In the interest of presenting different perspectives on privacy issues, I note that Kashmir Hill does not seem to share the reaction of privacy advocates who have cheered a decision by the California Supreme Court. The headline of her column, “A Ridiculous California Court Ruling: Zip Codes are Private” was my first hint that she was not pleased.
Kashmir writes:
It’s annoying when a store cashier asks for your zip code when you’re checking out. Depending on just how annoying you find this, you might consider moving to California. It will now be illegal for retailers to ask for that information thanks to a California Supreme Court decision this week. In the Golden State, retailers will be fined for prying into consumers’ neighborhood info.
That’s a bit misleading, though. The California Supreme Court did not hold that zip codes are always personal identification information. They held that within the language of the Song-Beverly Credit Card Act, retailers were prohibited from asking for and storing “personal identification information” for card present transactions.
Section 1747.8 of the statute reads, in part:
1747.8. (a) Except as provided in subdivision (c), no person, firm, partnership, association, or corporation which accepts credit cards for the transaction of business shall do either of the following:
(1) Request, or require as a condition to accepting the credit card as payment in full or in part for goods or services, the cardholder to write any personal identification information upon the credit card transaction form or otherwise.
(2) Request, or require as a condition to accepting the credit card as payment in full or in part for goods or services, the cardholder to provide personal identification information, which the person, firm, partnership, association, or corporation accepting the credit card writes, causes to be written, or otherwise records upon
the credit card transaction form or otherwise.[…]
(b) For purposes of this section “personal identification information,” means information concerning the cardholder, other than information set forth on the credit card, and including, but not limited to, the cardholder’s address and telephone number.
The law does allow businesses to request or require positive identification such as a driver’s license as long as they don’t record it.
Given the language of the law, I think the court got it exactly right if Williams-Sonoma requested and recorded any information that wasn’t on the credit card – in this case, a zip code.
The California Supreme Court didn’t make a zip code “private information.” All they did was apply the clear language of the law and hold that Williams-Sonoma and other retailers cannot do what many may have been doing. If the retailers don’t like it, they can go back to the legislature to see if they can get the law amended.
Update: Tanya Forsheit is also less than thrilled with the ruling. Tanya writes:
Further, while the Court’s reading of the statute might make sense in a vacuum as a matter of plain language statutory interpretation based on the phrase “information concerning,” the Court’s analysis seems to omit any discussion of the words “personal identification” in the term “personal identification information.” Zip codes may be information “concerning” a person, but they do not personally identify any individual.
But in combination with the name on the credit card, the retailer is often able to find the customer’s address and then start mailing the customer. While Tanya does not see potential harm to the customer of collecting zip codes, it may depend on how you view unwanted mail.
In any event, it sounds like this is a matter for the legislature to take up but I still think the court was correct in looking at the plain language.