I am no lawyer, but I'm not sure how you could be held liable for releasing information about a credit card transaction to a person who's name is also on the account. In any event, I bet a 45 minute conversation with a local attorney could pretty much sew this up.
posted by jquinby at 7:20 AM on June 24, 2009

IANAF: The best way to deal with this is to, indeed, not know/get involved in people's private business. Forget about the cheating possibility issue and deal with it as a general privacy issue. If person X calls wanting to check a charge on his/her credit card, first ascertain that card really belongs to that person, than answer as you would any other query. If, however, the card doesn't really belong to that person, than he/she has no right to have any information.
posted by Pineapplicious at 7:24 AM on June 24, 2009 [4 favorites]

IANAL at all, but here are my thoughts.

I would go so far as to tell people that yes, this was a legitimate charge to the account. People should have a right to know that the money is gone for a real reason. Confirming the amount and date of purchase shouldn't be an issue. Assuming they're actually on the account of course.

There are any number of reasons why you would send flowers to someone who is not your spouse. So flowers sent to someone else isn't an instant affair thing in my book, although I will admit that it's a bit curious is the flowers are delivered to a personal address as opposed to a business address.

I don't see how you could be held legally responsible for a divorce/marital dispute at all.
posted by theichibun at 7:28 AM on June 24, 2009

This may actually be easier than it seems.

If a person's name appears on an account and they can reasonably verify their identity, you are legally obligated to tell them what they want to know. But if their name doesn't appear there, or they cannot satisfactorily identify themselves, you are legally prohibited from doing so. Both of these things are true regardless of the individuals' marital status. The degree to which identification must be verified is kind of a gray area, and you might want to talk to a lawyer about it, but in general, the more important the account, i.e. the more money is involved, the more verification you're going to want. Flower shops rank generally pretty far down the list of what counts as "important" in this analysis, so you probably don't need to ask for SSN, mother's maiden name, city they were born in, favorite flavor of ice cream, etc., but if a man places an order and a woman has questions about it, red flags should start going up.

With certain limited but obvious exceptions, like complying with subpoenas and engaging in transactions at the behest of their customers, entities which maintain accounts cannot give out information to anyone but the person whose name appears on that account without said person's express permission. If one spouse opens an account in their name only, the other spouse cannot get information about that account without the opening spouse's permission. Being married makes it a lot easier to open joint accounts and get multiple names on existing accounts, but it doesn't automatically give you the right to access information about accounts on which your name does not appear.

Basic rule: if you want an individual other than yourself to be able to access information about you held by third-parties, whether that be a spouse or some other designated agent, you need to tell the third-party in question that this is okay, either by adding that individual's name to the account or making other special arrangements. If you don't do this, the expectation is that no information will be given to anyone other than the exceptions briefly mentioned above.

So if someone calls and asks about something but the name doesn't match, you probably shouldn't give out any information regardless of the situation. If the caller pitches a fit, then you really don't want to get involved, because it's likely that either 1) they're involved in a situation like the one you describe, or 2) they don't actually have a right to the information.
posted by valkyryn at 7:35 AM on June 24, 2009 [4 favorites]

How can a flower shop protect itself legally from getting in the middle of such disputes?

To the best of my knowledge, there are not privacy laws that cover florists the same way there are laws covering, say, libraries. I appreciate that you want to do the right thing here, but really the big deal is figuring out what "the right thing" is. Spouses who legally share a credit card have a right to know whether a charge is legitimate. Your flower shop should have a policy concerning what information is given out, and to whom, and then you should decide appropriate penalties if someone doesn't abide by these.

Legally you're bound by your merchant agreement and you have to reply to subpoenas and etc, otherwise this is pretty much a "my store my rules" type of thing. My suggestions would be this

- confirm or deny charges to valid card holders
- do not give out any additional information on the charges
- make it clear that this is your policy in some sort of IN WRITING way to people when they order flowers
- make it clear to staff that you have this policy and that if you find out they're breaking this policy there will be XYZ repercussions

You could go a step further if you wanted and delete the additional information in your database say a week after the delivery [this is the way libraries sometimes do this, there are good and bad parts of this sort of policy] so that all that you HAVE is the charge info, not the destination or the messages, etc.
posted by jessamyn at 8:00 AM on June 24, 2009 [1 favorite]

It seems like there is a marketing opportunity here. Work with a lawyer to write a privacy policy and post it prominently in the shop. Do only what is legally required, otherwise protect your customers privacy as though it was your own. You can become the flower shop of preference for philandering spouses :)
posted by COD at 8:08 AM on June 24, 2009 [3 favorites]

We did NOT tell her who the other flowers went to but the damage was done.

In this case, you probably should have told her everything given that it was a joint account. Not telling her is somewhat unreasonable as you are refusing to inform her about charges made to her account and implies you are taking the side of one account holder over another. I think the fact that the one account holder placed the order is irrelevant. Imagine if my wife were ordering things using our joint account and I needed to get information on them. Would it then be the responsibility of some clerk to ascertain whether she meant to keep that information from me or not? I think it's better to give all the information to anyone on the credit account, and no information to those not on the account.
posted by scrutiny at 8:09 AM on June 24, 2009 [5 favorites]

I think you definitely need to set up a store policy of which information you will provide (even to the person who originally initiated the purchase) and which you won't. For example, you do not give out destination information one week after the purchase, period. Even to the guy who actually placed the order, even to his wife who shares the account. Best if you actually delete that information after that time frame, because then a clerk can't make an accidental error. This could easily be set up as a privacy policy.

Obviously, you are legally obligated to verify the accuracy of charges to any account holders, and not at all to anyone whose name isn't on the account.

Rather than being sued because of a divorce, I'd be more concerned that the bone-headed clerk might give out the delivery information, angry wife beats up girlfriend, girlfriend sues you for giving our her address. That seems like a more plausible case to me, but IANAL.
posted by peanut_mcgillicuty at 8:11 AM on June 24, 2009

How can a flower shop protect itself legally from getting in the middle of such disputes?

Seriously, get off AskMe and consult a lawyer. If something happens, a judge won't take "But AskMetafilter said X!" Get a lawyer, it's cheaper in the long run.
posted by Brandon Blatcher at 8:21 AM on June 24, 2009 [1 favorite]

I am not a lawyer, a florist, or a suspicious spouse. But it strikes me that if you provided an order number with each purchase, you could set up different disclosure policies for when a customer can provide the order number, or can't.
posted by gnomeloaf at 8:23 AM on June 24, 2009 [1 favorite]

If you go the delete details after a week route you still need a policy to cover the initial week. Suspicious spouses will be checking credit charges online in practically real time.
posted by Mitheral at 9:01 AM on June 24, 2009

but for me the sticky part is what if someone holds a joint debit or credit card account?

If someone takes a credit or debit card they hold jointly with their spouse and uses that card to send flowers to a person with whom they are having an extramarital affair then that person is so fucking stupid that they will be caught no matter what you do.
posted by dersins at 9:17 AM on June 24, 2009 [6 favorites]

I think valkyryn has answered your question : You're required by law to answer some questions about orders from joint account holders. You're prohibited by from answering questions about other people's transactions.

Are you curious about exactly what questions you are required to answer for joint account holders? For that, you must either read your credit card processing merchant account documentation very carefully or contact a lawyer.

A priori, you should never report the address of the recipient nor the content of the note accompanying the flowers unless legally obliged. Otherwise you might end up sending some angry wife chasing after some girl with a gun. Why not merely report who made the order and ask to speak with them?
posted by jeffburdges at 9:27 AM on June 24, 2009

It occurs to me that there's another direction in which this could be taken; what do you do when someone who received (or claims to have received) flowers comes in and asks who sent them? I suppose that if they can prove who they are, they generally are told who it was…but what if the sender wishes to remain anonymous?

The issue of florist-customer confidentiality seems to be a thorny one.
posted by koeselitz at 9:32 AM on June 24, 2009 [1 favorite]

But I think the main issue here is enabling the commission of an assault, domestic violence, and even murder by providing the address, not just some divorce case. Does your merchant account require that you reveal the delivery information? Could you just have a policy that you never reveal delivery information to anyone except financial institutions?
posted by jeffburdges at 9:34 AM on June 24, 2009

If you charge the jointly-held Smith family credit card for $X at Mr. Smith's request, Mrs. Smith has the right to a yes or no answer when she calls up and asks "I see $X charged for flowers on my credit card, was this a legit transaction?" It doesn't matter if this reveals that Mr. Smith sent flowers to his mistress (or his dying mother), Mrs. Smith has the right to know whether or not the charge to her jointly-held card are legit. This may be a potentially awkward situation, but not a legally risky one. Joint accounts exist specifically so that both people can use them and access information about them.

I would think you're more at risk, legally, if you try to gum up the works when someone is trying to find out what is happening to her (or his) own bank account or credit card.
posted by Meg_Murry at 9:38 AM on June 24, 2009 [1 favorite]

With certain limited but obvious exceptions, like complying with subpoenas and engaging in transactions at the behest of their customers, entities which maintain accounts cannot give out information to anyone but the person whose name appears on that account without said person's express permission.

Don't take legal advice here.

However, setting up a policy for your own people makes a lot of sense. Follow it and you'll be fine.
posted by Ironmouth at 9:40 AM on June 24, 2009

I am not a lawyer, but I would assume that if Mrs. Smith calls up and properly identifies herself, and Mr. Smith did buy flowers, you'd still not be on the hook for more than a simple confirmation, "Yes, Mr. Smith came in here and purchased $X of flowers on Friday the 23rd."

At that point, the onus is on Mrs. Smith to decide why Mr. Smith bought them, and for Mr. Smith to have a good reason. A restaurant wouldn't have to explain what Mr. Smith ate, and a book store wouldn't have to explain which books Mr. Smith purchased. You do not need to explain which flowers were bought, or to whom they were delivered.

I suppose you could have a little sign on the register that says, "Cheating? Try cash!" but your aim here is to be amoral, not immoral.
posted by explosion at 10:12 AM on June 24, 2009

I used to work for a florist, and I think that from a customer service perspective, deleting your order information after a week is a bad idea. Repeat customers will always expect you to have details on file that they can't remember, like delivery addresses from a few months ago or a reminder of what kinds of flowers they sent last time. It is a nice service to be able to help people out with that type of thing and it gives your business an edge as far as customer service is concerned.

So I agree with everyone who said you need to get advice from a lawyer about what your obligations and liabilities are and create a written policy based on that, one which is posted somewhere in the shop and communicated to all employees.
posted by foxy_hedgehog at 10:13 AM on June 24, 2009 [2 favorites]

you have two accounts in question here: one is the account with the credit card. the second is the one account the customer has with your company. credit card holders sould be able to get info on the charge, but not any of the info regarding the sale--what it was, who it was to, etc.
posted by lester at 11:27 AM on June 24, 2009 [1 favorite]

I am not your lawyer. I would consult a lawyer. This is a relatively simply issue and can probably be handled quickly and (relatively) cheaply. Also, I would check with fellow florists to see what they do - though of course, don't view what they have to say as legal advice.

Also, to valkyryn, what is the legal basis for this:

If a person's name appears on an account and they can reasonably verify their identity, you are legally obligated to tell them what they want to know. But if their name doesn't appear there, or they cannot satisfactorily identify themselves, you are legally prohibited from doing so.

Not trying to challenge you - just wondering what law would require either of these things.
posted by Conrad Cornelius o'Donald o'Dell at 5:01 PM on June 24, 2009

Conrad..., the requirement to give out information to people who can identify themselves as your clients is grounded in contract. Refusing to give your own clients their information has to constitute breach of contract on some level. Because though breaking a contract isn't illegal, it will still subject you to liability, one can say that one is legally obligated to keep the terms of a contract.

But the prohibition against giving out information to unauthorized parties can be found in various FTC regulations. Muck about here, if you like.
posted by valkyryn at 8:40 AM on June 25, 2009

I don't see why it would be a breach of contract. If I offer to deliver a bouquet for you for $10, you pay me, and I make the delivery as agreed, the transaction is over. As long as you give me the cash and I make the delivery, I can't imagine anything either of us could possibly do to breach that contract. I don't see why, based on common law, you'd retain any rights to any other information you have given me as part of that sale (in this case, the delivery address). Indeed, I wouldn't even have an obligation to save any information about the transaction. I wonder if some jurisdictions have something like a private "Open Records" law... but I haven't heard of such a thing.

On the flipside, I'm sure vendors who accept credit cards have agreements with the issuers not to reveal customer credit card #s. But as some wags in this thread have suggested, there of course is no such thing as "florist-client confidentiality." I'm not sure which laws would preclude a florist from sharing customer information (though obviously common sense largely would). Companies sell client lists all the time - that's how junk mail (and, once upon a time, telemarketing) works. Gramm-Leach-Bliley only applies to "financial institutions."
posted by Conrad Cornelius o'Donald o'Dell at 1:25 AM on June 26, 2009

This thread is closed to new comments.