Four Wheel Data Drive: The Data Protection and Notification Requirements Automotive Dealers Need To Know
The Gramm-Leach-Bliley Act and Data Breach Notification Statutes in NY, CA, and FL As Applied to Retail Automotive Dealerships
While autonomous car technology currently dominates privacy and security headlines in the automotive sector, cybersecurity should be top of mind for all players in our industry, including retail automotive dealerships. In fact, the FTC requires car dealers to match data protection standards required by financial institutions.
What's the Law?
The Gramm- Leach-Bliley Act, or GLBA, requires financial institutions to disclose their information-sharing practices to customers and protect customer sensitive information. The FTC has the power to implement and enforce the GLBA against financial institutions, and considers auto dealerships "financial institutions" as they assist or provide financing to their consumers and customers, and thus collect and maintain sensitive data that is susceptible to cybercrime. Welcome to the big leagues.
How This Affects You Now
Auto dealers, here's what you need to know. Your team is required to establish a program to protect the confidential and sensitive data of customers and employees, and if that data is stolen or misused you must provide proper notice to those customers or employees whose confidential data was, or may have been, compromised. There are detailed requirements under the FTC's Privacy Rule, Safeguards Rule, and various data breach notification statutes. Whether your company operates in New York, California, and Florida, which we detail in the article linked below, or elsewhere, your operations need to fill the following requirements, to get ahead - or catch up - on data protection.
To read more, click here.