The Gramm-Leach-Bliley Act: Compliance and the Auto Industry

Gramm-Leach-Bliley Act compliance for auto dealers includes a focus on protecting the privacy of consumers.

Gramm-Leach-Bliley Act compliance

Let’s face it: You may run one of the top automotive dealerships in your area, but if you aren’t prioritizing compliance and keeping up with industry regulations, you won’t be in business much longer.

One of the many standards you must meet and stay on top of includes complying with the Gramm-Leach-Bliley Act. The Gramm-Leach-Bliley Act, more formally known as the Financial Services Modernization Act of 1999, includes a Privacy of Consumer Financial Information Rule (Privacy Rule) that sets forth requirements for companies that offer consumers any kind of financial products or services.These businesses must explain their information-sharing practices and the steps they take to protect sensitive data to customers.

Any auto dealers that provide credit, give financial advice, or arrange financing or leasing must pay attention to Gramm-Leach-Bliley Act compliance. If this includes you, you need to tell your customers what information you are collecting, who you share it with, and how you protect it.

Following the Privacy Rule for Gramm-Leach-Bliley Act compliance

Every dealership is different, and requirements and exceptions may vary, but in general, here’s how the Privacy Rule applies in most situations.

First and foremost, you need a privacy notice. Your privacy notice must give customers a “clear and conspicuous” written notice that describes your dealership’s privacy policies and practices. The Federal Trade Commission (FTC) says that your notice must include (where it applies to you) the following information:

  • Categories of information collected
  • Categories of information disclosed
  • Categories of affiliates and nonaffiliated third parties with whom you disclose the information
  • Categories of information disclosed and to whom
  • Any disclosures the Fair Credit Reporting Act requires
  • Your dealership’s policies and practices with respect to protecting the confidentiality and security of nonpublic personal information.

If you’re disclosing nonpublic personal information to nonaffiliated third parties under certain exceptions of the Privacy Rule, you must write that the disclosures are made “as permitted by law.”

If you’re disclosing nonpublic personal information to nonaffiliated third parties and it doesn’t fall under any exceptions, you need to provide an explanation of consumers’ and customers’ rights to opt out of these disclosures.

Who to share the privacy notices with

You don’t have to hand your privacy notice out like a free gift to everyone who walks onto your lot. In order to stay on the up-and-up with Gramm-Leach-Bliley Act compliance, the privacy notice should be given to anyone who gives you personal information in connection with a potential transaction and you plan on sharing that information with a nonaffiliated third party.

If you end up arranging credit or leasing for a customer, you must give them your privacy notice no later than at the time of signing any binding contracts or agreements. There are several exceptions to this, though, so you are encouraged to do further research to see how this may apply to your dealership.

If you assign the retail installment contract to a third party lender, your obligation to provide future privacy notices passes on to the lender (you still have to give them that initial privacy notice, however.) If you extend credit to buyers, keep the contracts, and do not assign them to other lenders, the person is still considered to be your customer. In this case, your obligation is to give them an initial privacy notice, an opt-out notice (if applicable), and an annual notice for as long as they are your customer.

Stay on top of Gramm-Leach-Bliley Act compliance

It may seem like another thing on your “to do” list, but Gramm-Leach-Bliley Act compliance doesn’t just protect you — it protects your customers as well. With so many data breaches and incidents of identity theft occurring all the time, you owe it to your customers to show them that you don’t only value their business, but you respect their privacy and work hard to keep their personal information protected.

If you would like to learn more about Gramm-Leach-Bliley Act compliance and what your dealership needs to do, the FTC has created a helpful list of FAQs specifically for auto dealers: FTC’s Privacy Rule and Auto Dealers.

Interested in an Affordable, Full-Featured Auto Dealer CRM?

Schedule an AutoRaptor Demo Now!

ar form cta crm
Share with a friend
Ty W.
Ty W.

Ty was born and raised in the automotive world. He's an enthusiastic expert who writes exquisite content about cars, automotive sales, and dealership best practices. When not writing for AutoRaptor, you'll find Ty on the golf course.