The Massachusetts Supreme Judicial Court Holds that ZIP Codes Constitute "Personal Identification Information"
On March 11, 2013, in Melissa Tyler v. Michaels Stores, Inc.,1 the Massachusetts Supreme Judicial Court ("SJC"), in responding to three certified questions from the United States District Court for the District of Massachusetts, held: (1) ZIP Codes constitute personal identification information ("PII"); (2) a person may bring an action under General Laws, chapter 93, section 105(a) absent identity fraud; and (3) the term "credit card transaction form" "refers equally to electronic and paper transaction forms." The questions arose out of a class action lawsuit against Michaels for allegedly requesting and recording its credit card customers' ZIP Codes in violation of Section 105(a). This decision has parallels to the California Supreme Court decision in Pineda v. Williams-Sonoma Stores, Inc.2 In Pineda, the California Supreme Court held that ZIP Codes were PII under California's Song-Beverly Credit Card Act, Civil Code section 1747.08.
Overview of General Laws, chapter 93, section 105(a)
Section 105(a) prohibits any business from writing or requiring that a credit card holder write "personal identification information, not required by the credit card issuer, on the credit card transaction form." PII "shall include, but shall not be limited to, a credit card holder's address or telephone number." Under Section 105(d), any violation of Section 105(a) "shall be deemed to be an unfair and deceptive trade practice" and thus, a violation of General Laws, chapter 93A, section 2. Section 105(a) applies to "all credit card transactions" and exempts the collection of PII for "shipping, delivery or installation of purchased merchandise or services or for a warranty when such information is provided voluntarily by a credit card holder."
The lower court decision in Tyler
Filed in the wake of the Pineda decision by the California Supreme Court, Tyler arose out of a putative class action filed in the United States District Court for the District of Massachusetts.
In her complaint, the plaintiff alleged she made purchases using her credit card at Michaels stores during the past year and during those transactions a Michaels employee asked for her ZIP Code. She claims she provided her ZIP Code believing it was necessary to complete her credit card purchase. The plaintiff further claimed the employee wrote the information in an electronic credit card transaction form and that Michaels used her name and ZIP Code to obtain her address and phone number from commercial databases. The plaintiff alleged Michaels then sent her marketing materials.
Michaels moved to dismiss the complaint. The district court found that ZIP Codes constitute PII and that Michaels' electronic credit card terminal may contain "credit card transaction form[s]" for purposes of Section 105(a). However, the district court dismissed the complaint because it found Tyler did not allege she suffered an injury cognizable under General Laws, chapter 93A. The judge certified three questions to be answered by the Massachusetts SJC: (1) whether a ZIP Code is PII; (2) whether a plaintiff can bring an action under Section 105(a) absent identity fraud; and (3) whether the term "credit card transaction form" includes an electronic form.
Questions answered by the Supreme Judicial Court in Tyler
Before delving into the three certified questions, the SJC analyzed the text, title and legislative history of Section 105(a). It held that "based on the text, title and caption, and legislative history of § 105, we are persuaded that the principal purpose of § 105 (a), in contrast to § 105 (b), is to guard consumer privacy in credit card transactions, not to protect against credit card identity fraud."
With the underlying purpose of the statute in mind, the SJC turned to the first certified question of whether ZIP Codes are PII. The SJC found that the definition of PII in the statute is "nonexhaustive" and the consumer protection purpose of the statute would be frustrated if ZIP Codes were not PII because a business could obtain a customer's address and phone number (which is PII) by entering the customer's name and ZIP Code into a publicly available database. As such, the SJC held that ZIP Codes constitute PII.
As to the second certified question, the SJC observed that Section 105(a) is not expressly limited to victims of identity fraud. Thus, it saw no reason to read such a limitation into the statute. Further, the SJC clarified that when a business uses a customer's PII "for its own business purposes, whether by sending the customer unwanted marketing materials or by selling the information for a profit, the merchant has caused the consumer an injury that is distinct from the statutory violation itself and cognizable under G.L. c. 93A, § 9."
Lastly, because the statute specifically states it applies to "all credit card transactions" the SJC held that it encompasses electronic credit card transaction forms.
Impact of Tyler
After the California Supreme Court issued its decision in Pineda, numerous class action lawsuits against retailers in California who had requested ZIP Codes from credit card-paying customers were filed. Whether Tyler will spawn class action lawsuits like its California counterpart remains to be seen. Nevertheless, given the Massachusetts SJC's emphasis in Tyler on the consumer protection purpose of Section 105(a), retailers doing business in Massachusetts should evaluate their own policies to ensure compliance with Section 105(a).
Notes
- Melissa Tyler v. Michaels Stores, Inc., --- N.E.2d ----, no. SJC-11145, 2013 WL 854097 (Mass. Mar. 11, 2013).
- 51 Cal. 4th 524 (2011).
About Cooley's Commercial Class Action Group
Cooley has extensive experience defending consumer class actions, including class actions alleging violations of the Massachusetts Consumer Protection Law, General Laws, chapter 93A, section 9, and California's Song-Beverly Credit Card Act of 1971, Civil Code section 1747.08. We have defended numerous companies in more than 50 class actions alleging improper collection of customer information during credit card transactions, and recently defeated class certification in a class action alleging violations of California Civil Code section 1747.08 in Gormley v. Nike Inc., no. 3:11-cv-00893 SI, 2013 WL 322538 (N.D. Cal. Jan. 28, 2013). In addition to our litigation experience, we have counseled numerous brick and mortar and e-commerce companies on compliance with Massachusetts General Laws, chapter 93, section 105(a), California Civil Code section 1747.08, and other similar statutes.
If you have any litigation or compliance questions about Massachusetts General Laws, chapter 93, section 105(a), California Civil Code section 1747.08, or this Alert, please contact one of the attorneys identified above.
Related contacts
This content is provided for general informational purposes only, and your access or use of the content does not create an attorney-client relationship between you or your organization and Cooley LLP, Cooley (UK) LLP, or any other affiliated practice or entity (collectively referred to as “Cooley”). By accessing this content, you agree that the information provided does not constitute legal or other professional advice. This content is not a substitute for obtaining legal advice from a qualified attorney licensed in your jurisdiction and you should not act or refrain from acting based on this content. This content may be changed without notice. It is not guaranteed to be complete, correct or up to date, and it may not reflect the most current legal developments. Prior results do not guarantee a similar outcome. Do not send any confidential information to Cooley, as we do not have any duty to keep any information you provide to us confidential. This content may be considered Attorney Advertising and is subject to our legal notices.