You have just spent more than two hours presenting a boat to some customers. You felt that they were buyers and even worked out fair numbers for them and the dealership. They filled out the credit application and said they would return the next day with the deposit.
As they walk out, a couple walks in and asks about a pre-owned boat outside. In the excitement of your just-completed sale, and now having more customers, you leave the credit application on your desk in the showroom to fax it later. When you come back a customer, who you know, is standing at your desk, reading the credit application and says, “I know these people, I’m surprised how little he makes.”
You know that you shouldn’t have left it on your desk, but you did have customers. You make light of it and ask that the customer keep it to himself.
In reality, this simple mistake will most likely not only cost you the sale, but you are in violation of federal law. The Gramm-Leach-Bliley Act was enacted in 1999 to protect consumers from the ever-present threat of identity theft.
Specifically, the GLB Act states that financial institutions must respect the privacy of their customers and protect the security of non-public personal information collected when an individual obtains a financial product or service.
But what does that mean in practical terms? Consider the following definitions:
Your dealership acts as a “financial institution” because it collects personal information on a customer in order to qualify for financial services.
You collect a customer’s “non-public personal
information” when you ask for information such as a Social Security number, unlisted address or phone number and salary amounts.
You provide a “financial product or service” when
you accept a customer’s credit application, enter an agreement to assist a customer in obtaining a loan or credit, execute a finance contract for a lender, or sell insurance.
Here’s what the GLB Act means to you:
Provide customers with a privacy notice.
You should provide an initial written notice of your dealership’s privacy policies and practices after you establish a relationship with a customer but before you accept a credit application or other personal information. Providing a copy of a lender’s privacy notice is not sufficient, because lenders are obligated to provide their own notices. Your lawyer or financial institution can help you secure the notice that works in your state.
You cannot share customers’ financial
information. Customers have the right to sign an “opt out” form to prevent you from sharing their personal information. This form is binding forever. If a customer signs the form, your dealership is prohibited from providing personal financial information to third parties. For example, if you give your manufacturer specific information about a customer’s finance/lease transaction that was completed with a different financial institution, you must give the customer an opportunity to “opt out” of sharing that information. The simplest way is to not share information with anyone.
You must provide ongoing customer protection.
Your dealership must develop a written information
security plan that describes your program to protect customer information. The plan may include locking customer records in a separate room, storing electronic customer records on a secure server, and/or ensuring that storage areas are protected from physical hazards such as fire and flood.
Dealerships that do not meet the requirements of the GLB Act may be fined $5,000 per day for noncompliance — up to $1 million dollars. Save time and money by developing a strategy to safeguard your customers’personal information.
Take a few minutes and walk around your store – what papers are lying out and possible for, not only employees, but also customers to pick up and read? Are there credit applications and/or contracts lying on sales desks or in the reception area waiting to be filed — how about next to the fax machine?
It’s really a simple thing to do to protect your customers’ information and your dealership. For more information on the Gramm-Leach-Bliley Act visit http://www.ftc.gov/privacy/glbact/index.html.