Attention Automotive Dealers: Privacy Laws You Must Know and Follow

Did you know that as an automotive dealer, you are required to follow strict privacy laws to protect your customers' personal information? These regulations are not just best practices—they are the LAW, and failure to comply can result in fines as high as $100,000 per violation for dealerships and $10,000 per violation for individuals responsible.

Here’s a quick breakdown of the key privacy laws you need to be aware of:

Gramm-Leach-Bliley Act (GLBA) - The Big One This federal law requires dealers to protect customer privacy and data security. Here’s how: ?? Privacy Rule: Controls how you share customer info when they apply for credit or leasing products. ?? Safeguards Rule: Requires you to develop a written information security program to protect customer data. ?? Privacy Notices: Yes, you must give consumers privacy notices BEFORE they become customers, outlining:

• What personal information you collect
• How it's collected and used
• Which third parties have access to it

The Disposal Rule Destroy consumer reports properly to ensure sensitive information doesn’t fall into the wrong hands. This isn’t optional. It’s critical.

Encryption Requirements Data security goes beyond physical shredding. Dealers must: Encrypt all Personally Identifiable Information (PII) in transit and at rest. Prohibit the use of unencrypted text or email for sharing PII by sales staff.

State Privacy Laws - Watch Out for CCPA! If you do business in California, you must comply with the California Consumer Privacy Act (CCPA), which gives consumers more rights over their personal information, like: The right to know what information you collect. The right to request deletion of their personal information. The right to opt-out of data sales.

Penalties for Non-Compliance Not following these laws can be a costly mistake: Up to $100,000 per violation for the dealership. Up to $10,000 per violation for individual managers responsible.

What Should You Do Next? 1?? Review your dealership's data privacy practices. 2?? Ensure customer PII is encrypted in transit and at rest. 3?? Train your team on how to handle personal data securely. 4?? Verify that your privacy notices are up to date.

Need help staying compliant? DealerPhones can support your dealership’s privacy compliance with technology that protects customer data through encrypted communications and secure call and text records. Protect your dealerships interests and give me a call. You know you could do better!