Of all the information I’ve been asked to provide at the register, my zip code has always been the least of my concerns when it comes to privacy issues. Back in the day when I paid with checks most of the time, cashiers recorded my driver’s license number and birthday – highly “personal” information. So I never thought twice about providing my zip code during a credit card transaction. Really, how personal can a zip code be? It belongs to a group of people, not just me. Well, as has been brought to light by a lawsuit settled in California last week, a zip code can be mighty personal indeed.
Your zip code can be used in connection with your name to reveal all sorts of information about you, including your address. Retailers want to use it for marketing purposes, but the same information may also be used to commit credit card fraud and identity theft. Thus, the California Supreme Court ruled unanimously last week it is a violation of the Song-Beverly Credit Card Act of 1971 (a California consumer privacy law) for a retailer to ask for your zip code during a credit card transaction.
The exceptions to this ruling include zip codes requested at gas pumps for security purposes, and zip codes requested during transactions related to the shipping of packages.
The California Supreme Court’s decision last week against Williams-Sonoma reverses two lower court opinions that previously concluded retailers are within their legal rights to ask for customer zip codes. And the Supreme Court’s ruling applies retroactively, which has initiated as many as 20 additional lawsuits for similar violations of privacy against retailers that include Walmart, Victoria’s Secret, Bed Bath and Beyond, Crate & Barrel, Old Navy, Target and Macy’s. Most of these cases are expected to be settled out of court. The maximum fine for the first offense is $250 and $1,000 for all subsequent violations.