As you may know, the Gramm-Leach-Bliley Act was signed by President Clinton in 1999. Federal Agencies with regulatory authority were empowered to adopt and implement rules setting forth which entities are subject to the act and how to comply with its provisions. In the case of motor vehicle dealerships, finance companies and collection agencies, the Federal Trade Commission (FTC) is the regulatory agency with enforcement authority. The FTC issued a Final Rule on Privacy of Consumer Financial Information in May, 2000. The FTC’s Final Rule became effective on November 13, 2000. Full compliance with the Act and the Rule are required by July 1, 2001. The stated purpose of the Act and Rule is to ensure that “financial institutions” respect the privacy of their customers and protect the security and confidentiality of “nonpublic personal information” collected when an individual obtains a “financial product or service.” The FTC chose to retain a broad definition of “financial institution.” For example, the definition of “financial institution” encompasses retail sellers of goods if they assist consumers in obtaining credit or extend credit themselves. A motor vehicle dealership is also a financial institution if it, in the regular course of its business, leases motor vehicles on a nonoperating basis for longer than 90 days. Like the definition of financial institution, the FTC also adopted broad definitions for “financial products or services” and “nonpublic personal information”. The definition of “financial products and services” includes the financial institution’s evaluation of information collected in connection with an application by a consumer for a financial product or service, even if the application ultimately is rejected or withdrawn.

It also includes the distribution of information about a consumer in obtaining a financial product or service. In some cases, the only product or service offered is the funding of the loan, directly or indirectly. In other cases, the product or service is the processing of payments, sending account-related notices and responding to consumer inquiries. “Nonpublic Personal Information” means any personally identifiable financial information that is provided by a consumer to a financial institution, the results from any transaction with the consumer or any financial service performed for the consumer or information otherwise obtained by the financial institution. Examples of “nonpublic personal information” include:

• Information a consumer provides on an application to obtain a loan;

• Account balance information, payment history and credit card information;

• The fact that an individual is or has been one of a dealer’s customers or has obtained a financial product or service from the dealership;

• Any information that a consumer provides to a dealership or the dealership’s agent or is otherwise obtained in connection

• with collecting on or servicing a credit account;

• Any information a dealer collects through an Internet “cookie” (an information collecting device from a web server);

• Information from a consumer report; and

• Any list, description or other grouping of consumers that is obtained in whole or in part using any personally identifiable

• financial information that is not publicly available.

Simply put, a motor vehicle dealer or his related finance company is required to comply with the notice and opt out requirements under the act and the rule if it:

• Accepts a credit application from an individual, even if financing is never extended by either the dealership, the related finance company or a third party;

• Agrees to assist the individual to obtain a loan or credit to purchase or lease a vehicle and/or related goods or services;

• Contracts to extend financing to an individual for the purchase or lease of a vehicle and/or related goods or services, including any side agreement to finance a product or service and/or agreement for a deferred down payment;

• Assists a consumer to obtain financing for the purchase or lease of a vehicle and/or related goods or services, whether or not the finance or lease agreement is subsequently assigned to a lender or is directly between the consumer and the lender; or,

• Insures, guarantees, or indemnifies against loss, damage, illness, disability, or death or act as principal, agent, or brokers for the sale of insurance designed for any of these purposes.

Full Compliance with the act and the FTC’s final rule by July 1, 2001 means that you have established a system for providing an initial notice to all new customers, have mailed the initial notices to all of your existing customers (those with whom you have a continuing relationship) and have afforded them the opportunity to opt out of any disclosures which are not otherwise permitted by law. In addition to complying with the notice and opt out requirements, your dealership and each of your affiliated entities must be capable of tracking whether an individual has opted out of a disclosure and following the opt out instructions. You must also have procedures and policies in place to ensure that nonpublic personal information is safeguarded and kept in a confidential manner. Motor vehicle dealerships that fail comply with the Gramm-Leach-Bliley Act and the FTC’s rule may be subject to FTC enforcement actions under the FTC act for engaging in an unfair and deceptive act or practice, including a cease and desist order and the imposition of substantial civil penalties. A violation of the FTC act is also a violation of most state unfair and deceptive acts and practices statutes under which a successful consumer is often entitled to either recover damages or rescind the transaction. In many cases motor vehicle dealerships may also end up paying attorney's fees and minimum and/or treble damages or defending a class action lawsuit. The Gramm-Leach-Bliley Act and the Federal Trade Commission’s Final Rule on Privacy of Consumer Financial Information are quite lengthy and too complex to cover all of the compliance issues in this article. A motor vehicle dealership’s individual business practices, state privacy laws and the Fair Credit Reporting Act may also have an impact on the required disclosures. For those dealers who are looking for additional information and an easy, cost effective compliance solution for the initial and annual privacy notice and opt out requirements, we are pleased to announce that a Compliance Package has been developed that will assist you. The Compliance Package consists of three components: an Overview of Privacy Notice and Opt Out Requirements; an Initial Privacy Policy and Opt Out Template; and guidelines for Completing the Initial Privacy Policy and Opt Out Form.