Mass. SC: Asking customers for zip codes is illegal

BOSTON (Legal Newsline) -- The Massachusetts Supreme Court ruled Monday that a zip code constitutes "personal identification information" and cannot be required to complete a credit card transaction under state law.

In the case at issue, plaintiff Melissa Tyler made purchases with a credit card at a Michaels retail store in Everett, Mass. During these transactions, an employee asked Tyler to provide her zip codes.

Tyler disclosed the number under the impression she was required to in order to complete the credit card transaction. However, the credit card issuer did not require the Irving, Texas-based Michaels to request zip codes.

Michaels, one of the nation's largest arts and crafts retailers, maintains a policy of writing customers' names, credit card numbers and zip codes on electronic credit card transaction forms in connection with credit card purchases.

Michaels used Tyler's name and zip code in conjunction with other commercially available databases to find her address and telephone number. Tyler subsequently received unsolicited and unwanted marketing material from Michaels.

In May 2011, Tyler filed a class action complaint against the retailer, claiming that Michaels' electronic recording of customer zip codes amounts to writing personal identification information on a credit card transaction form in violation of section of state law, and therefore constitutes an unfair or deceptive act or practice as defined in the state's Consumer Protection Act.

The complaint also contains a claim for unjust enrichment and seeks a declaratory judgment that Michaels' collection of zip codes violates Section 105 (a ).

Michaels filed a motion to dismiss the complaint in July 2011.

On Jan. 6, 2012, the U.S. District Court for the District of Massachusetts granted the motion.

A judge concluded that Tyler sufficiently alleged a violation of Section 105 (a ) because zip codes constitute personal identification information, and Michaels' electronic credit card terminal may contain "credit card transaction form[s]" within the meaning of Section 105 (a ); however, the complaint failed to allege that Michaels' collection of zip codes caused Tyler an injury cognizable under the state's consumer protection laws.

The judge also concluded that the complaint failed to state a claim for unjust enrichment, and that Tyler was not entitled to the declaratory relief she sought.

At the invitation of the judge, Tyler filed a motion days later to certify certain questions concerning the proper interpretation of Section 105 (a ) to the Supreme Court.

The judge granted the motion, certifying the following questions to the Court:

- "Under [G.L. c.] 93, [§ ] 105 (a ), may a [zip code] be 'personal identification information' because a [zip code] could be necessary to the credit card issuer to identify the card holder in order to complete the transaction?"

- "Under [G.L. c.] 93, [§ ] 105 (a ), may a plaintiff bring an action for this privacy right violation absent identity fraud?"

- And, "under [G.L. c.] 93, [§ ] 105 (a ), may the words 'credit card transaction form' refer equally to an electronic or a paper transaction form?"

The Court, in its opinion, answered "yes" to the first question -- but for different reasons than the district judge set forth in the question, it noted. It also answered "yes" to the last two questions.

"The judge opined that the main purpose of § 105 (a ) is to prevent identity fraud and not, as Tyler contends, to protect consumer privacy. Michaels advances the same interpretation of the statute as the judge," Justice Margot Botsford explained.

The Court, in its opinion, said it disagreed with the lower court's interpretation.

"There is nothing in the actual language of § 105 (a ) to suggest that its purpose is confined to preventing identity fraud. Rather, by its inclusive terms § 105 (a ) reflects concern about, and an intent to limit, disclosure of personal information leading to the identification of a particular consumer generally," Botsford wrote for the Court.

The Court noted that the statute also defines "[p]ersonal identification information" in a nonexclusive manner, stating that the term "shall include, but shall not be limited to, a credit card holder's address or telephone number."

"We discern nothing in these expansive and general terms that indicates or suggests that prevention of identity fraud was the single point of legislative focus," Botsford wrote.

"Although a cardholder's address and telephone number unquestionably constitute personal identification information, the definition leaves open the possibility that other information may also so qualify."

Tyler argued that because a zip code is part of an address, and Section 105 (a ) defines a cardholder's address as personal identification information, the zip code automatically qualifies as personal identification information as well.

"Even if we agree with Michaels that this deductive reasoning fails, we still conclude that a zip code may well qualify as personal identification information under § 105 (a ). This is so because, according to (and accepting for present purposes) the allegations of the complaint, a consumer's zip code, when combined with the consumer's name, provides the merchant with enough information to identify through publicly available databases the consumer's address or telephone number, the very information § 105 (a ) expressly identifies as personal identification information," Botsford wrote.

"In other words, to conclude in those circumstances that zip codes are not 'personal identification information' under the statute would render hollow the statute's explicit prohibition on the collection of customer addresses and telephone numbers, and undermine the statutory purpose of consumer protection."

From Legal Newsline: Reach Jessica Karmasek by email at

More Stories