Massachusetts District Court Says Zip Codes Constitute Personal Identification Information
On January 6, the U.S. District Court for the District of Massachusetts found that a retailer’s collection of ZIP codes during a credit card transaction can constitute a violation of Mass. Gen. Laws ch. 93, §105(a) (the Act), but held that a plaintiff must allege actual harm. Tyler v. Michaels Stores, Inc., No. 11-10920, 2012 WL 32208 (D. Mass. Jan. 6, 2012). The complaint, filed on behalf of a putative class, alleged that a retailer’s request for customer ZIP codes when processing credit card transactions violates the Act because ZIP codes constitute protected personal identification information (PII). Noting that the plaintiff alleged only that she had received unwanted mail, not that the information was sold or otherwise exposed her to an increased risk of fraud, the court agreed with the retailer and held that the plaintiff failed to allege actual injury. However, the court found that ZIP codes are PII under the Act, and that plaintiff had alleged a per se statutory violation. The court warned that "[s]ince retailers so routinely request a customer's ZIP code at the point-of-sale in a credit card transaction, they ought note here that this Court holds [the retailer] potentially to have violated [the Act] if such request was made during a transaction in which the credit card issuer did not require such disclosure.” The court’s decision also distinguished the Act as "much narrower in scope” than California’s Song-Beverly Act, which is intended not only to prevent fraud like the Act, but also to "prevent retailers from directly or indirectly obtaining personal identification information for marketing purposes," which was the subject of the California Supreme Court’s holding in Pineda v. Williams Sonoma, Inc., 246 P.3d 612 (Cal. Sup. Ct. 2011). On January 13, plaintiff moved the court to certify the question of law at issue in this case to the Massachusetts Supreme Court.