, 327 P.3d 129 (2014)