This is page 2 of:
Williams-Sonoma Zip Code Ruling: Just In Time To Be Irrelevant
Keep in mind that this is a California law, and this ruling is specific to the Golden State. The impact is bigger than that, though—partly because California is so big, but also because the state is a bellwether for both retail and legal trends. When California courts decide to expand the range of what qualifies as personally identifiable information in retail, other courts are likely to follow.
That leads to the other irony, which is that old-school techniques such as collecting Zip codes are already on the way out. To stop collecting that information is much less of a hardship for retailers today. Sure, it’s easier than ever to feed names and Zip codes into database engines that spit out mailing lists to target unenthusiastic customers.
But today, huge numbers of in-store customers will voluntarily divulge much more—and much better—information. How much they spend, what stores they visit, what products they buy and which coupons they use can all be tracked in detail, and with customers’ full cooperation.
Online, customers will volunteer E-mail addresses and personal information and even tie themselves to retailers’ Facebook pages. Does that customer’s IP address qualify as personally identifiable information? Interestingly enough, an IP address in the online world is much more specific—and therefore identifies a consumer much more closely—than does a Zip Code in the physical world.
This fact was actually addressed in a 2009 court case, when a federal judge in Seattle ruled that “in order for ‘personally identifiable information’ to be personally identifiable, it must identify a person. But an IP address identifies a computer.” Is that a material distinction in a privacy discussion?
It hardly matters—the customers you want will likely be glad to tell you all about themselves.
Mobile commerce is still in its early stages, but it’s quickly developing the same pattern. You don’t have to be sneaky to squeeze phone numbers out of customers. They’ll jump at the chance to sign up to receive your text alerts, coupons and other mobile shopping offers. And this is above and beyond all of the location- and cell-phone-specific data that mobile devices surrender automatically.
Remember Best Buy’s ill-conceived in-store kiosks that looked just like its Web site, except with higher prices? Those turned out to be illegal, too. Today, of course, such a tricky gimmick is useless. So many customers can check a real Web site on their phones that a deceptive kiosk wouldn’t last a week. It’s not just illegal; it’s obsolete.
The days of trying to trick the unwilling into listening to pitches they don’t want to hear are gone. You have real, enthusiastic customers who believe loyalty programs and text alerts aren’t annoyances or invasions of privacy but valuable shopping tools. They want to spend more money at their favorite retailers.
But wasting your associates’ time in questionably legal efforts to scrape up a little information that can be spun out into mailing lists that will only irritate uncommitted customers? Even if it weren’t illegal, that’s a crime against retail.
-Marc
February 17th, 2011 at 9:52 am
It’s a shame the court did not do more research into the use of zip codes in transactions. Gas stations have been pushed to prompt for zip codes at the pump by the card brands as a fraud prevention method. One can argue that the merchant should not store it, which seems fine. Taking away this fraud prevention tool will be a big win for the criminals in CA.
There is more irony in this story. New Jersey passed a law last year effectively requiring merchants capture zip codes when selling gift cards. If the merchant doesn’t have a some personal information of the purchaser, zip code being sufficient, the merchant must turn over the breakage to the state.
February 17th, 2011 at 10:40 am
I’m still trying to get a ruling from our Acquirer, but how will this play out when the POS is looking for a ZIP for Address Verification? Sure, you shouldn’t need this if the card was swiped, but unfortunately that is not always the case.
I understand that the retailer can collect the ZIP but just not use it for marketing reasons. Unfortunately all the customer knows is that they do not have to give out their ZIP.
February 17th, 2011 at 11:22 am
Typical California. Does this mean that providing your drivers license or other form of ID that is asked for consitute an unlawful act? Most ID’s have an address and all Drivers Licenses do as well.
What should have been judged is that the storing of any address / phone information should be regarded as illegal unless the person is signing up for a “Reward / Marketing” type program.
Once again people in power that don’t understand a process make bad decisions. I sure hope no one steals his credit card.
February 19th, 2011 at 4:23 pm
Although I have not heard a definitive confirmation yet one way or the other, my reading of the decision:
http://www.courtinfo.ca.gov/opinions/documents/S178241.PDF
makes me lean towards the interpretation that the Court’s objection was specifically WS’s recording of the ZIP code after the sales transaction was complete (note the use of the verbiage “end of the transaction” in the ruling) for later use in marketing activities. If that’s indeed the case, asking for it in the course of card transaction approval would seem to be a legitimate and lawful activity – the language esp. on page 12 seems to support this. However, if you read the first paragraph on page 13, you could easily take the contrary view. I am keenly interested to see which view is ultimately correct – as this would indeed be a significant setback to fraud prevention efforts in many industries in many parts of the US if it was no longer allowed.
March 16th, 2011 at 4:38 pm
The practice of asking for driver’s licenses to verify identity is allowed by the statute and the court repeats that in its decision. Recording the information is prohibited.