I’D BEEN WAITING IN LINE FOR ALMOST 20 MINUTES and had my hand poised to swipe my debit card, but the question still seemed worth asking.
“I’m sorry — why do you need my ZIP code?”
The cashier selling me a ticket to the Art Institute of Chicago on this snowy Saturday afternoon looked a bit perplexed.
“They use it for marketing. I think.”
When I asked how they do that thing and what I could expect to receive, she admitted she didn’t know. “But if you show an Illinois I.D. I can give you $2 off your ticket price,” she volunteered brightly.
I gave her the digits, but not happily. And if I’d been paying for my ticket with a credit card in California, the Art Institute could have incurred a fine of up to $1,000 for asking for that information.
A ruling handed down by a State Supreme Court in February says asking for and storing ZIP codes as part of a face-to-face credit card sale violates California’s credit card protection acts. Those prohibit the capture and storage of personally identifiable information in the course of a live credit-card transaction — what’s called a “card present” sale, as opposed to an online one.
Lots of list entities and marketing associations filed friend of the court briefs to say that ZIP codes couldn’t be personally identifiable information (PII). Problem is, they can, if you combine the ZIP and the user name and run them through a lookup database. That will give you an address and phone number suitable for entering in your database — or for releasing to third parties. Williams-Sonoma admitted to doing both those things in the case that gave rise to the high court decision.
And it’s something that growing numbers of consumers are becoming wary of. Users have recently expressed concerns about PII leaks in everything from online tax filings to healthcare information submitted to hospital intake workers. A survey conducted by the Ponemon Institute found that while 36% of consumers feel privacy is a “less important” worry than five years ago (not surprising in an age when some people will share family photos and even current locations in social media), exactly the same proportion of respondents said it had become “more important” in that time.
So, one-third of the public see controlling the use of their data as a crucial issue of privacy. That one-third could turn the tide in some of the 15 states that have laws like California’s — or in Congress, where “Do Not Track” web bills are currently under consideration.
Marketers, you’d better start thinking about what information you ask for, and stop assuming consumers will find it worth trading a bit of their personal privacy for the privilege of being marketed to.
And for Pete’s sake, at least train your cashiers to have an informed, transparent answer to the question: “Why do you need it?”