Investigative & Security Professionals for Legislative Action

CA PII includes ZIP codes

16 Mar 2011 2:08 PM | Anonymous member (Administrator)
California “Personal Identification Information” to include ZIP codes

Effects of last month’s California Supreme Court decision in Pineda v. Williams-Somona Stores, Inc. are bringing forth unexpected litigation.

In California, stores are prohibited from soliciting from their customers ZIP code information and storing such information in connection with credit card transactions which occur within their establishments. This ruling may expand the general definition of “personal identification information” or what is now commonly referred to as “PII” by including consumers’ ZIP codes in the classification. California’s Song-Beverly Credit Card Act prohibits retailers in that state from these business practices.

In a privacy alert from Ropes & Gray furnished to ISPLA, they note that the effect of this ruling “is compounded by the fact that in 2008, this practice was considered exempt from the Act by California’s 4th District Court of Appeals holding in Party City Corp. v. Superior Court which held that ZIP codes were too general to be covered by the Act because they pertain to a group of individuals, unlike an address or telephone number that is specific in nature regarding an individual.” The firm indicates it is not clear as to those states having similar statutes upon which the Act was based, namely New York, Massachusetts, Rhode Island, Delaware, Maryland and Nevada. However, these states do not expressly prohibit acquiring ZIP codes.

In California alone, since the February 10 decision, lawsuits have been filed against Bed Bath & Beyond, Cost Plus Inc., Crate & Barrel, Macy’s, Old Navy LLC, Target, Victoria’s Secret and Wal-Mart. Violations of the Act call for a maximum fine of $250 for the first violation and $1,000 for each subsequent one. Thus, large retailers may have considerable financial exposure.

This report should not be construed as legal advice. Privacy is not really dead and there are many out there who are not going to get over it. Remember - it was the violation of a California security data breach law in 2004 which created havoc with the major information data providers resulting in redacted SSNs and numerous unsuccessful ensuing attempts by Congress to deny private investigators access to “credit headers” and other personal identification information.

Bruce Hulme
Director of Government Affairs
Investigative & Security Professionals for Legislative Action – Real Investigators, Real Professionals, Real Representation!


Powered by Wild Apricot. Try our all-in-one platform for easy membership management