On January 6 the U.S. District Court of Massachusetts held that “zip codes” are Personal Identifiable Information under Massachusetts law. This is the second state to broaden its definition of PII to include zip codes.
California was the first. What this means for businesses with breach laws that include PII is that there is another whole subset of data that they will now need to be concerned with. If this trend continues data classification guides as well as approaches for collecting and safeguarding this information will need to become more sophisticated.