Four Wheel Data Drive: The Data Protection and Notification Requirements Automotive Dealers Need To Know
What's the Law?
The Gramm- Leach-Bliley Act, or GLBA, requires financial institutions to disclose their information-sharing practices to customers and protect customer sensitive information. The FTC has the power to implement and enforce the GLBA against financial institutions, and considers auto dealerships "financial institutions" as they assist or provide financing to their consumers and customers, and thus collect and maintain sensitive data that is susceptible to cybercrime. Welcome to the big leagues.
How This Affects You Now
Auto dealers, here's what you need to know. Your team is required to establish a program to protect the confidential and sensitive data of customers and employees, and if that data is stolen or misused you must provide proper notice to those customers or employees whose confidential data was, or may have been, compromised. There are detailed requirements under the FTC's Privacy Rule, Safeguards Rule, and various data breach notification statutes. Whether your company operates in New York, California, and Florida, which we detail in the article linked below, or elsewhere, your operations need to fill the following requirements, to get ahead - or catch up - on data protection.