Most dealers who are striving to comply with privacy laws like the GLBA Safeguards Rule can immediately tell me who their chief information officer is and what steps they are taking on a daily basis to protect customer information.

If you can tell me what you are doing, you should also be able to show me what you are doing to comply with these laws. If you can’t tell me about your data security program, you probably don’t have one in place. You could be, in essence, playing the lottery with your dealership.

Here are some simple but necessary steps to get you on the right path and out of the lottery.

     1. Designate an employee as your chief information officer. It’s a CIO’s responsibility to oversee your security program.

     2. Draft a written security plan that states how you handle non-public information.

     3. Train every employee on handling non-public information. 

     4. Have employees and vendors sign confidentially agreements.

     5. Draft a checklist that includes a quarterly audit to see how you are doing following your security plan.

While these steps won’t ensure compliance because compliance still has to be executed on a daily basis, they will put you on the right path.

Identity theft in businesses keeps gaining momentum. In 2002, 70 percent of identity-theft-related crimes stemmed from one-on-one attacks like dumpster diving or e-mail scams like phishing. A recent statistic indicated 70 percent of identity-theft-related crimes are now coming from a work environment due to either careless or corrupt employees. That is a significant shift. The reason for this shift is that identity thieves know that if they can get access to your customer records, they get a lot more bang for the buck. This means that you can no longer take chances with non-compliance.

Customers are getting smarter, too. There have been documented cases of “customers” sniffing around the dealership in hope of finding deal jackets, a driver license or other personal information out in the open. Other customers are looking for an opportunity to sue you and your dealership, and it is a game they can win if you are not legally prepared.

If you have a data breach and a customer suffers losses (or even worse, if multiple customers suffer losses), you can be held responsible for those damages along with federal and state fines. USA Today reports, “The average damages to victims of identity theft are over $92,000.” If you are going to take chances like that, you’ll need more than lady luck on your side. That’s why you need a solid data security plan.

Have you ever heard the expression, “house rules?” In the game of compliance, the FTC is the “house.” If you have to gamble, go to your favorite casino, but please don’t gamble with your dealership. You will lose. The FTC is serious about dealer compliance. Contact your attorney today, and make certain you have what you need in place to protect your customers, your employees and your dealership. If you do, the odds are stacked in your favor.

Vol 5, Issue 8