- Zip Code Requests Off-Limits in Massachusetts Credit Card Transactions
- March 22, 2013 | Authors: Martin J. Bishop; Martin J. Bishop; Thomas I. Elkind; Thomas I. Elkind; Michael C. Lueder; Michael C. Lueder
- Law Firms: Foley & Lardner LLP - Chicago Office ; Foley & Lardner LLP - Boston Office ; Foley & Lardner LLP - Milwaukee Office
In a recent decision, Tyler v. Michaels Stores, Inc., the Massachusetts Supreme Judicial Court held that zip codes are “personal identification information” and that a merchant asking for that information during a credit card transaction violates a Massachusetts statute [G.L.c. 93, Section 105(a)] designed to protect consumer privacy, becoming the second state high court, after California, to declare that merchants can no longer request zip codes in credit card transactions with their customers. The Court also made clear that its decision applies equally to electronic and paper transaction forms.
The Court reasoned that a zip code, “when combined with the consumer's name, provides the merchant with enough information to identify through publicly available databases the consumer's address or telephone number, the very information Section 105(a) expressly identifies as personal identification information ... .”
Because G.L.c. 93, Section 105(d) provides that a violation of Section 105(a) also violates G.L.c. 93A, Sections 2 and 9 (which prohibit unfair or deceptive acts or practices in the conduct of a trade or business), the procuring of a zip code creates exposure to the severe penalties that can be imposed under Chapter 93A. The Court found that the procuring of a zip code can lead to “the actual receipt by a consumer of unwanted marketing materials ... and the merchant's sale of a customer's personal identification information or the data obtained from that information to a third party.” The Court held that either of these results constituted “an injury that is distinct from the statutory violation itself and cognizable under G.L.c. 93A, Section 9 ... .” Chapter 93A provides not only that the consumer can recover damages for injuries caused by a violation of that statute, but also that the consumer can recover up to three times the actual damages suffered, and reasonable attorneys fees, in certain situations.
This decision establishes that in Massachusetts a consumer need not be the victim of identity theft or suffer a loss of money in order to sue a merchant who requests and receives the consumer’s zip code during a credit card transaction. As a result, Massachusetts merchants who continue to request a customer's zip code as a part of a credit card transaction should expect to be targeted by class actions on behalf of consumers, and will need to be prepared to prove that no marketing materials were sent to the consumer and that no data regarding the consumer was provided to any third party.
Therefore, Massachusetts merchants must now weigh the cost of dealing with such potential claims against the benefit of obtaining zip codes from their customers.