Certain businesses ― including auto dealerships ― are subject to the Safeguards Rule, which was designed by the Federal Trade Commission (FTC) to protect customer information from being shared inappropriately as required by the Gramm-Leach-Bliley Act.
The FTC has issued a warning to auto dealers stating that the agency does not conduct onsite investigations for privacy violations.
This is in response to situations where frauds posed as FTC agents, presumably to gain access to customer information.
Practically speaking, however, many businesses are not in full compliance with the law. And some auto dealerships are among the worst offenders. If your dealership is found by the FTC to be careless with sensitive customer information, the fines can be hefty, up to $11,000 per day until a dealership comes into compliance.
Specifically, the Safeguards Rule requires dealers “to develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts and contains administrative, technical, and physical safeguards that are appropriate to your size and complexity, the nature and scope of your activities, and the sensitivity of any customer information at issue.”
According to the FTC, customer information includes personally identifiable data collected by dealers in connection with finance, lease, or insurance contracts, unless the information is publicly available.
The FTC is clear about the requirements for compliance. Your business must:
With a large staff busy with customers all day long, it can be hard to know if all your employees are taking sufficient precautions to protect confidential information. Still, it must be done. It should take only a few minutes to conduct a self-audit to look for telltale signs of lax practices. Here are four key steps to help your dealership stay in compliance:
Don’t just conduct a self-audit once and then forget about it. Run through these four steps periodically to ensure that your business is continuing to comply with the law. Important: Address any violations you uncover immediately.
Auto dealers also have additional requirements to comply with the Gramm-Leach-Bliley Act and the FTC’s Privacy Rule. Click here for some answers from the FTC to questions that auto dealers frequently ask.