Tag: Dealertrack Compliance Guide

6 Questions to Guide Privacy Notice Compliance for Dealerships

Posted on

Your dealership’s privacy notice isn’t just paperwork – it’s a critical component of your compliance strategy. Federal and state regulations require these notices to cover various aspects of how your dealership handles and stores data. Let’s review the basics you need to know!

Why Are Privacy Notices Necessary?

Multiple laws mandate that dealers inform consumers about how they collect, use, and share non-public personally identifiable information. These privacy notice requirements must typically align with the Fair Credit Reporting Act (FCRA) and the Gramm-Leach-Bliley Act (GLB). Additionally, when drafting these notices, dealers must consider federal laws like the FTC Privacy Rule, FTC Affiliate Marketing Rule, and the Driver’s Privacy Protection Act (DPPA). States are enhancing consumer privacy protections, making it crucial for your privacy policy to address relevant state regulations in the areas where your dealership operates. Ensuring compliance with car dealership privacy laws is key for maintaining trust and transparency.

Always seek advice from legal counsel to ensure compliance with all privacy policy requirements for your dealership.

What Should Privacy Notices Include?

Follow best practices by creating your FCRA-GLB Privacy Notice using the FTC’s Model Consumer Privacy Online Form Builder. Your dealership’s privacy policy should detail what personal information you collect, how you use it, who can access it, and accurately describe your daily information collection practices. This includes specifying the types of data you gather, such as names, addresses, financial details, and online identifiers. Additionally, outline how you protect this information, whether through encryption, access controls, or other security measures. Be transparent about how customers can manage their data preferences and any third parties with whom you might share their information, such as service providers or legal entities. Compliance with privacy statement requirements is essential to building consumer trust.

Who Should Receive a Privacy Notice?

Ensure that every consumer who provides personal information receives a privacy notice from your dealership. This includes customers who buy or lease vehicles, finance their purchase through your dealership, and/or provide personal information during a service visit. Additionally, it’s important to extend this privacy notice to individuals who engage with your dealership online, such as through your website or mobile app, or participate in any promotional events or surveys. By doing so, you demonstrate your commitment to protecting their personal data and maintaining transparency in how their information is used. Meeting privacy notice compliance standards is vital for your dealership’s reputation.

Where Should Privacy Notices Be Displayed?

Make your privacy notice readily available for consumers to view. Post it prominently on your dealership’s website, ensuring it is easy to find and access from any page. Display physical copies in high-traffic areas of your showroom and finance office, where customers are likely to spend time and notice them. Additionally, include printed copies with any credit application packets provided to customers, ensuring they receive this important information when making significant financial decisions. By taking these steps, you ensure transparency and build trust with your customers regarding their personal information. Adhering to privacy policy requirements enhances consumer confidence in your dealership.

When Should Privacy Notices Be Provided?

Providing privacy notices at the right time is crucial for compliance, transparency, and consumer trust. Present these notices during initial data collection, before completing any transaction, and when consumers first engage with your dealership’s services—whether through website interactions, credit applications, or in-person visits. Update and redisplay the privacy notice whenever you make significant changes to your data collection and sharing practices, such as starting to share information with new third-party vendors or enhancing data usage policies. Regularly review and update your privacy notice with legal advisors to avoid compliance issues related to privacy statement requirements and car dealership privacy laws.

Integrated compliance software can automate privacy notice delivery, ensuring timely and correct presentation. This proactive approach builds stronger, trust-based relationships with consumers, setting your dealership apart as a responsible, consumer-focused business. The goal is to ensure consumers understand how their personal data is handled, fostering trust and accountability.

Where Are Privacy Notice Requirements Expanding?

The California Consumer Privacy Act (CCPA) became effective on January 1, 2020. It grants Californian consumers rights over their collected personal data. Several other states have or are considering similar legislation for enhanced data protection and security measures in 2024.

We help you stay compliant with evolving privacy regulations. Prioritize customer privacy to not only comply with laws but also to build trust and loyalty with your customers. Review and update your privacy notice today to demonstrate your commitment to protecting consumer data!

Want to learn more about complying with privacy and customer information sharing regulations? Check out the 2024 Dealertrack Compliance Guide

7 Features Your Compliance Software Should Have

Posted on

With the constant threat of audits, fines and lawsuits, every dealership must take compliance seriously. Fortunately, there are cost savings to be found in integrating finance and sales flow compliance functions. Here are seven features to look for when choosing compliance software:

1. Visibility and transparency
It’s important to have a compliance dashboard that monitors employee and deal activity in real-time from a single screen. Keeping a close eye on employee actions lets you step in to make corrections as needed, heading off non-compliance risk.

2. Integrated FTC and OFAC requirements
To meet FTC and OFAC requirements and reduce fraud risk, your workflow needs to include the proper checkpoints. The FTC Red Flags Rule is a requirement designed to help protect against identity theft.  The Office of Foreign Assets Control (OFAC) requires a check of names against its “Specially Designated Nationals” list (SDN) of people with whom you cannot legally do business. You should look for software that automatically pulls Red Flags, provides out-of-wallet knowledge-based authentication questions, and offers additional questions when a customer does not answer enough of the previous questions correctly.

3. Fully compliant menu selling
Consistent presentations and full disclosure should be built into the sales process to reduce your compliance risk. This is an important selling category to watch because many industry experts believe that the FTC will be zeroing in on aftermarket products in the near future with enforcement actions for possible unfair and deceptive practices.

4. Secure document management
To meet compliance regulations, you must store deal-related documents including credit applications, privacy notices, credit reports, pencils, contracts, menus and more. Secure electronic deal jackets make these documents easier to access as needed, protect them from misuse, and also reduce the need to store paper files at your dealership.

5. Ability to print risk-based pricing credit score disclosure notices and privacy notices
Every time you take a credit application, you need a Credit Score Disclosure Notice – and it’s a best practice to give each customer a privacy notice at the same time. Ideally, your software should give you the ability to print risk-based pricing credit score disclosure notices and privacy notices as part of the application submission process.

6. Adverse Action reports
Compliance technology should be able to immediately identify and give you insight into which customers might need an Adverse Action notice.

7. Integrated compliance checks and balances
Compliance should be an integral part of your software so that your employees immediately receive an on-screen notice if a step is overlooked. This information should also be displayed on a performance dashboard so that management can be aware of possible problem areas requiring intervention such as additional training.

To learn how your dealership can integrate compliance checkpoints into your workflow, visit our Compliance product page and schedule a live demo with a Dealertrack F&I sales representative. 

3 Things to Know About Risk-Based Pricing Notices

Posted on

Many of your dealership’s compliance responsibilities are designed to inform and protect consumers as they make financial decisions. That is definitely the case for the Federal Trade Commission’s Risk-Based Pricing Rule of the Fair Credit Reporting Act, which may apply to dealerships that use credit reports to help them make lending decisions.

When should you provide a Risk-Based Pricing Notice?

Under the Risk-Based Pricing Rule, a customer must be informed if they’re being offered worse credit terms than other consumers because of information in their credit report.

The threshold that determines when a consumer should receive a Risk-Based Pricing Notice is when they’re offered credit on less favorable terms than what a “substantial proportion” of other customers receive. In most cases, “less favorable terms” refers to customers being offered a higher annual percentage rate than other car buyers.

What are CSD Notices?

As an alternative to providing a Risk-Based Pricing Notice to these selected consumers, some dealerships choose to provide a credit score disclosure (CSD) exception notice to every credit applicant.

CSD Notices include an applicant’s credit score and other information such as the national distribution of credit scores among consumers under the credit scoring model used and various disclosures about credit scores in general.

Consumer reporting agencies will provide CSD Notices upon request. Your dealership should give them to each credit applicant after you get their credit score but before you complete the vehicle sale transaction.

How can I make the process easier at my dealership?

A compliance technology solution integrated with your F&I process can help your dealership provide the required notices to consumers at the appropriate time based on their credit reporting and terms.

As with any compliance issue, we recommend that you address questions you may have with your own qualified legal counsel.

To learn more about the Risk-Based Pricing Rule and other compliance topics, download the 2025 Dealertrack Compliance Guide.

The 5 Ws of Privacy Notice Compliance for Dealerships

Posted on

Your dealership’s privacy notice may seem like just another piece of paperwork, but it’s a vital part of your compliance plan. The federal and state consumer protection regulations that require privacy notices address a wide range of your dealership’s data handling and storage practices. Let’s go over the basics you need to know about them.

Why Are Privacy Notices Necessary?

Numerous laws and regulations require that dealers create and present a notice to inform consumers of their practices for collecting, using and sharing non-public personally identifiable information.

Privacy notices are generally based on the combined requirements of Fair Credit Reporting Act (FCRA) and the Gramm-Leach-Bliley Act (GLB). However, dealerships should also take into account federal laws including the FTC Privacy Rule, FTC Affiliate Marketing Rule and the Driver’s Privacy Protection Act (DPPA) when creating their privacy notices.

States are stepping up to provide consumers with additional privacy protections, so it’s important for your privacy policy to address the state regulations that apply where your dealership does business.

Remember, always consult with your legal counsel to ensure compliance with all privacy policy requirements for your dealership.

What Should Privacy Notices Include?

The recommend best practice is to create your FCRA-GLB Privacy Notice using the FTC’s Model Consumer Privacy Online Form Builder. Your dealership’s privacy policy should explain what personal information you collect, how you collect and use the personal information, and what third parties (if any) can access the information. An important key is that your privacy notice should accurately describe the actual way you collect and share information every day, which means you need walk the talk!

Who Should Get A Privacy Notice?

You should give a privacy notice to every consumer who gives your dealership personal information, regardless of whether they end up purchasing a product or service.

When Should A Consumer Get Their Privacy Notice?

As the previous item implies, your dealership should be prepared to present privacy notices to potential customers before they become customers. That means consumers should receive a privacy notice before the dealer plans to collect, use or share their information. The timing can be tricky depending on how the consumer first begins interacting with your dealership, but be prepared to provide a privacy notice when someone first gives you their personal information, or as soon as possible after that. An integrated compliance software solution should provide you with a disclosure alert to ensure that you provide the privacy notice to the consumer at the proper time.

Where Have Privacy Notice Requirements Gotten Broader?

The California Consumer Privacy Act (CCPA) took effect on January 1, 2020. This law gives California consumers the right to know what personal information is collected about them, know how their personal information is being used, access a copy of their personal information, request that a business delete the personal information that was collected from them, and say no to having their personal information sold to third parties. There are also related online privacy requirements. The law applies to dealerships doing business in California that meet certain requirements, so consult with your legal counsel to determine your status and ensure that your privacy policy is compliant.

California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, and Virginia—have enacted new data privacy and data security laws, many of which become effective in 2024. Several other states are considering legislation to enact similar laws.

Want to learn more about complying with privacy and customer information sharing regulations? Check out the 2025 Dealertrack Compliance Guide

How Operations Oversight Aids in F&I Compliance

Posted on

It seems that you can’t read the news without learning of yet another massive corporate data security breach. As much as we all hear about the importance of safeguarding customer information, studies show that a majority of data breaches are caused by employees.

In your showroom, that means your compliance is at risk from staff members leaving deal jackets, credit reports or credit applications lying around for anyone to see – or from weak passwords or “phishing” scams with untrustworthy links. Whether data is exposed through negligence, error or the deliberate acts of untrustworthy employees, it’s important to have a plan in place to protect your dealership.

Dealership management should be proactive and prepared with comprehensive data security training and real-time monitoring. It’s vital to oversee your operations via tracking of employee access to your electronic databases, including a compliance dashboard.

Protecting your dealership 

There are two key steps to keeping your dealership protected and compliant. Begin by educating your employees and giving them the tools they need to keep information secure. This includes training on data security best practices about things like strong passwords, avoiding clicking unknown links, and guarding against social engineering attempts by strangers attempting to get information.

The second step is to create a monitoring program that allows you to oversee data flow into your systems, user access, user activity, and patterns that indicate irregularities. When you closely and regularly monitor the sales process, you are better equipped to step in to head off problems and help ensure that your dealership remains compliant.

Creating your compliance process 

As you’re developing your process, make sure it includes a real-time compliance dashboard within a single screen. That will allow you to immediately identify any potential issues. You’ll also be able to observe how your employees handle and safeguard customer data they receive.

Data management is something you need to do actively, with policies in place to handle data over time as well. Beyond requiring secure passwords and authentication, consider two-factor authentication that includes a complex password and a randomly-generated number from an ID token.

Manage user permissions so that only employees with a legitimate business need can access customer information. Have a plan for purging non-public personal information once you no longer need it.

A culture of security in your dealership starts with senior management and filters through the ranks. Emphasize transparency and honesty in every customer interaction and make sure to train employees on unfair, deceptive and abusive practices to ensure that each interaction with customers complies with federal and state regulations.

If you haven’t gotten your copy of the Dealertrack 2025 Compliance Guide, download it today