The Massachusetts Supreme Judicial Court held that zip codes are "personal identification information" under a Massachusetts consumer privacy statute which governs, among other things, credit card and check transactions. Plaintiff filed a putative class action in federal court alleging that, in violation of the Massachusetts consumer privacy statute, defendant requested and then electronically recorded her zip code as part of a credit card transaction. The federal court certified 3 questions to the Supreme Judicial Court, including whether: (1) a zip code could constitute "personal identification information" under that statute; (2) a plaintiff had to be a victim of identity fraud in order to have a claim under the statute and (3) the statute only applied to paper transactions and not electronic ones.
The Court found that the statute’s principal purpose was to safeguard consumer privacy in credit card transactions, and its definition of "personal identification information" left open the possibility that a zip code could qualify as such; although the statute defined "personal identification information" as a credit card holder’s address and telephone number, that definition was explicitly non-exhaustive, and the Court noted that combining a consumer’s zip code with other information collected through publicly available databases could enable the merchant to derive that consumer’s name or address. The Court also held that a plaintiff need not be an identity fraud victim in order to bring an action under the statute, which was intended to do more than simply protect consumers from identity theft, and that either an electronic or paper credit card transaction could form the basis for a valid claim.