On February 10, 2011, the California Supreme court issued a decision that a customer’s Zipcode constitues personal identification information (PII) and that requesting or recording a customer’s Zipcode or any other such information could subject retailers to potential litigation. While lower courts ruled that a Zipcode is not PII, but was overturned by the Supreme Court’s recent ruling.
Law suits have been filed against retailers for years under the Song-Beverly Credit Card Act of 1971, but this particular ruling will likely open the flood gates, especially against large retailers that typically ask for this type of information. What is a bit ironic here is that retailers often ask for this information to protect the consumer. However, many retailers also retain the information to analyze geographic distribution of their customer base. In its ruling, the court states “the interpretation is more consistent with the rule that courts should liberally construe remedial statutes in favor of their protective purpose”. The court went on to explain that merchants can ask for reasonable means of identification but cannot record any of the data.
Online vendors have been collecting this type of information for years in order to validate identity of clients and limit fraudulent transactions. In fact, it’s actually required by payment gateways in order to approve a transaction in most cases. It seems to me that a retailer that asks for this type of information, doesn’t pass it along to anyone and takes the necessary steps to secure the information is protecting consumers from potential fraud. Could this be the beginning of government restrictions on analyzing customer data for business process improvement when it comes to online business? How long will it be before these types of rulings begin to affect what internet shoppers are required to provide to online merchants?
What do you think?