Privacy Act / Safeguards Rule / Red Flags Rule
Congress passed the Gramm-Leach-Bliley Financial Modernization Act (“GLB Act”) in 1999. The primary purpose of the GLB Act is to ensure that financial institutions have an affirmative and continuing obligation to respect the privacy of its customers and to protect the security and confidentiality of those customers’ non-public personal information. The GLB Act defines “consumers” and “customers” and sets forth a dealer’s requirements to notify the consumer/customer of how the dealership handles any non-public personal information from such consumer/customer, including any disclosure of such information to certain third parties.
The second phase of the GLB Act was designed to regulate how a dealer must protect information about its customers. The second phase of the GLB Act, commonly referred to as the Safeguards Rule, sets forth standards for developing, implementing and maintaining reasonable administrative, technical and physical safeguards to protect the security, confidentiality, and integrity of customer information. The Rule applies to all customer information in your possession, regardless of whether such information pertains to individuals with whom you have a customer relationship or pertains to the customers of other financial institutions that have provided such information to the dealer. Dealers must develop, implement and maintain a comprehensive written information security program. Dealers must also insure that service providers have implemented appropriate safeguards to maintain customer information the dealer shares with them.
Does your dealership have a comprehensive Privacy Notice geared to the automotive industry which it provides to your customers? What procedures do you follow? Are your employees properly handling and maintaining Privacy Notices? Does your dealership have a comprehensive written Information Security Program? Do you have proper employee training and management as needed for Safeguards Rule compliance?
Quinton & Paretti assists dealers in Privacy Act/Safeguards Rule compliance at whatever level of assistance they need.
The Red Flag Rules are another federal regulation which dealers must address. The Red Flag Rules require a dealer to develop and implement a written Identity Theft Prevention Program which must be designed to detect, prevent and mitigate identity theft.
Call us with your questions and let us tell you how we can assist and protect your dealership regarding these complex federal regulations.