Gramm-Leach-Bliley Act

It's a million dollar liability for auto dealers

What does the Gramm-Leach-Bliley Act mean to auto dealers?

  • First, it insures the security and confidentiality of the dealership’s customer information.
  • Second, it protects against any anticipated threats or hazards to the security and/or integrity of the dealership’s customer information.
  • Third, it protects unauthorized access to or use of the dealers’ customer information that could result in substantial harm or inconvenience to any customer.

Penalties for Violations of Gramm-Leach-Bliley Act

  • A civil penalty of not more than $100,000 may be accessed for each violation.
  • Dealership Principals and Staff are subject to, and personally liable for, a civil penalty not more than $10,000 for each violation.
  • Fines imposed in accordance with Title 18 of the United States Code, or imprisonment for not more than five years, or both.
  • If the violation occurs while violating another Federal law, or as a part of a pattern of any illegal activity involving more than $100,000 within a twelve-month period: a fine of up to twice the amount provided in Title 18 and imprisonment for more than ten years, or both.
  • Implementation of Cease and Desist Orders barring policies or practices deemed in violation of the Act's privacy provisions.
  • For removal of the company's management, including directors, officers, etc., and potentially barring them, permanently, from working in a financial institution including a dealership.

For more information regarding the FTC Privacy rule and auto dealers frequently asked questions visit the nada.org website.

Red Flag Rule

With Identity theft on the rise and the need to protect customers from becoming victims, the Federal Trade Commission (FTC) has implemented a new law. The (FTC), the federal bank regulatory agencies, and the National Credit Union Administration (NCUA) have issued regulations (the Red Flag Rule) requiring financial institutions and creditors to develop and implement written identity theft prevention programs, as part of the Fair and Accurate Credit Transactions (FACT) Act of 2003. The programs must be in place by November 1, 2008, and must provide for the identification, detection, and response to patterns, practices, or specific activities – known as “red flags” – that could indicate identity theft. (ftc.gov)

Dealers are required to comply because of their auto financing. So it is imperative that dealers either complete a plan internally or research and work with a reputable third party to investigate, implement and audit the necessary programs.

Safeguard Rule

The Safeguard Rule requires companies to develop a written information security plan that describes their program to protect customer information. The plan must be appropriate to the company’s size and complexity, the nature and scope of its activities, and the sensitivity of the customer information it handles. As part of its plan, each company must:

  • Designate one or more employees to coordinate its information security program.
  • Identify and assess the risks to customer information in each relevant area of the company’s operation, and evaluate the effectiveness of the current safeguard for controlling these risks.
  • Design and implement a safeguard program, and regularly monitor and test it.
  • Select service providers that can maintain appropriate safeguard, make sure your contract requires them to maintain safeguard, and oversee their handling of customer information.
  • Evaluate and adjust the program in light of relevant circumstances, including changes in the firm’s business or operations, or the results of security testing and monitoring.

Get started with us.

Don’t know where to begin? Get started with your FREE Network Analysis and we’ll start providing you with top-tier personalized recommendations and services right away. Your upfront commitment to solid network solutions ensures that every dollar you spend on your IT infrastructure and support will come back to you with increased security and peace of mind.