Massachusetts Federal Judge Says ZIP Code is Definitely Maybe "Personal Identification Information" . . . Implores Parties to Seek State Court Certification.

In an extension of the spate of litigation surrounding California’s Song-Beverly Credit Card Act and other laws like it, the U.S. District Court for the District of Massachusetts in Tyler v. Michaels Stores, Inc., Civ. No. 11-10920-WGY (D. Mass. Jan. 6, 2012), followed the California Supreme Court’s lead (see our blog post here) in ruling that ZIP codes are “personal identification information” within the meaning of Mass. Gen. Laws, ch. 93, § 105(a). The court refused to apply the California Supreme Court’s reasoning that the term “address” in § 105(a)’s definition of PII encompassed individual components of an address, and instead relied on a shaky analogy to PIN code to conclude that “a ZIP code can indeed be PII under section 105(a).” Id. at 12. The court nonetheless dismissed the plaintiff’s putative class action because she failed to allege any legally cognizable harm as a result of Michaels’ collection of her ZIP code in connection with a credit card transaction. The decision is a strange one for a variety of reasons, not the least of which is the court’s insistence on setting the stage of a David vs. Goliath type showdown at the outset of its opinion only to bounce the “little guy” right out of the arena, but here goes …

ZIP Code is Personal Information
The court started its analysis with the language of § 105(a), which states that “[PII] shall include, but shall not be limited to, a credit card holder’s address or telephone number.” The plaintiff argued, as the California Supreme Court held in Pineda v Williams Sonoma, that “address” meant each and every component of an address. The Massachusetts court disagreed. Rather, the court found that § 105(a) was intended “to have a much narrower scope than the California statute.” Id. at 8-9. According to the court, when it passed § 105(a), the Massachusetts legislature focused its attention solely on the prevention of identity fraud. (By contrast, the Pineda court found that the California legislature also expressed concern about consumer privacy more generally, including merchants using PII for marketing purposes.) With this perceived legislative focus in mind, the court then considered whether a ZIP code amounted to PII under Massachusetts’ statute criminalizing identity theft. Relying on the definition of PII under Mass. Gen. Laws ch. 266, § 37E, the court concluded that a ZIP code constitutes PII because it “may be used (in conjunction with other data) to identify a specific individual.” Id. at 13. As the court further stated, “the input of a ZIP code during a credit card transaction is the equivalent to the input of a [PIN] in a debit card transaction . . . both a ZIP code and a PIN number may be used fraudulently to assume the identity of the card holder.” Id. at 13-15.

This reasoning, the court said, “is more consistent with the Massachusetts legislative intent to prevent fraud” than the Pineda court’s reasoning. Id. at 15. On the bright side, the court’s devotion to legislative history in Massachusetts may limit the opinion’s persuasiveness outside the Commonwealth. But its persuasiveness is probably limited anyway since the reasoning seemingly ignores obvious distinctions between ZIP codes and PINs, including that ZIP codes are assigned by the U.S. Postal Service to help deliver mail to potentially hundreds of people whereas PINs are typically self-selected by individuals so that they can access a specific financial account. Really, unless you’re at a gas station that requires you to enter a ZIP code to use a credit card, the ZIP code and PIN analogy doesn’t work . . . and it’s not even a close call!

Electronic Card Terminal is a Transaction Form
Michaels argued that it did not violate § 105(a)’s prohibition against writing PII “on the credit card transaction form” because § 105(a) did not encompass electronically stored transaction forms. The court rejected this argument principally because the language of § 105(a) did not distinguish between paper and electronic transaction forms in its application to “all credit card transactions.” Id. at 16. This explanation should have sufficed. But the court continued, and muddied the waters a bit, by articulating the relationship between receipts and transaction forms in a way that suggests that receipts simultaneously are and are not credit card transaction forms. Id. at 17-18, & n.7.

Lack of Harm Dooms Tyler’s Claims
Notwithstanding all the court did to explain how the plaintiff successfully stated a violation of § 105(a), the court still refused to entertain the plaintiff’s statutory claims against Michaels. According to the court, a valid claim under Chapter 93A requires a showing of “an injury or loss suffered by the consumer” as well as “a causal connection between the defendant’s deceptive act or practice and the consumer’s injury.” Id. at 19. Unfortunately for the plaintiff, the court concluded that neither the simple fact of a violation of § 105(a), nor the alleged “misappropriation” of her valuable PII (whether or not it was used to send her unwanted commercial advertising) amounted to a legally cognizable injury. Similarly, the court explained in a lengthy footnote, Tyler’s alleged injuries failed to establish her Article III standing to sue Michaels in federal court. Id. at 22, n.8. As such, the granted Michaels’ motion to dismiss as to the plaintiff’s § 105(a) claims. Out you go, David!

Unjust Enrichment Claims Fail
Like her § 105(a) claims, the court dismissed the plaintiff’s unjust enrichment claim because she failed to allege all of the essential elements of the claim. In the court’s opinion, Tyler failed to establish that any “reasonable person would expect compensation for providing a ZIP code to a merchant.” Id. at 27. This, according to the court, negated any assertion by the plaintiff that Michaels’ acceptance and retention of the “benefit” of her ZIP code was unjust. Once again, that explanation should have sufficed. But again, the court elaborated. And in doing so it undercut its prior conclusions as to whether ZIP codes are PII by stating that “[a]rguably the recording of these ZIP codes constitutes a statutory violation, because certain credit card issuers do not require Michaels to request customers’ ZIP codes to process the transaction.” Id. at 28. “Arguably?” Really? Did the court mean what it said when it held that the plaintiff sufficiently alleged a violation of § 105(a) or not? See id. at 18-19.

Plaintiff Not Entitled to Declaratory Relief
Because the Declaratory Judgment Act is not an independent grant of federal jurisdiction, the court was forced to dismiss the plaintiff’s request for declaratory relief along with her other claims.

Court Encourages Certification
Finally, as if imploring the parties to seek further review, the court announced that it would enter a judgment of dismissal “one week from the date of the issuance of this memorandum of decision” in order to give the parties adequate time to move for certification to the Massachusetts Supreme Judicial Court. Id. at 30 & n.10.

So what are we left with? Considering the court’s apparent lack of confidence in its own decision and its near insistence that the parties seek certification of the decision to the Massachusetts Supreme Court, it may be too early to say what, if anything, this decision means for other retailers even in Massachusetts. Is certification actually in order? Probably a tough call when you look at the gap between the accuracy of the result and the accompanying ZIP code reasoning. Retailers who were unhappy with the California Supreme Court’s opinion in Pineda probably will not be any more pleased with the court’s ZIP code reasoning here. But the result? You bet!

 

Published In: Civil Procedure Updates, Civil Remedies Updates, Consumer Protection Updates, Finance & Banking Updates

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Proskauer - Privacy & Data Security | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »