Tag: F&I Compliance

Digital Solutions to Counter Increasingly Sophisticated Fraud

Posted on

Fraud attempts and identity theft related to car buying, leases and loans are a significant problem for auto dealers and lenders. The Federal Trade Commission’s Consumer Sentinel Network Data Book 2023 tracked more than 178,000 auto-related fraud reports last year, while identity theft reports exceeded one million.

Although some categories dropped slightly year-over-year in absolute numbers, there’s no question that the types of fraud and identity theft dealers and lenders face are becoming more sophisticated.

Synthetic ID Fraud

One type that is on the rise is synthetic identity fraud. In these cases, fraudsters create a false identity for a car buyer that’s made up of real pieces of information. The name might be from one person, the address could be from someone else, and the social security number may be stolen from a minor or someone who is deceased. Individually, the items of data check out, but they definitely do not describe a single, real person.

Fortunately, there are advanced compliance tools available for dealerships to help them assess the risk of synthetic ID fraud for each transaction.

Other Identity Fraud

Just because synthetic ID fraud exists doesn’t mean that more traditional fraud attempts have died out. “Know your customer” verification steps are vital to ensure that customers are who they say they are, have legitimate and verifiable employment and income, and are authorized to purchase a vehicle in the U.S.

A digital compliance solution can help dealerships detect fraud attempts at every step of the deal. It can also give dealers the ability to follow and document the proper ID verification steps including red flags, OFAC checks, and out-of-wallet questions as needed.

Identity Theft

Dealerships are not only at risk of selling to someone using a stolen identity—they also handle personal identifying information (PII) for prospects and customers that could fall into the wrong hands and continue the vicious cycle.

This is another area where a digital compliance solution helps safeguard the d6ealership and its customers. Store customer PII digitally to avoid situations where photocopied drivers’ licenses and other sensitive information might be left on a copier or desk where anyone might see them. Digital transactions also reduce the risk that documents may fall into the wrong hands in transit to a lender or state DMV—or be accessed from a file cabinet within the dealership during long-term storage.

Safeguard Your Dealership

Explore how the Dealertrack Compliance solution protects dealerships and consider taking a self-guided demo or requesting a one-on-one consultation.

For a handy guide to the latest compliance knowledge for dealerships, download the free 2025 Dealertrack Compliance Guide.

Disclaimer: This is not meant as legal advice, and we do not purport to provide any legal or regulatory analysis. Consult with your attorney for any legal, regulatory, or compliance questions you may have.

3 Ways to Safeguard Your Dealership in a Consumer-Driven Market

Posted on

3 Ways to Safeguard Your Dealership in a Consumer-Driven Market

The auto industry remains stable but faces major market shifts heading into 2025. Consumer demand for cars is growing, but consumer preferences for cars are changing. With price as the most important factor in their car buying decisions, consumers face car prices that remain higher than average. To make up for these higher prices, auto dealers may increase incentives in 2025, particularly in financing, to entice consumers to commit to a car purchase.

As auto dealers look for ways to serve cash-strapped consumer buyers, and auto lenders work to address more loan delinquencies, federal and state regulators are monitoring the industry to ensure consumers are being treated fairly.

Here are three initiatives you can take on to ensure your dealership remains compliant:

1. Establish a culture of compliance

The best way for dealerships to protect themselves in this environment is by creating a culture of compliance, data security, transparency, and honesty with customers.

Here are some of the ways to do that:

  • Documentation – Establish processes to document your compliance and risk assessments for every deal and store that data securely. Using an electronic system to track and record your completed processes for each deal can be invaluable in the event of an audit or regulatory inquiry.
  • Consistency – One of the hallmarks of many consumer protection regulations is non-discrimination. Be sure every customer receives the right consumer notices at the proper times during the deal process to document any exceptions. Create a systematic customer complaint system and work to resolve complaints using a consistent process with timelines and escalation procedures.
  • Data Protection – More and more state data privacy laws require businesses to provide certain rights regarding personal information collected by the business. Consider using secure digital storage solutions to ensure that you are protecting and storing customer data your state-required period.

2. Protect your reputation and your profitability

Today’s consumers are empowered to seek remedies from a variety of sources when they have a negative experience. Between the online complaint databases maintained by the Consumer Financial Protection Bureau (CFPB) and the Federal Trade Commission (FTC), state attorneys general, data protection agencies, and the Better Business Bureau, the risks to your dealership of a prolonged consumer dispute multiply.

Consistently following compliance best practices is the best way to protect customers and avoid the ramifications of non-compliance.

3. Download the 2025 Dealertrack Compliance Guide

Sign up now and get the free guide to serve as a compliance reference all year long. Know which regulations apply to your dealership so you can build a solid compliance plan to safeguard your business.

Disclaimer: This is not meant as legal advice, and we do not purport to provide any legal or regulatory analysis. Consult with your attorney for any legal, regulatory, or compliance questions you may have.

Compliance Trends for Dealerships

Posted on

Disclaimer: This is not meant as legal advice, and we do not purport to provide any legal or regulatory analysis. Consult with your attorney for any legal, regulatory, or compliance questions you may have.

In an ever-changing regulatory landscape, resources that help you stay up to date on what’s new are important for maintaining your dealership’s reputation and avoiding costly missteps. The Dealertrack Compliance Guide is available each year as a free download to serve as reference guide.

Here are some of the compliance trends we’re seeing:

1. More consumer data privacy

Thirteen states—California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, and Virginia—have enacted new data privacy and data security laws. Several other states are considering legislation to enact similar laws. Many of these laws become effective this year, so it’s important for dealers to pay special attention to data and security obligations and be proactive in incorporating these new state requirements in compliance action plans.

The New York Department of Financial Services Cybersecurity Rule, amended as of April 29, 2024, requires multi-factor authentication (MFA) for all user accounts accessing information systems.

Things to think about: Data privacy laws apply to all personally identifiable information (PII) collected from consumers. Help protect customer data with a policy forbidding the use of personal devices for data collection. Consult with legal counsel and software vendors to ensure that your information systems and processes meet requirements for handling and securely storing customer data.

2. Tightening security measures

Fraud grew to $8.1 billion in 2022, with a substantial increase in the prevalence of synthetic identity fraud*, which involves fake identities being stitched together from pieces of real identifying information taken from various sources.

Given the rise of fraud, the FTC and states continue to focus on cybersecurity and related enforcement. Throughout this year, expect to see stricter data security and identity theft regulations, more guidelines about how to prevent synthetic ID fraud, and additions to the Safeguards Rule, including expansions of required security measures similar to what we described in the section above.

To protect against identity theft and fraud, many states have also passed laws that restrict how dealers can use and handle a customer’s social security number (SSN) and other non-public information. This can include denying goods or services to a person who declines to give their SSN.

Things to think about: Have plans in place to safeguard your dealership against direct fraud loss and costly lender chargebacks as the result of fraud. Consider adding additional ID verification steps such as pulling out of wallet questions—and look for a compliance solution that can alert you to potential synthetic ID fraud attempts.

3. New data breach disclosure requirement

As of May 13, 2024, non-bank financial institutions have a new data breach disclosure requirement. The Federal Trade Commission (FTC) recently updated the Gramm-Leach-Bliley Safeguards Rule, requiring non-bank financial institutions to report to the FTC any event where unencrypted customer information involving 500 or more consumers has been acquired without authorization.

Things to think about: If your dealership provides financing directly to customers, take note of this regulation and work with your legal counsel to find out how it applies to you.

4. Quiet hours

Having someone’s phone number doesn’t give you the green light to call them anytime you want. The Telephone Consumer Act (TPCA) establishes new federal quiet hours before 8:00 a.m. and after 9:00 p.m. You could be fined $500-$1,500 per call or text message under this if you haven’t obtained written consent from the recipient.

Things to think about: Always maintain a “do not call” database to avoid unwanted communication with consumers. Check the settings of your automated systems to ensure they’re programmed to respect quiet hours. Remember to keep customers’ time zones in mind.

5. Aftermarket pricing transparency and disclosures

Consumer protection regulations and enforcement are increasingly focused on consistent pricing and proper disclosures for F&I aftermarket product sales.

Things to think about: It’s more important than ever for dealerships to provide timely consumer notices and disclosures. Consider using a menu solution to present aftermarket products to car buyers transparently and consistently, and ensure that every product is offered to every customer—at the same price point.

The answers to your compliance questions

Get the free 2025 Dealertrack Compliance Guide so you have it handy whenever you need to check, or double check, the current rules, regulations, and best practices.

*Source: Point Predictive 2023 Auto Fraud Trends Report

The Critical Role of Adverse Action Notices in F&I Compliance for Car Dealerships

Posted on

Ensuring legal compliance in every aspect of your car dealership operations is crucial. Among the many regulatory requirements, issuing Adverse Action Notices is particularly vital. This isn’t just a legal necessity but a cornerstone in maintaining transparency and trust with your customers. A common misconception is that lenders handle Adverse Action Notices, but dealerships have a legal obligation to present them.

In this comprehensive article, we will explore the significance of Adverse Action Notices, the specific scenarios and recipients for these notices, the consequences of non-compliance, and the benefits of leveraging compliance software to streamline the process.

Understanding Adverse Action Notices

An Adverse Action Notice is a formal communication that must be provided to a consumer when a credit decision has been influenced by information in their credit report. According to the Fair Credit Reporting Act (FCRA) and Equal Credit Opportunity Act (ECOA), dealerships must adhere to these requirements whenever a credit application is denied, a less favorable credit term is offered, or a similar adverse action is taken based on the consumer’s credit data.

Why Are Adverse Action Notices Important?

  1. Legal Compliance: Adhering to the FCRA and ECOA regulations is imperative. Providing adverse action notices is a critical component of F&I compliance, ensuring your dealership operates within legal boundaries.
  2. Transparency and Trust: These notices offer clarity to consumers, informing them of the reasons behind the credit decision. This fosters trust and showcases your dealership’s commitment to ethical practices.
  3. Customer Empowerment: By understanding the reasons for the adverse action, consumers can take steps to address issues in their credit reports, ultimately improving their financial standing.

When to Provide Adverse Action Notices

Adverse Action Notices must be issued under specific circumstances:

  • Credit Denial: When an application for credit is outright denied.
  • Less Favorable Terms: When the credit terms offered are less favorable than those requested by the consumer due to their credit report.
  • Credit Line Reduction or Termination: When an existing credit account is reduced or terminated based on credit information.

Who Should Receive Adverse Action Notices?

Adverse Action Notices should be provided to any consumer whose credit application or credit terms are negatively affected by the information in their credit report. This includes:

  • Prospective Buyers: Individuals applying for vehicle financing.
  • Existing Customers: Customers who have already financed through the dealership but whose terms are being modified based on their credit data.

Penalties for Non-Compliance

Failing to provide proper Adverse Action Notices can result in significant penalties, including:

  • Monetary Fines: Dealerships can face substantial fines for each violation, which can accumulate quickly if there are multiple instances of non-compliance.
  • Legal Action: Consumers have the right to take legal action against businesses that fail to provide required notices, potentially leading to costly lawsuits.
  • Reputational Damage: Non-compliance can severely damage your dealership’s reputation, affecting customer trust and long-term business prospects.

Leveraging Compliance Software

To streamline the process and ensure timely, accurate issuance of Adverse Action Notices, many dealerships are turning to compliance software. These solutions offer several advantages:

  • Automated Notifications: Compliance software can automatically generate and send Adverse Action Notices as required, reducing the risk of human error.
  • Record Keeping: Maintain thorough records of all issued notices, which is crucial in the event of an audit or legal inquiry.
  • Regulatory Updates: Stay up-to-date with evolving regulations to ensure ongoing compliance without manually tracking changes.

Conclusion: The Benefits of Following Compliance Best Practices

Providing Adverse Action Notices is not only a regulatory requirement but also an optimal approach that promotes transparency, trust, and customer empowerment. Prioritizing F&I compliance within your dealership is essential for legal adherence and fostering strong customer relationships.

For more detailed insights and best practices on maintaining compliance, refer to the 2025 Dealertrack Compliance Guide. This comprehensive resource covers everything from credit applications to data safeguards and provides practical advice for implementing a robust compliance program.

Learn more about Dealertrack Compliance and register for a demo to find out if you’re meeting Adverse Action notice requirements today.

The Financial Impact of Non-Compliance

Posted on

There’s a reason that compliance looms large for auto dealers – and it has everything to do with the bottom line. Failing to establish and follow consistent compliance practices can cost a dealership in two ways:

Fraud

On one hand, you have fraud risk, which is growing at an alarming rate. According to the 2024 Auto Fraud Trends Report from Point Predictive, auto loan fraud increased by six percent between 2023 and 2024, totaling more than $7.9 billion in origination risk exposure. Fraudulent entries on those buyers’ loan applications included fake or falsified employment, income and identity information, often combined to create a synthetic identity unrelated to a single, real person.

That’s one reason identity verification is such a vital compliance step. Not only does it help the dealership comply with the OFAC checks and the FTC’s Red Flag Rule, but it lets the dealership confirm that the buyer is who they say they are before that person has the opportunity to take possession of a vehicle under false pretenses.

Fines and Penalties

OFAC is a good example of the second way non-compliance can be costly because violating it can come at a steep cost in criminal and civil penalties and fines. OFAC stands for the Office of Foreign Asset Controls and it requires car dealers to check consumers against its Specially Designated Nationals and Blocked Persons (SDN) list to make sure they aren’t tied to illegal activities. Anyone on the list is prohibited from making a purchase.

Violating OFAC SDN requirements falls under five different regulations: Trading With the Enemy Act (TWEA), International Emergency Economic Powers Act (IEEPA), Antiterrorism and Effective Death Penalty Act (AEDPA), Foreign Narcotics Kingpin Designation Act (FNKDA) and Clean Diamond Trade Act (CDTA). Each regulation carries civil penalties ranging from tens of thousands to more than $1.8 million. (31 C.F.R. § 501, App. A).

Each of the regulations includes criminal penalties for knowing violations that can lead to a decade or more in prison and additional fines for the dealership up to $10 million, depending on which rule has been violated.

Although OFAC is an extreme example, there are fines associated with all of the regulations that a dealership’s compliance program addresses. Here are some of the maximums for potential dealership violations in 2025:

  • Red Flags Rule and Risk-Based Pricing Rule Notice – up to $4,857 per knowing violation
  • Privacy Notices and Adverse Action Notices – up to $51,744 per instance

Download the Dealertrack Compliance Guide to reference the Guide to Penalties (starting on page 164) for a list of the 2025 fines. Keep the guide on hand throughout the year to serve as a useful compliance resource.

Need help making sure your dealership stays on top of compliance? Dealertrack Compliance has integrated checkpoints and monitoring from leads to contracts to help you maintain compliance on every deal. Schedule a demo to find out how.

Data Safeguards & Identity Theft Protection: F&I Compliance Tip

Posted on

Identity theft and data breaches continue to be a serious and ongoing issue for consumers and businesses.

In fact, according to the U.S. Department of Justice, about 9% of U.S. residents age 16 or older were victims of identity theft in 2021 (the most recent year for which stats are available), leading to total monetary losses of $16.4 billion. That includes the misuse of credit card data, as well as personal identity information. Amid this environment, Small to Midsize Businesses (SMB) such as auto dealerships are perfect targets.

With the increase in remote transactions, identity verification is more important than ever. You can help protect your dealership by implementing a few commonsense steps, and by encouraging your staff to follow best practice safeguards:

Tip #1: Acceptable Use

Help control risk by adopting an “acceptable use” policy that ensures employees are not sharing their device, are adhering to strong passwords, and that any corporate-owned data is encrypted. Text messaging should also be discouraged as it is discoverable from the device in litigation and the use of acronyms or shorthand often leads to misunderstandings.

Tip #2: Have a Plan

Have a pre-established plan in place to deal with data security breaches. The FTC has said that an Information Security Program must include a detailed incident and breach response and notice plan to execute in the event of any security breach or database hack in which customer information is or may have been wrongfully accessed, whether by internal or external persons. Pre-identify a team of people to manage the breach and responses. The team should represent each department that might be affected by a breach or that has to be mobilized to interact with the public, including legal, human resources, privacy, security, IT, communications, and, if you are publicly traded, investor relations. Part of the team’s role is to analyze risks to data, data flow, and worst-case scenarios. Test your plan periodically by doing mock drills. Consult your attorney to know your state law and the laws of your customers’ states of residence about when you give notices to customers about data breaches.

Tip #3: Secure Transmission

Do not transmit customer information over insecure channels such as unencrypted email, P2P systems, or wireless access points. These are not secure media. The FTC has cited the absence of data loss prevention software and an intrusion detection system in these media as inadequate practices for an Information Security Program

To get more tips and recommended compliance practices, access the free 2025 Dealertrack Compliance Guide. 

7 Features Your Compliance Software Should Have

Posted on

With the constant threat of audits, fines and lawsuits, every dealership must take compliance seriously. Fortunately, there are cost savings to be found in integrating finance and sales flow compliance functions. Here are seven features to look for when choosing compliance software:

1. Visibility and transparency
It’s important to have a compliance dashboard that monitors employee and deal activity in real-time from a single screen. Keeping a close eye on employee actions lets you step in to make corrections as needed, heading off non-compliance risk.

2. Integrated FTC and OFAC requirements
To meet FTC and OFAC requirements and reduce fraud risk, your workflow needs to include the proper checkpoints. The FTC Red Flags Rule is a requirement designed to help protect against identity theft.  The Office of Foreign Assets Control (OFAC) requires a check of names against its “Specially Designated Nationals” list (SDN) of people with whom you cannot legally do business. You should look for software that automatically pulls Red Flags, provides out-of-wallet knowledge-based authentication questions, and offers additional questions when a customer does not answer enough of the previous questions correctly.

3. Fully compliant menu selling
Consistent presentations and full disclosure should be built into the sales process to reduce your compliance risk. This is an important selling category to watch because many industry experts believe that the FTC will be zeroing in on aftermarket products in the near future with enforcement actions for possible unfair and deceptive practices.

4. Secure document management
To meet compliance regulations, you must store deal-related documents including credit applications, privacy notices, credit reports, pencils, contracts, menus and more. Secure electronic deal jackets make these documents easier to access as needed, protect them from misuse, and also reduce the need to store paper files at your dealership.

5. Ability to print risk-based pricing credit score disclosure notices and privacy notices
Every time you take a credit application, you need a Credit Score Disclosure Notice – and it’s a best practice to give each customer a privacy notice at the same time. Ideally, your software should give you the ability to print risk-based pricing credit score disclosure notices and privacy notices as part of the application submission process.

6. Adverse Action reports
Compliance technology should be able to immediately identify and give you insight into which customers might need an Adverse Action notice.

7. Integrated compliance checks and balances
Compliance should be an integral part of your software so that your employees immediately receive an on-screen notice if a step is overlooked. This information should also be displayed on a performance dashboard so that management can be aware of possible problem areas requiring intervention such as additional training.

To learn how your dealership can integrate compliance checkpoints into your workflow, visit our Compliance product page and schedule a live demo with a Dealertrack F&I sales representative. 

Don’t Play “Hot Potato” With Adverse Action Notices

Posted on

As much as your dealership would like to be able to sell to every customer, sometimes it doesn’t work out. Maybe a customer was credit-challenged, so you decided not to send their application to any financing sources – or you did send their application for financing but couldn’t get acceptable terms. Perhaps you had a spot delivery deal in place that you needed to unwind or re-contract.

In any of these instances, consumer protection laws, including the Equal Credit Opportunity Act (ECOA) and the Fair Credit Reporting Act (FCRA), require that the consumer be presented with an adverse action notice within a mandated timeframe.

This is where it gets tricky. There’s a common misconception among dealers that lenders handle sending adverse action notices. It’s true that a finance source may present their own adverse action notice to a consumer, but that’s not enough to protect a dealership from liability if the notice doesn’t contain certain dealer-specific disclosures.

According to consumer protection laws1, an adverse action notice must tell the customer:

  • What the adverse action was
  • Up to four reasons for the adverse action (or provide the dealership’s contact information so they can find out within 60 days)
  • The names of the credit reporting agencies that provided the information to the dealership
  • Their credit score and information about it
  • Four or five “key factors” that adversely affected their credit score

These are detailed requirements and the dealership is in a better position to provide this information than any given lender, which is one of the reasons the dealer bears the responsibility for compliance.

So, it’s important be alert to situations that require your dealership to provide consumers with an adverse action notice.

Not sure exactly what to include? The 2025 Dealertrack Compliance Guide includes a sample of one type of adverse action notice form that’s appropriate for use in certain circumstances. Always consult your legal counsel for advice on developing an adverse action notice template for your dealership and knowing when to send an adverse action notice.

To learn more about adverse action notices and see the form sample, download the 2025 Dealertrack Compliance Guide.

1Please check with your attorney for verification and further details.

 

3 Things to Know About Risk-Based Pricing Notices

Posted on

Many of your dealership’s compliance responsibilities are designed to inform and protect consumers as they make financial decisions. That is definitely the case for the Federal Trade Commission’s Risk-Based Pricing Rule of the Fair Credit Reporting Act, which may apply to dealerships that use credit reports to help them make lending decisions.

When should you provide a Risk-Based Pricing Notice?

Under the Risk-Based Pricing Rule, a customer must be informed if they’re being offered worse credit terms than other consumers because of information in their credit report.

The threshold that determines when a consumer should receive a Risk-Based Pricing Notice is when they’re offered credit on less favorable terms than what a “substantial proportion” of other customers receive. In most cases, “less favorable terms” refers to customers being offered a higher annual percentage rate than other car buyers.

What are CSD Notices?

As an alternative to providing a Risk-Based Pricing Notice to these selected consumers, some dealerships choose to provide a credit score disclosure (CSD) exception notice to every credit applicant.

CSD Notices include an applicant’s credit score and other information such as the national distribution of credit scores among consumers under the credit scoring model used and various disclosures about credit scores in general.

Consumer reporting agencies will provide CSD Notices upon request. Your dealership should give them to each credit applicant after you get their credit score but before you complete the vehicle sale transaction.

How can I make the process easier at my dealership?

A compliance technology solution integrated with your F&I process can help your dealership provide the required notices to consumers at the appropriate time based on their credit reporting and terms.

As with any compliance issue, we recommend that you address questions you may have with your own qualified legal counsel.

To learn more about the Risk-Based Pricing Rule and other compliance topics, download the 2025 Dealertrack Compliance Guide.

The 5 Ws of Privacy Notice Compliance for Dealerships

Posted on

Your dealership’s privacy notice may seem like just another piece of paperwork, but it’s a vital part of your compliance plan. The federal and state consumer protection regulations that require privacy notices address a wide range of your dealership’s data handling and storage practices. Let’s go over the basics you need to know about them.

Why Are Privacy Notices Necessary?

Numerous laws and regulations require that dealers create and present a notice to inform consumers of their practices for collecting, using and sharing non-public personally identifiable information.

Privacy notices are generally based on the combined requirements of Fair Credit Reporting Act (FCRA) and the Gramm-Leach-Bliley Act (GLB). However, dealerships should also take into account federal laws including the FTC Privacy Rule, FTC Affiliate Marketing Rule and the Driver’s Privacy Protection Act (DPPA) when creating their privacy notices.

States are stepping up to provide consumers with additional privacy protections, so it’s important for your privacy policy to address the state regulations that apply where your dealership does business.

Remember, always consult with your legal counsel to ensure compliance with all privacy policy requirements for your dealership.

What Should Privacy Notices Include?

The recommend best practice is to create your FCRA-GLB Privacy Notice using the FTC’s Model Consumer Privacy Online Form Builder. Your dealership’s privacy policy should explain what personal information you collect, how you collect and use the personal information, and what third parties (if any) can access the information. An important key is that your privacy notice should accurately describe the actual way you collect and share information every day, which means you need walk the talk!

Who Should Get A Privacy Notice?

You should give a privacy notice to every consumer who gives your dealership personal information, regardless of whether they end up purchasing a product or service.

When Should A Consumer Get Their Privacy Notice?

As the previous item implies, your dealership should be prepared to present privacy notices to potential customers before they become customers. That means consumers should receive a privacy notice before the dealer plans to collect, use or share their information. The timing can be tricky depending on how the consumer first begins interacting with your dealership, but be prepared to provide a privacy notice when someone first gives you their personal information, or as soon as possible after that. An integrated compliance software solution should provide you with a disclosure alert to ensure that you provide the privacy notice to the consumer at the proper time.

Where Have Privacy Notice Requirements Gotten Broader?

The California Consumer Privacy Act (CCPA) took effect on January 1, 2020. This law gives California consumers the right to know what personal information is collected about them, know how their personal information is being used, access a copy of their personal information, request that a business delete the personal information that was collected from them, and say no to having their personal information sold to third parties. There are also related online privacy requirements. The law applies to dealerships doing business in California that meet certain requirements, so consult with your legal counsel to determine your status and ensure that your privacy policy is compliant.

California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, and Virginia—have enacted new data privacy and data security laws, many of which become effective in 2024. Several other states are considering legislation to enact similar laws.

Want to learn more about complying with privacy and customer information sharing regulations? Check out the 2025 Dealertrack Compliance Guide