Massachusetts Retailers Beware: District Court Warns Retailers Collecting ZIP Codes
The United States District Court for the District of Massachusetts recently dismissed a class action complaint filed against Michaels Stores, Inc. (Michaels) based on its collection of customers' ZIP codes at the register. The decision looks like a win for the company, but the court's interpretation of the statute at issue puts retailers in the state at risk.
The plaintiff, a frequent customer of Michaels, alleged that the company had violated a Massachusetts statute, Mass. Gen. Laws ch. 93 § 105, that prohibits retailers from writing down any “personal identifying information” not required by the credit card issuer on a “credit card transaction form” when accepting payment by credit card. Tyler v. Michaels Stores, Inc., No. 1:11-cv-10920-WGY (D. Mass. Jan. 6, 2012). Michaels requested customers' ZIP codes during checkout, and the plaintiff mistakenly believed the information was required for her credit card transaction. The company did not use the information to complete the plaintiff's credit card transaction, but rather used it to obtain her address and phone number from commercial databases. The plaintiff alleged that she subsequently received unwanted marketing materials from the company.
The court ultimately ruled that the plaintiff's alleged injuries, which included invasion of privacy, misappropriation of address information, and receipt of unwanted mail, were not injuries cognizable under Mass. Gen. Laws ch. 93 § 105, because the legislative history of the statute clearly indicated that it was enacted to prevent identity fraud. The court held that the Massachusetts statute did not create a privacy interest so broad that it would shield consumers from receiving unwanted marketing materials.
The court opened the door, however, for retailers to be held accountable under this law by finding that the “personal identifying information” protected under the statute includes ZIP codes. The court reached this conclusion by looking at another Massachusetts statute dealing with identity theft, which defines “personal identifying information” to include “any name or number that may be used . . . to assume the identity of an individual.” Mass. Gen. Laws ch. 266, § 37E(a). Because a ZIP code may be necessary for credit card issuers to identify card holders and complete transactions in certain instances, the court held that ZIP codes should properly be considered “personal identification information.” The court also held that, because § 105 applies to “all credit card transactions” (not just paper transactions), a retailer's electronic card terminal could contain a computerized credit card “transaction form.” The court held that the plaintiff adequately alleged a violation of § 105, although she did not suffer the right type of damages to recover under the statute. This opinion serves as a warning for retailers operating in Massachusetts that collect customers' ZIP codes at the point of sale.
Such risks also exist in other jurisdictions. For example, California courts have started cracking down on retailers for this practice. Pineda v. Williams-Sonoma Stores, Inc., 51 Cal. 4th 524 (Feb. 10, 2011). The legislative history of the analogous California statute, Cal. Civil Code § 1747.08, reflects an intention to prevent retailers from obtaining personal identification information for marketing purposes. Although the Massachusetts statute does not provide the same protection, this temporary bar to recovery under the Massachusetts law will likely be short-lived. Savvy plaintiffs' counsel will no doubt soon be styling complaints in this jurisdiction to plead recoverable damages related to identity theft. The Massachusetts district court itself issued an ominous admonition:
Since retailers so routinely request a customer's ZIP code at the point-of-sale in a credit card transaction, they ought note here that this court holds Michaels potentially to have violated § 105(a) if such request was made during a transaction in which the credit card issuer did not require such disclosure.
Although Mass. Gen. Laws ch. 93 § 105 does not provide for the per violation statutory damages of Cal. Civil Code § 1747.08, the Massachusetts law poses a significant threat to retailers that have been collecting this information from consumers for years. This is likely not the last we will see on this issue in Massachusetts.