In recent years, cybersecurity has become a major issue for businesses. As cyberthreats continue to grow in complexity and sophistication, the harder it has become to keep consumer information safe. In an effort to solve this problem, the Gramm-Leach-Bliley Act (GLBA) was created. But what is the GLBA privacy rule and how does it relate to you as an automotive dealer?
Enacted on November 12, 1999, the GLBA is government regulation aimed at addressing concerns related to consumer financial privacy. The Gramm-Leach-Bliley Act requirements detail how the Federal Trade Commission (FTC) and other government agencies must regulate financial institutions. Late last year, the Federal Trade Commission announced new updates to the GLBA’s Privacy Rule.
The Privacy Rule is a section of the GLBA that limits when a “financial institution” may disclose a consumer’s “nonpublic personal information” to non-affiliated third parties. Due to this rule, financial establishments are required to notify their customers about their information-sharing practices and tell consumers about their right to “opt-out” if they don’t want their information shared. The new change to the rule broadens what is considered a financial institution.
Now that you know what the GLBA data rule is, what does this regulation have to do with your auto dealership? While the law may seem like it’s focused on a different industry to yours, that’s not the case—at least not anymore. When the FTC broadened the definition of a “financial institution,” it included companies that engage in financial activities. As a business that regularly collects credit card numbers, brokers loans, and more, the FTC now recognizes your dealership as a financial institution.
Although there are plenty of differences between a dealership and something like a bank, with the new rule change, you’re subject to the same consumer data protection standards as any traditional financial entity. What this means is, you must do what it takes to achieve GLBA compliance.
To achieve GLBA compliance, you have to meet the requirements in rule. The Privacy Rule states that financial institutions must give customers and consumers a written notice describing their privacy policies and practices. In this notice, you must describe how you collect, disclose, and protect private information. The following information is expected to be in your notice:
- The categories of information you collect
- The categories of information you disclose
- The categories of affiliates and non-affiliated third parties you’ve disclosed information to
- The categories of information disclosed under the joint marketing/service provider exemption
- If you’re disclosing private data that falls or doesn’t fall under the exemption
- Any disclosures required by the Fair Credit Reporting Act
- Your policies and practices for protecting private information
The FTC is serious about protecting consumer information, so it should come as no surprise that there are serious consequences. A business that’s non-compliant could face a recurring penalty of $43,792 per violation. In addition, you could also find your company penalized an additional $100,000 per violation if you’re non-compliant with the GLBA.
All dealerships are subject to the Privacy Rule, which went into effect on January 10, 2022. Otherwise, you could open your company up to costly private lawsuits and/or be forced to pay severe fines. If you want to protect your business, you need to implement cybersecurity solutions immediately.
One of easiest ways to achieve GLBA Privacy Rule compliance is to get the help of an expert like Computer Technology Management Services. As a managed services provider, we offer a range of services, including cybersecurity compliance for the automotive industry. Our five step process includes:
Our consultants can help you develop a roadmap you can follow to reach compliance standards. Once compliance is achieved, we can help you maintain it through our cybersecurity solutions.
It’s not enough to simply achieve automotive security compliance, you also need to maintain it according to the GLBA’s Safeguards Rule. CTMS can implement the necessary cybersecurity solutions you need to stay compliant. We can even tailor our solutions to fit the needs of your business.
Contact us today to learn more.
CTMS is a technology management provider based in Akron, Ohio. For years, our team has offered a variety of technical solutions for our partners in a wide range of industries. Our primary services are IT security, data backup, disaster recovery, and cloud computing, among a host of other IT consulting solutions.