'What's your Zip?' This seemingly harmless question, asked by hundreds of retailers, has now been deemed illegal in the California Supreme Court, reversing two lower court decisions.

In Jessica Pineda v. Williams-Sonoma, the plaintiff argued that Williams Sonoma violated the Song-Beverly Credit Card Act of 1971, which prohibits companies from recording any 'personal identification information' without the customer's prior knowledge. Using her Zip code, Williams Sonoma was then able to identify Pineda for marketing purposes, which, the court says, broke privacy laws.

According to court papers, Williams Sonoma 'used customized computer software to perform reverse searches from databases that contain millions of names, e-mail addresses, telephone numbers, and street addresses, and that are indexed in a manner resembling a reverse telephone book. The software matched plaintiff's name and Zip code with plaintiff's previously undisclosed address, giving defendant the information, which it now maintains in its own database. Defendant uses its database to market products to customers and may also sell the information it has compiled to other businesses.'

In its ruling on February 10, the court noted that the penalty for such a breach could cost the firm up to $1,000 per violation. Perhaps unsurprisingly, in the week since the decision was announced, lawyers throughout California have filed class action lawsuits against some of the most recognizable retailers, including Old Navy, Target, Macy's, Toys 'R' Us, Tiffany & Co., The Container Store, Radio Shack, Nordstrom, and others.

Tara Darow, a spokeswoman for Nordstrom, told The Wall Street Journal, 'We care a great deal about our customer's privacy and take many measures to safeguard any information they voluntarily provide us.'

In 2008, a similar case brought against Party City was dismissed because the plaintiffs couldn't prove that Party City explicitly used Zip codes to do a reverse search of their records to find a customer's actual address. David Faustman, a lawyer in San Francisco who represented Party City in that case, told Reuters that the 'decision is wreaking havoc for retailers.'

'It's a very unfortunate opinion that's going to plague retailers who collect Zip codes for very innocent purposes that have nothing to do with tracking somebody down,' Faustman told the paper. 'And the potential damages are just massive, amounting to a violation of due process.'

Though the maximum fine set by the courts is $1,000 per transaction, experts involved say that it's unlikely a trial court will impose such a severe penalty. "As we have previously noted, the statute "does not mandate fixed penalties; rather, it sets maximum penalties of $250 for the first violation and $1,000 for each subsequent violation," wrote Justice Carlos R. Moreno in his Feb. 10 decision. "Presumably this could span between a penny (or even the proverbial peppercorn we all encountered in law school) to the maximum amounts authorized by the statute."