Records And Briefs:
Privacy. Statute, Construction. Consumer Protection Act, Consumer, Availability of remedy. Words, "Personal identification information," "Credit card transaction form."
This court, in construing G. L. c. 93, § 105 (a), which prohibits anyone accepting a credit card for a business transaction from writing personal identification information not required by the credit card issuer on the credit card transaction form, concluded, in light of the principal purpose of the statute (i.e., to guard consumer privacy in credit card transactions and not to protect against credit card identity fraud) [494-499], that a zip code constitutes "personal identification information" for the purposes of the statute [499-501]; that the term "credit card transaction form" refers equally to electronic and paper transaction forms [504-506]; and that a plaintiff may bring an action for violation of G. L. c. 93, § 105 (a), without alleging a claim of identity fraud [501-504].
CERTIFICATION of a question of law to the Supreme Judicial Court by the United States District Court for the District of Massachusetts.
Jeffrey I. Carton, of New York (Douglas Gregory Blankinship with him) for the plaintiff.
Eric R. McDonough, of California (Jonathan W. Lent with him) for the defendant.
Joseph J. Lazzarotti, of New Jersey, & David J. Kerman & Brian C. Childs, for Retail Litigation Center, amicus curiae, submitted a brief.
BOTSFORD, J . In 2011, Melissa Tyler, a customer of Michaels Stores, Inc. (Michaels), filed an action on behalf of herself and a putative class of Michaels customers in the United States District Court for the District of Massachusetts. Tyler's complaint alleged that Michaels unlawfully writes customers' personal identification information on credit card transaction forms in
violation of G. L. c. 93, § 105 (a) (§ 105 [a]), when Michaels's employees request and record customers' zip codes in processing credit card transactions. [Note 1] A judge of the United States District Court for the District of Massachusetts certified the following questions to this court pursuant to S.J.C. Rule 1:03, as appearing in 382 Mass. 700 (1981):
"1. Under [G. L. c.] 93, [§] 105 (a), may a [zip code] be 'personal identification information' because a [zip code] could be necessary to the credit card issuer to identify the card holder in order to complete the transaction?"
"2. Under [G. L. c.] 93, [§] 105 (a), may a plaintiff bring an action for this privacy right violation absent identity fraud?"
"3. Under [G. L. c.] 93, [§] 105 (a), may the words 'credit card transaction form' refer equally to an electronic or a paper transaction form?"
We answer "Yes" to the first question, but for different reasons than the judge set forth in the question itself. We also answer "Yes" to the second and third questions.
Background. Tyler's complaint alleges the following facts that we accept as true for the purposes of answering the certified questions. On several occasions during the past year, Tyler made purchases with a credit card at a Michaels retail store in Everett. During these transactions, a Michaels employee asked Tyler to provide her zip code. Tyler disclosed the number under the mistaken impression that she was required to do so in order to complete the credit card transaction, but in fact, the credit card issuer did not require Michaels to request zip codes. Michaels maintains a policy of writing customers' names, credit card numbers, and zip codes on electronic credit card transaction forms in connection with credit card purchases. Michaels used Tyler's name and zip code in conjunction with other commercially
available databases to find her address and telephone number. Tyler subsequently received unsolicited and unwanted marketing material from Michaels.
Tyler filed her class action complaint against Michaels on May 23, 2011, claiming that Michaels's electronic recording of customer zip codes amounts to writing personal identification information on a credit card transaction form in violation of § 105 (a) and therefore constitutes an unfair or deceptive act or practice as defined in G. L. c. 93A, § 2. The complaint also contains a claim for unjust enrichment and seeks a declaratory judgment that Michaels's collection of zip codes violates § 105 (a). Michaels filed a motion to dismiss the complaint on July 22, 2011. On January 6, 2012, the District Court judge granted the motion. The judge concluded that (1) Tyler sufficiently alleged a violation of § 105 (a) because zip codes constitute personal identification information, [Note 2] and Michaels's electronic credit card terminal may contain "credit card transaction form[s]" within the meaning of § 105 (a); but (2) the complaint failed to allege that Michaels's collection of zip codes caused Tyler an injury cognizable under G. L. c. 93A. The judge also concluded that the complaint failed to state a claim for unjust enrichment and that Tyler was not entitled to the declaratory relief she sought. At the invitation of the judge, on January 13, 2012, Tyler filed a motion to certify certain questions concerning the proper interpretation of § 105 (a) to this court. The judge certified the three questions set forth supra.
Discussion. All three questions turn on the meaning and purpose of § 105 (a), and G. L. c. 93, § 105 (§ 105), more generally. It is therefore useful to identify the purpose or purposes of these statutory provisions at the outset.
Section 105 (a) provides:
"No person, firm, partnership, corporation or other business entity that accepts a credit card for a business transaction
shall write, cause to be written or require that a credit card holder write personal identification information, not required by the credit card issuer, on the credit card transaction form. Personal identification information shall include, but shall not be limited to, a credit card holder's address or telephone number. The provisions of this section shall apply to all credit card transactions; provided, however, that the provisions of this section shall not be construed to prevent a person, firm, partnership, corporation or other business entity from requesting information . . . necessary for shipping, delivery or installation of purchased merchandise or services or for a warranty when such information is provided voluntarily by a credit card holder."
Section 105 (d) states that "[a]ny violation of the provisions of this chapter shall be deemed to be an unfair and deceptive trade practice, as defined in section 2 of chapter 93A." Thus, a violation of § 105 (a) is unlawful under G. L. c. 93A, § 2, [Note 3] and may be the basis for a claim under c. 93A, § 9. [Note 4]
The judge opined that the main purpose of § 105 (a) is to prevent identity fraud and not, as Tyler contends, to protect consumer privacy. Michaels advances the same interpretation of the statute as the judge. We disagree for three reasons.
First, keeping in mind the rule that the actual words chosen by the Legislature are critical to the task of statutory interpretation, [Note 5] there is nothing in the actual language of § 105 (a) to suggest that its purpose is confined to preventing identity fraud. Rather, by its inclusive terms § 105 (a) reflects concern about,
and an intent to limit, disclosure of personal information leading to the identification of a particular consumer generally.
Thus, § 105 (a) expressly "applies to all credit card transactions" and delineates a general prohibition that "[n]o person, firm, partnership, corporation or other business entity . . . shall write, cause to be written or require that a credit card holder write personal identification information, not required by the credit card issuer, on the credit card transaction form" (emphases supplied). The statute also defines "[p]ersonal identification information" in a nonexclusive manner, stating that the term "shall include, but shall not be limited to, a credit card holder's address or telephone number." Id. We discern nothing in these expansive and general terms that indicates or suggests that prevention of identity fraud was the single point of legislative focus.
Second, and contrary to the District Court judge, we find the title of § 105 to offer useful guidance. See, e.g., American Family Life Assur. Co. v. Commissioner of Ins. 388 Mass. 468 , 474, cert. denied, 464 U.S. 850 (1983), and cases cited ("although the title of an act cannot control the plain provisions of the act, it may aid construction of ambiguous clauses"). Section 105 was inserted in the General Laws by St. 1991, c. 414, § 1. The title of this act is "An Act relative to consumer privacy in commercial transactions." The significance of this title gains strength from the fact that in the text itself, the Legislature inserted a caption into the General Laws for this new legislation. Thus, St. 1991, c. 414, § 1, begins: "Chapter 93 of the General Laws is hereby amended by adding under the caption 'CONSUMER PRIVACY IN COMMERCIAL TRANSACTIONS,' the following two sections: [§§ 104 [Note 6] and 105]." Both title and caption thus expressly reference "consumer privacy in commercial transactions," reinforcing the view that the Legislature indeed was concerned, as Tyler suggests, about privacy issues in the realm of commercial dealings and in any event was not necessarily focused solely on preventing identity fraud.
The third reason for our disagreement relates to the legislative
history of § 105. See Commonwealth v. Welch, 444 Mass. 80 , 85 (2005), rev'd on other grounds, O'Brien v. Borowski, 461 Mass. 415 , 425 (2012) (although "[o]ur starting point is . . . the plain language of the statute, . . . we also seek guidance from its legislative history"). As detailed in the following paragraph, this history strongly suggests that there were at least two privacy-related purposes underlying § 105: credit card identity fraud and consumer privacy.
The legislation that ultimately was enacted as § 105 in December of 1991 was introduced by Senator Lois Pines and then Representative Suzanne Bump. See 1991 Senate Doc. No. 89; 1991 Senate Doc. No. 1510; 1991 House Doc. No. 6112. The legislative record pertaining to this legislation includes a memorandum specifically prepared in March, 1990, for Senator Pines by the Boston University Legislative Services, entitled "A Bill regulating check cashing and credit card acceptance procedures" (Pines memorandum) and a report prepared in November, 1990, by the Massachusetts Public Interest Research Group (MASSPIRG), entitled "What They Know Can Hurt You: A Survey of Retail Merchant Check Cashing and Credit Card Policies" (MASSPIRG report). The Pines memorandum describes the need for, and contains a preliminary draft of, the text of what became 1991 Senate Doc. No. 89, a bill introduced by Senator Pines that served as the principal predecessor to 1991 Senate Doc. No. 1510. See Pines memorandum, supra at 2-7, 38. The 1991 Senate Doc. No. 1510, in turn, was enacted as St. 1991, c. 414. [Note 7] These documents indicate that the proposed legislation had two distinct goals: for check transactions (now covered in § 105 [b] [Note 8] ), the goal or purpose was to prohibit recording of credit card information on checks to prevent misuse
and credit card fraud; [Note 9] and for credit card transactions (now covered in § 105 [a]), the purpose was to safeguard consumer privacy and more particularly to protect consumers using credit cards from becoming the recipients of unwanted commercial solicitations from merchants with access to their identifying information. [Note 10] Additional evidence of the Legislature's dual purpose in creating § 105 may be derived from Governor Weld's
papers concerning 1991 Senate Doc. No. 1510, which contain an October, 1991, memorandum from the Executive Office of Consumer Affairs (Consumer Affairs memorandum), and a December, 1991, memorandum from the Governor's deputy legal counsel (Governor's memorandum). They explain that the objective of 1991 Senate Doc. No. 1510 "is to protect consumers' privacy and protect them from fraud." Consumer Affairs memorandum, supra at 1. Governor's memorandum, supra at 2.
To summarize: based on the text, title and caption, and legislative history of § 105, we are persuaded that the principal purpose of § 105 (a), in contrast to § 105 (b), is to guard consumer privacy in credit card transactions, not to protect against credit card identity fraud. [Note 11] Against this backdrop, we now turn to the three certified questions.
1. Meaning of "personal identification information." The first certified question asks whether a zip code is "[p]ersonal identification information" under § 105 (a). [Note 12] The statute defines "personal identification information" as including, but not
limited to, "a credit card holder's address or telephone number." G. L. c. 93, § 105 (a). As indicated previously, this definition is explicitly nonexhaustive. Although a cardholder's address and telephone number unquestionably constitute personal identification information, the definition leaves open the possibility that other information may also so qualify. Tyler contends that because a zip code is part of an address, and § 105 (a) defines a cardholder's address as personal identification information, the zip code automatically qualifies as personal identification information as well. [Note 13] Even if we agree with Michaels that this deductive reasoning fails, we still conclude that a zip code may well qualify as personal identification information under § 105 (a). This is so because, according to (and accepting for present purposes) the allegations of the complaint, a consumer's zip code, when combined with the consumer's name, provides the merchant with enough information to identify through publicly available databases the consumer's address or telephone number, the very information § 105 (a) expressly identifies as personal identification information. In other words, to conclude in those circumstances that zip codes are not "personal identification information" under the statute would render hollow the statute's
explicit prohibition on the collection of customer addresses and telephone numbers, and undermine the statutory purpose of consumer protection. See Adamowicz v. Ipswich, 395 Mass. 757 , 760 (1985), quoting Lexington v. Bedford, 378 Mass. 562 , 570 (1979) ("The construction of a statute which leads to a determination that a piece of legislation is ineffective will not be adopted if the statutory language is 'fairly susceptible to a construction that would lead to a logical and sensible result' ").
2. Requirements for bringing an action under § 105 (a). The second question asks whether a plaintiff may bring an action for a violation of § 105 (a) absent identity fraud. We see no reason to read into the statute a requirement that one be the victim of identity fraud in order to assert a claim under that statute. It does not contain an express limitation to that effect, and as previously discussed, we interpret § 105 (a) itself as being intended primarily to address invasion of consumer privacy by merchants, not identity fraud. The achievement of this purpose would be hindered rather than advanced by imposing a requirement that the plaintiff be a victim of identity fraud in order to raise a claim of statutory violation. See Commonwealth v. De'Amicis, 450 Mass. 271 , 276 (2007), quoting Hanlon v. Rollins, 286 Mass. 444 , 447 (1934) ("a statute must be interpreted according to the intent of the Legislature ascertained from all its words . . . considered in connection with the cause of its enactment, the mischief or imperfection to be remedied and the main object to be accomplished").
Accordingly, our direct answer to the second question is that a plaintiff may bring an action for a violation of § 105 (a) without alleging a claim of identity fraud. We accept the judge's invitation to expand on this answer, however, and consider briefly the issue of what must be alleged in such an action with respect to injury or loss.
Because § 105 (d) provides that a violation of § 105 (a) "shall be deemed to be an unfair and deceptive trade practice, as defined in [G. L. c. 93A, § 2]," a consumer seeking to bring an action for a violation of this statute would do so pursuant to G. L. c. 93A, § 9 (1), as Tyler has done in this case. A complaint under G. L. c. 93A, § 9 (1), see note 4, supra, must allege that the plaintiff has been "injured" by the act or practice claimed
to be unfair or deceptive and therefore unlawful under c. 93A, § 2. Tyler relies on Leardi v. Brown, 394 Mass. 151 (1985) (Leardi), and argues that a violation of § 105 (a) directly equates with an injury under c. 93A, § 9 (1), and therefore, a complaint alleging a violation of § 105 (a), without more, satisfies the injury requirement of c. 93A, § 9, and entitles the plaintiff to recover damages, nominal or otherwise.
The Leardi case considered an amendment to G. L. c. 93A, § 9, that eliminated the requirement that one suffer a "loss of money or property" in order to be "injured" within the meaning of c. 93A, § 9 (1), as appearing in St. 1979, c. 406, § 1. [Note 14] See Leardi, 394 Mass. at 158. This court's decision in Leardi has been a source of some confusion in the years since 1985. The confusion appears to stem from the following language:
"[U]nder circumstances where there has been an invasion of a legally protected interest, but no harm for which actual damages can be awarded, we conclude that the statute provides for the recovery of minimum damages in the amount of $25. . . . [I]n amending G. L. c. 93A, [§] 9, the Legislature exercised its prerogative to create a legal right, the invasion of which, without more, constitutes an injury."
Id. at 160. Later decisions of this court have interpreted the Leardi case and the language quoted here in different ways. [Note 15]
Nevertheless, our recent decisions generally establish the following. The invasion of a consumer's legal right (a right, for example, established by statute or regulation), without more, may be a violation of G. L. c. 93A, § 2, and even a per se violation of § 2, but the fact that there is such a violation does not necessarily mean the consumer has suffered an injury or a loss entitling her to at least nominal damages and attorney's fees; instead, the violation of the legal right that has created the unfair or deceptive act or practice must cause the consumer some kind of separate, identifiable harm arising from the violation itself. [Note 16] See Rhodes v. AIG Dom. Claims, Inc., 461 Mass. 486 , 496 n.16 (2012) (Rhodes); Casavant v. Norwegian Cruise Line Ltd., 460 Mass. 500 , 504-505 (2011) (Casavant); Iannacchino v. Ford Motor Co., 451 Mass. 623 , 632-633 (2008) (Iannacchino); Hershenow v. Enterprise Rent-A-Car Co. of Boston, 445 Mass. 790 , 801-802 (2006) (Hershenow). To the extent that the quoted passage from Leardi can be read to signify that "invasion" of a consumer plaintiff's established legal right in a manner that qualifies as an unfair or deceptive act under G. L. c. 93A, § 2, automatically entitles the plaintiff to at least nominal damages (and attorney's fees), we do not follow the Leardi decision. Rather, as the Rhodes, Casavant, Iannacchino, and Hershenow decisions indicate, a plaintiff bringing an action for damages under c. 93A, § 9, must allege and ultimately prove that she has, as a result, suffered a distinct injury or harm that arises from the claimed unfair or deceptive act itself. [Note 17]
Returning to § 105 (a), there appear to be at least two types of injury or harm that might in theory be caused by a merchant's
violation of the statute: the actual receipt by a consumer of unwanted marketing materials as a result of the merchant's unlawful collection of the consumer's personal identification information; [Note 18] and the merchant's sale of a customer's personal identification information or the data obtained from that information to a third party. [Note 19] When a merchant acquires personal identification information in violation of § 105 (a) and uses the information for its own business purposes, whether by sending the customer unwanted marketing materials or by selling the information for a profit, the merchant has caused the consumer an injury that is distinct from the statutory violation itself and cognizable under G. L. c. 93A, § 9. [Note 20]
3. Meaning of "credit card transaction form." The third question asks whether the term "credit card transaction form" in
§ 105 (a) should be understood to refer equally to electronic and paper transaction forms. [Note 21]
Section 105 (a) provides that "[n]o person . . . or . . . business entity that accepts a credit card for a business transaction shall write, cause to be written or require that a credit card holder write personal identification information . . . on the credit card transaction form." G. L. c. 93, § 105 (a). The section affirmatively declares that its provisions "shall apply to all credit card transactions" (emphasis supplied), and it contains no language expressly limiting a "credit card transaction form" to a paper form. Accordingly, as noted by the judge, the language of § 105 (a) naturally appears to include all such transactions, whether they are processed manually or electronically. The reference to the verb "write" in § 105 (a) does not foreclose such an interpretation because by definition, the verb encompasses inscriptions made by hand and by typing. Webster's Third New International Dictionary 2640-2641 (1993) (defining "write" to include "to form or produce [a legible character] in, upon, or by means of a suitable medium," "to produce [symbols or words] by machine," and "to form or produce letters, words, or sentences with a pen, pencil, or machine"). See Allen v. Boston Redev. Auth., 450 Mass. 242 , 256 (2007) ("Where a statutory term is not defined, it must be understood in accordance with its generally accepted plain meaning"); G. L. c. 4, § 6, Third ("Words and phrases shall be construed according to the common and approved usage of the language"). Based on the words chosen by the Legislature, therefore, we interpret "credit card transaction form" to apply to transactions involving both electronic and paper forms. [Note 22]
There are other reasons to reject a narrow interpretation of the statutory language advocated by Michaels. To construe § 105 (a) as inapplicable to electronic credit card transactions
would render the statute essentially obsolete in a world where paper credit card transactions are a rapidly vanishing event. See EMC Corp. v. Commissioner of Revenue, 433 Mass. 568 , 570 (2001), quoting Pacific Wool Growers v. Commissioner of Corps. & Taxation, 305 Mass. 197 , 199 (1940) ("statutes are to be interpreted . . . in connection with . . . the history of the times . . . contemporary customs and conditions and the system of positive law of which they are part"). Such a construction would thus fail to carry out the statutory purpose of protecting consumer privacy because it would allow merchants to avoid the statute's prohibition against collecting personal identification information simply by using electronic means to capture and reflect any electronic credit card transaction. Where possible, a statute should not be interpreted to render it ineffective. See Adamowicz v. Ipswich, 395 Mass. 757 , 760 (1985), quoting Lexington v. Bedford, 378 Mass. 562 , 570 (1979).
Conclusion. As to the first certified question, we respond that a zip code constitutes personal identification information for the purposes of G. L. c. 93, § 105 (a). As to the second certified question, we respond that a plaintiff may bring an action for violation of G. L. c. 93, § 105 (a), absent identity fraud. As to the third certified question, we respond that the term "credit card transaction form" in G. L. c. 93, § 105 (a), refers equally to electronic and paper transaction forms.
The Reporter of Decisions is directed to furnish attested copies of this opinion to the clerk of this court. The clerk in turn will transmit one copy, under the seal of the court, to the clerk of the United States District Court for the District of Massachusetts, as the answer to the questions certified, and will also transmit a copy to the parties.
[Note 1] General Laws c. 93, § 105 (a) (§ 105 [a]), prohibits any person or business entity that accepts credit cards for business transactions from writing, or requiring a credit card holder to write, "personal identification information" that is not required by the credit card issuer on the credit card transaction form. G. L. c. 93, § 105 (a).
[Note 2] The District Court judge concluded that zip codes are personal identification information "because a [zip code] may be necessary to the credit card issuer to identify the card holder in order to complete the transaction" and may thus be used fraudulently to assume the identity of the card holder.
[Note 3] Section 2 (a) of G. L. c. 93A provides: "Unfair methods of competition and unfair or deceptive acts or practices in the conduct of any trade or commerce are hereby declared unlawful."
[Note 4] Section 9 (1) of G. L. c. 93A provides: "Any person . . . who has been injured by another person's use or employment of any method, act or practice declared to be unlawful by [§ 2] . . . may bring an action in the superior court . . . for damages and such equitable relief, including an injunction, as the court deems to be necessary and proper."
[Note 5] See, e.g., Sullivan v. Chief Justice for Admin. & Mgt. of the Trial Court, 448 Mass. 15 , 24 (2006), and cases cited ("The object of all statutory construction is to ascertain the true intent of the Legislature from the words used"). See also Sullivan v. Brookline, 435 Mass. 353 , 360 (2001) ("A fundamental tenet of statutory interpretation is that statutory language should be given effect consistent with its plain meaning and in light of the aim of the Legislature unless to do so would achieve an illogical result").
[Note 6] This section contains definitions of the terms "[c]heck" and "[c]redit card" as these terms are used in G. L. c. 93, § 105 (§ 105). See G. L. c. 93, § 104.
[Note 7] The relevant provisions of 1991 Senate Doc. No. 89 closely resemble the corresponding sections of the enacted law. Compare 1991 Senate Doc. No. 89 with G. L. c. 93, §§ 104-105.
[Note 8] Section 105 (b) of G. L. c. 93 provides in part:
"(b) No person, firm, partnership, corporation or other business entity accepting a check in any business or commercial transaction as payment in full or in part for goods or services shall do any of the following: (1) Require, as a condition of acceptance of such check, that the person presenting such check provide a credit card number, or any personal identification information other than a name, address, motor vehicle operator license or state identification card number of such person and telephone number, all of which may be recorded. . . . (4) Require, as a condition of acceptance of the check, that a person's credit card number be recorded in connection with any part of a transaction."
[Note 9] The Pines memorandum explains: "When merchants require persons presenting a check to record credit card information on the back of the check, they expose the check writer to credit card fraud." Pines memorandum, supra at 2. See id. at 21 ("the proposed legislation seeks to protect persons paying by checks from merchant practices that expose them to credit card fraud"). The MASSPIRG report discusses the same objective: "The merchant practice of listing a customer's credit card number on a personal check puts consumers at risk of credit card fraud. The concentration of personal information makes it easy for a dishonest person involved in the payment process to order a new credit card in the consumer's name or make purchases on the card by phone or through the mail." MASSPIRG report, supra at 1-2.
[Note 10] The Pines memorandum states:
"Recording unnecessary personal information on credit card transaction forms leads to an invasion of a card holder's privacy. Many businesses use the additional personal information to compile mailing lists for their own use, or to sell to direct mail houses. . . .
"This legislation also prohibits persons who accept credit cards for purchases from requiring the card holder to provide additional personal information. Specifically, it forbids a person from writing the card holder's address, telephone number or other identification on the credit card transaction form. The statute forbids merchants from requiring provision of this private information as a condition of acceptance of the credit card. This statute forbids this practice when the card issuers do not require such information to complete the transaction. This will prohibit merchants from getting additional information for their own business purposes as a pretense for completing the credit card transaction."
Pines memorandum, supra at prefatory remarks & 23.
Similarly, the MASSPIRG report, supra at 1, states: "[T]he majority of the stores have credit and charge card policies that violate a consumer's privacy by asking for personal information unnecessary for the credit card transaction. . . . The common merchant practice of requiring phone numbers and/or addresses on credit card slips is an invasion of consumers' privacy. This personal information is NOT required by the card companies and is probably being collected for the retailer's marketing purposes."
[Note 11] Michaels, like the District Court judge, relies heavily on a one-page summary prepared by the State House News Service of testimony offered on fifty-four consumer protection bills, including 1991 Senate Doc. No. 89, at a hearing before the Joint Committee on Commerce and Labor on April 1, 1991. State House News Service, April 1, 1991. The summary reports that at the hearing, a MASSPIRG representative noted that most retailers still required personal information, including home telephone and address, to process credit card purchases. Id. The summary also notes that a public school teacher in Brookline described to the committee how his driver's license information written on his credit card receipt was used to purchase goods fraudulently in his name. Id. Finally, the summary indicates that a representative of the Retailers Association of Massachusetts defended the collection of some of the challenged information relating to consumers and noted that merchants need to protect themselves from credit card and check fraud. Id. Although the summary suggests that the proposed legislation, as perceived by testifying members of the public, may have had fraud prevention as one purpose, it does not offer persuasive evidence that fraud prevention was the sole legislative purpose underlying § 105 (a) specifically. Furthermore, the summary only describes select testimony of members of the public; it does not offer direct insight into what was on the minds of the legislators in drafting and ultimately enacting the legislation.
[Note 12] We recognize that the certified question specifically asks whether a zip code qualifies as personal identification information "because a [zip code] could be necessary to the credit card issuer to identify the card holder in order to complete the transaction" (emphasis supplied). In answering the question, we do not focus on the specific reason assigned by the judge but, rather, address the question as asking more generally whether a zip code is "personal identification information" within the meaning of G. L. c. 93, § 105 (a).
[Note 13] Central to Tyler's argument is a decision of the California Supreme Court, Pineda v. Williams-Sonoma Stores, Inc., 51 Cal. 4th 524 (2011) (Pineda). In the Pineda case, the court held that a zip code is personal identification information for the purposes of a California statute, Cal. Civ. Code § 1747.08 (2005) (§ 1747.08), which, the court explained, was specifically aimed at protecting consumer privacy. Pineda, 51 Cal. 4th at 534. Tyler posits that the similarity in language between § 1747.08 and § 105 (a) should render the California Supreme Court's interpretation of § 1747.08 persuasive in interpreting § 105 (a). The District Court judge disagreed with Tyler about the import of the Pineda case and § 1747.08, stating that the Massachusetts Legislature intended § 105 (a) to have a much narrower purpose than its California counterpart. Senator Pines's legislative file relating to § 105 includes a legislative summary and copy of 1990 Assembly Bill No. 2920, the bill that ultimately was enacted by the California Legislature as § 1747.08. However, we do not find it necessary to decide what, if any, influence the California statute had on the Massachusetts legislators who enacted § 105 (a) in 1991, because, quite apart from the California statute, the available legislative history of § 105 (a) discloses that the legislative intent underlying it centered on protecting consumer privacy.
[Note 14] Prior to 1979, G. L. c. 93A, § 9 (1), as amended through St. 1978, c. 478, § 45, provided in relevant part: "Any person who purchases or leases goods, services or property, real or personal, . . . and thereby suffers any loss of money or property . . . as a result of . . . an unfair or deceptive act or practice . . . may . . . bring an action . . . for damages. . . ."
[Note 15] Compare Aspinall v. Philip Morris Cos., 442 Mass. 381 , 401-402 (2004) (explaining that interpretation in Leardi v. Brown, 394 Mass. 151 , 160 , of term " 'injury' in the context of G. L. c. 93A, to denote 'an invasion of a legally protected interest' " was "deliberate, framed after careful consideration of the 1979 amendment to the statute" and that "deceptive advertising," violation of G. L. c. 93A at issue, "if proved, effected a per se injury on consumers" of defectively advertised product within meaning of G. L. c. 93A, § 9 ), with Hershenow v. Enterprise Rent-A-Car Co. of Boston, 445 Mass. 790 , 798-800 (2006) ("misrepresentation of legal rights in a consumer contract may indeed be per se 'unfair' or 'deceptive' under § 2 of G. L. c. 93A. . . . But a plaintiff seeking a remedy under G. L. c. 93A, § 9, must demonstrate that even a per se deception caused a loss. . . . Leardi did not . . . eliminate the required causal connection between the deceptive act and an adverse consequence or loss").
[Note 16] This rule is consistent with the "established principle that to recover under c. 93A, § 9, a plaintiff must prove causation." Rhodes v. AIG Dom. Claims, Inc., 461 Mass. 486 , 496 (2012), citing Hershenow v. Enterprise Rent-A-Car Co. of Boston, supra at 798, 800.
[Note 17] In the present case, for example, if Michaels obtained a customer's zip code, placed that information in a file (paper or electronic), and never used the information for any purpose thereafter, a consumer would not have a cause of action for damages under G. L. c. 93A, § 9, even though Michaels's request for and saving of the zip code information may have violated § 105 (a) and thereby qualified as an unfair or deceptive act.
[Note 18] Cf. Terra Nova Ins. Co. v. Fray-Witzer, 449 Mass. 406 , 407, 409 (2007) (concluding that transmission of unsolicited facsimile advertisements violated recipients' right of privacy, triggering "personal and advertising injury liability" coverage of sender's insurance policy).
[Note 19] These injuries are of the type the Legislature apparently sought to prevent in enacting § 105 (a). See, e.g., Pines memorandum, supra at 23 (explaining proposed bill "will prohibit merchants from getting additional information for their own business purposes as a pretense for completing the credit card transaction"). We do not suggest, however, that these constitute the exclusive types of injury that may give rise to an action for damages; there may be others.
[Note 20] As for damages, it seems unlikely that a merchant's use of a consumer's personal identification information in either manner described in the text would cause the consumer to suffer either a readily quantifiable loss of money or property or measurable emotional distress. Nonetheless, receipt of unwanted marketing material as a result of a § 105 (a) violation represents an invasion of the consumer's personal privacy causing injury or harm worth more than a penny, and the consumer is thus entitled to the minimum statutory damage award of twenty-five dollars under G. L. c. 93A, § 9 (3). The issue of damages becomes more complicated where a merchant sells a consumer's personal identification information acquired in a manner violating § 105 (a), because the harm comes from the merchant's disclosure of the consumer's private information on the open market, not from a direct assault on her privacy. Disgorgement of the merchant's profits may provide an appropriate means of calculating damages in the latter situation, both because it is a close approximation of the value of the consumer's personal identification information on the open market and because such a damage award would remove any financial incentive to merchants to violate the statute. For a single consumer, the amount of damages for such an injury also would likely amount to less than twenty-five dollars, thus triggering the minimum damage award provided by G. L. c. 93A, § 9 (3).
[Note 21] Michaels argues that "a 'credit card transaction form' does not include an electronic database as alleged by [p]laintiff." However, Tyler alleges that Michaels writes its customers' zip codes on an "electronic credit card transaction form." Thus, the relevant question is whether a "credit card transaction form" includes an "electronic credit card transaction form."
[Note 22] Whether the electronic form into which Michaels employees enter zip codes is actually an electronic credit card transaction form is a factual question to be determined by the District Court judge.