The Gramm-Leach-Bliley Act (GLBA) is a U.S. Federal law enacted in 1999 that governs the way financial institutions handle consumers’ personal financial information. The law requires financial institutions to explain their information-sharing practices to consumers and to safeguard sensitive data. Automotive dealers may be subject to the GLBA if they offer financial services, such as financing, leasing, and insurance, to customers, or if they collect personal financial information from customers as part of the car-buying process.
Why GLBA is Important Now
In 2021, the Federal Trade Commission (FTC) revised the Safeguards Rule to require financial institutions to take additional measures to protect and secure customer information. This rule oversees how financial institutions protect consumer data. While these changes took effect back in January 2022, the compliance deadline was extended to June 9, 2023. That means, on this date, qualifying auto dealerships will be required to develop, implement, and maintain a comprehensive security system to keep customer information safe and secure.
Are all Auto Dealerships Subject to GLBA?
If your dealership offers credit and financing options, you are legally considered a lender and must comply with GLBA, including the Privacy Rule and the Safeguards Rule. Even if you are passing the information on to another lending institution, you are still liable for protecting the customer data you’ve collected along the way.
What’s at Stake for Auto Dealers?
Ignoring the GLBA is serious and can result in both monetary fines and imprisonment. The negative consequences for noncompliance include:
Unnecessary Fines and Penalties: If you are subject to the GLBA, you are required to comply with its provisions. Failure to comply with GLBA can have severe financial and personal consequences for executives and employees. A financial institution faces a fine up to $100,000 for each violation. Its officers and directors can be fined up to $10,000, imprisoned for five years or both.
Damaged Reputation: A data breach or other failure to protect customer financial information can damage an auto dealership’s reputation and potentially lead to lost business.
However, there are some positive impacts:
- Improved Customer Trust: By demonstrating a commitment to protecting customer financial information, you can build trust and confidence with your customers. This can help to improve customer loyalty and increase the likelihood that customers will do business with you again in the future.
- More Efficient Operations: Implementing GLBA-compliant processes and systems can help dealerships streamline their operations, reducing errors and improving efficiencies.
Key GLBA Requirements
If your auto dealership is subject to GLBA compliance, then take note of these five key requirements that must be met:
- Privacy Notice: Provide customers with a clear and concise privacy notice that explains how customer information will be collected, used, and shared. You must also allow your customers to “opt-out” of information sharing wherever possible.
- Safeguards Rule: Implement reasonable security measures to protect customer information from unauthorized access or misuse. This includes physical, administrative, and technical safeguards.
- Data Retention and Disposal: Have a policy in place for retaining and disposing of customer information in a secure manner.
- Employee Training: Train employees on the importance of protecting customer information and the specific policies and procedures in place for doing so.
- Incident Response Plan: Have a plan in place for responding to security incidents or breaches of customer information.
How Digital Document Management Can Help You Achieve GLBA Compliance
Auto dealerships typically have mountains of paper documents that are maintained and stored without any logical rhyme or reason—or placed off site, making them more difficult to find, control, manage and protect. This is a huge problem considering these documents contain personally identifiable information (PII) and are often audited for accuracy and completion. In order to successfully manage and secure customer information, dealerships must have a comprehensive digital document management solution in place that includes several essential components:
Document scanning is an essential first-step for securing customer information and reducing the risks of paper documents. Physical documents can be easily misplaced or stolen, leading to data breaches and violations of privacy laws. Scanning these documents and storing them in a secure, digital format is a much safer and more efficient solution. Additionally, paper documents are susceptible to damage from water, fire, or other natural disasters, which can result in permanent data loss. By converting paper documents into digital files, dealerships can protect against these risks while also improving the accuracy and accessibility of their records.
Document classification is another critical component. It enables dealerships to control access to sensitive information by defining who can view, edit, or delete certain documents based on the document type or information the document contains. By setting access permissions and defining acceptable use policies, dealerships can help to prevent accidental or intentional disclosure of customer information. This is particularly important in digital document management systems, as document classification makes it easier to control access by automatically applying permissions as soon as documents are added. By instantly identifying documents by type, dealerships can ensure that only authorized personnel have access to sensitive information, minimizing the risk of data breaches and noncompliance.
Secure cloud-based storage centralizes all documents in one location where they can be consistently managed according to requirements. Multi-factor authentication and platforms built on SSL secure services provide an even greater layer of security. Multi-factor authentication is a security process that requires users to provide two or more forms of identification in order to access the system. This helps to prevent unauthorized access even if a user’s password is compromised. Additionally, using an SSL secure platform ensures that all data transmitted between the user’s computer and the server is encrypted. By combining these security measures with cloud-based document management, storage and retrieval, automotive dealerships can mitigate the risk of data breaches and help ensure GLBA compliance.
Lastly, an audit intelligence tool is another powerful component for dealerships who are striving to maintain the highest level of GLBA compliance. According to a report by the Ponemon Institute, the average time to identify and contain a data breach in 2020 was 280 days. By using an audit intelligence tool to quickly identify missing or incomplete documentation and discrepancies in real-time, dealerships can streamline the documentation review process and minimize risks.
Moving away from paper documents and manual processes, and implementing digital, intelligent document management solutions is a critical first step dealerships must take in order to achieve GLBA compliance. Contact us if your dealership needs help meeting the June 9, 2023 deadline.
Disclaimer: The information provided in this blog post is for informational purposes only and should not be construed as legal advice. Docufree is not a law firm or legal services provider. Please consult with a licensed attorney for legal advice specific to your situation.
