Disclaimer: This is not meant as legal advice, and we do not purport to provide any legal or regulatory analysis. Consult with your attorney for any legal, regulatory, or compliance questions you may have.
In an ever-changing regulatory landscape, resources that help you stay up to date on what’s new are important for maintaining your dealership’s reputation and avoiding costly missteps. The Dealertrack Compliance Guide is available each year as a free download to serve as reference guide.
Here are some of the compliance trends we’re seeing:
1. More consumer data privacy
Thirteen states—California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, and Virginia—have enacted new data privacy and data security laws. Several other states are considering legislation to enact similar laws. Many of these laws become effective this year, so it’s important for dealers to pay special attention to data and security obligations and be proactive in incorporating these new state requirements in compliance action plans.
The New York Department of Financial Services Cybersecurity Rule, amended as of April 29th, requires multi-factor authentication (MFA) for all user accounts accessing information systems.
Things to think about: Data privacy laws apply to all personally identifiable information (PII) collected from consumers. Help protect customer data with a policy forbidding the use of personal devices for data collection. Consult with legal counsel and software vendors to ensure that your information systems and processes meet requirements for handling and securely storing customer data.
2. Tightening security measures
Fraud grew to $8.1 billion in 2022, with a substantial increase in the prevalence of synthetic identity fraud*, which involves fake identities being stitched together from pieces of real identifying information taken from various sources.
Given the rise of fraud, the FTC and states continue to focus on cybersecurity and related enforcement. Throughout this year, expect to see stricter data security and identity theft regulations, more guidelines about how to prevent synthetic ID fraud, and additions to the Safeguards Rule, including expansions of required security measures similar to what we described in the section above.
To protect against identity theft and fraud, many states have also passed laws that restrict how dealers can use and handle a customer’s social security number (SSN) and other non-public information. This can include denying goods or services to a person who declines to give their SSN.
Things to think about: Have plans in place to safeguard your dealership against direct fraud loss and costly lender chargebacks as the result of fraud. Consider adding additional ID verification steps such as pulling out of wallet questions—and look for a compliance solution that can alert you to potential synthetic ID fraud attempts.
3. New data breach disclosure requirement
As of May 13, 2024, non-bank financial institutions have a new data breach disclosure requirement. The Federal Trade Commission (FTC) recently updated the Gramm-Leach-Bliley Safeguards Rule, requiring non-bank financial institutions to report to the FTC any event where unencrypted customer information involving 500 or more consumers has been acquired without authorization.
Things to think about: If your dealership provides financing directly to customers, take note of this regulation and work with your legal counsel to find out how it applies to you.
4. Quiet hours
Having someone’s phone number doesn’t give you the green light to call them anytime you want. The Telephone Consumer Act (TPCA) establishes new federal quiet hours before 8:00 a.m. and after 9:00 p.m. You could be fined $500-$1,500 per call or text message under this if you haven’t obtained written consent from the recipient.
Things to think about: Always maintain a “do not call” database to avoid unwanted communication with consumers. Check the settings of your automated systems to ensure they’re programmed to respect quiet hours. Remember to keep customers’ time zones in mind.
5. Aftermarket pricing transparency and disclosures
Consumer protection regulations and enforcement are increasingly focused on consistent pricing and proper disclosures for F&I aftermarket product sales.
Things to think about: It’s more important than ever for dealerships to provide timely consumer notices and disclosures. Consider using a menu solution to present aftermarket products to car buyers transparently and consistently, and ensure that every product is offered to every customer—at the same price point.
The answers to your compliance questions
Get the free 2024 Dealertrack Compliance Guide so you have it handy whenever you need to check, or double check, the current rules, regulations, and best practices.
*Source: Point Predictive 2023 Auto Fraud Trends Report