Yesterday, this blog examined a recent development in Missouri in which legislation is being considered that would potentially affect credit card users, as well as those merchants that use card processing systems. Another local case has arisen with statewide consequences, this time in Massachusetts. The specific lawsuit was Melissa Tyler vs. Michaels Stores, Inc., in which a customer successfully sued a chain of stores for unlawfully gathering her zip code.
One of the key points in the motion appears to have been whether or not just the collection of the zip code data alone could be considered as a violation of privacy if there was no specific evidence of fraud or other malicious actions. The state's Supreme Judicial Court ruled that just the act of taking this information down, however, was enough to be seen as a transgression, especially since the data was not needed for the completion of the purchase.
Section 105 under Chapter 93 of Massachusetts General Law provides the existing regulations concerning the transcribing of such information that was cited in the case.
"No person, firm, partnership, corporation or other business entity that accepts a credit card for a business transaction shall write, cause to be written or require that a credit card holder write personal identification information, not required by the credit card issuer, on the credit card transaction form. Personal identification information shall include, but shall not be limited to, a credit card holder's address or telephone number," the original text says.
It is possible that some merchants that remain unaware of the provisions of the law may unwittingly commit an error, especially if they use outdated or irrelevant credit card processing software. This is just one of many reasons that card payments should be handled by systems that are certified, well-equipped and operating correctly.