Court: Massachusetts stores can't make you provide your Zip code to complete a credit-card transaction
The Supreme Judicial Court ruled today that a chain of arts and craft stores violated a state consumer-privacy law when it used a woman's Zip code on her credit-card transaction to figure out where she lived and start bombarding her with circulars.
The opinion, however, does not mean Melissa Tyler gets anything, because her suit against Michaels is in federal court and the state's highest court was merely providing answers about state consumer-laws to a federal judge hearing her case - where the ultimate decision will come.
A US District Court judge in Boston originally agreed with Michaels to toss Tyler's class-action suit, based on junk mail she started getting after making several purchases at its Everett store, saying he was inclined to rule that that Massachusetts law was meant only to prevent identity theft, not protect the privacy of consumers. But he agreed to first ask the Supreme Judicial Court - the state's highest court - for its opinion on the questions raised under Massachusetts law.
The Supreme Judicial Court said today that the relevant state law says nothing about identity fraud and that, equally important, the original bill that led to the law specifically mentioned, in all capital letters, "CONSUMER PRIVACY IN COMMERCIAL TRANSACTIONS."
The court then turned to the question of whether a Zip code, by itself, was enough to be considered "personal identification information" that merchants aren't supposed to make consumers provide, since the law refers to "a credit card holder's address or telephone number" but doesn't mention Zip codes specifically.
The court ruled that modern data-mining technology makes it so:
[B]ecause, according to (and accepting for present purposes) the allegations of the complaint, a consumer's zip code, when combined with the consumer's name, provides the merchant with enough information to identify through publicly available databases the consumer's address or telephone number, the very information [the state law] expressly identifies as personal identification information. In other words, to conclude in those circumstances that zip codes are not "personal identification information" under the statute would render hollow the statute's explicit prohibition on the collection of customer addresses and telephone numbers, and undermine the statutory purpose of consumer protection.