“Gotcha!” It’s fun to say, not so fun to hear, particularly when you’re hearing it from the Federal Trade Commission, Consumer Financial Protection Bureau, or other regulatory authority. Is your dealership about to get got with a fine, jail time, an expensive lawsuit, reputational damage, or even the closure of your business? 

KPA District Manager and F&I Team Supervisor Ryan Daly is here to help. Here’s what Ryan has to say about the Gramm–Leach–Bliley Act and customer information security:

“Because dealerships are considered banks by the federal government, they must follow one major rule regarding customer information security. This rule is known as the Gramm–Leach–Bliley Act, or ‘GLB’ for short. The GLB requires dealerships to safeguard customer information by keeping in secure locations—e.g. locked drawers, cabinets, and offices. Dealerships must also dispose of documents in shredders. 

In the past year, I’ve seen major dealer groups fined in the millions for throwing customer information in dumpsters. Would you like your social security number to be in plain sight for anyone today? I’m guessing no. And under federal law, that could be a potential $10,000 fine—just for a piece of paper. 

In other news, the Secret Service recently caught a thief with over 500,000 pieces of customer information in Texas and traced it back to the dealerships they were stolen from.

Regulators don’t need a reason to show up. However, they normally do show up because of multiple customer complaints. Let’s not give them a reason.”For more of Ryan’s F&I “gotchas,” and to receive the latest F&I compliance insights, be sure to subscribe to the KPA blog.