Your Identity Theft Program: Comply Or Risk Fines

September 2007, Auto Dealer Today - WebXclusive

by Lisa Asbell - Also by this author

Most dealers who are striving to comply with privacy laws like the GLBA Safeguards Rule can immediately tell me who their chief information officer is and what steps they are taking on a daily basis to protect customer information.

If you can tell me what you are doing, you should also be able to show me what you are doing to comply with these laws. If you can’t tell me about your data security program, you probably don’t have one in place. You could be, in essence, playing the lottery with your dealership.

Here are some simple but necessary steps to get you on the right path and out of the lottery.

     1. Designate an employee as your chief information officer. It’s a CIO’s responsibility to oversee your security program.

     2. Draft a written security plan that states how you handle non-public information.

     3. Train every employee on handling non-public information. 
     4. Have employees and vendors sign confidentially agreements.
     5. Draft a checklist that includes a quarterly audit to see how you are doing following your security plan.

While these steps won’t ensure compliance because compliance still has to be executed on a daily basis, they will put you on the right path.

Identity theft in businesses keeps gaining momentum. In 2002, 70 percent of identity-theft-related crimes stemmed from one-on-one attacks like dumpster diving or e-mail scams like phishing. A recent statistic indicated 70 percent of identity-theft-related crimes are now coming from a work environment due to either careless or corrupt employees. That is a significant shift. The reason for this shift is that identity thieves know that if they can get access to your customer records, they get a lot more bang for the buck. This means that you can no longer take chances with non-compliance.

Customers are getting smarter, too. There have been documented cases of “customers” sniffing around the dealership in hope of finding deal jackets, a driver license or other personal information out in the open. Other customers are looking for an opportunity to sue you and your dealership, and it is a game they can win if you are not legally prepared.

If you have a data breach and a customer suffers losses (or even worse, if multiple customers suffer losses), you can be held responsible for those damages along with federal and state fines. USA Today reports, “The average damages to victims of identity theft are over $92,000.” If you are going to take chances like that, you’ll need more than lady luck on your side. That’s why you need a solid data security plan.

Have you ever heard the expression, “house rules?” In the game of compliance, the FTC is the “house.” If you have to gamble, go to your favorite casino, but please don’t gamble with your dealership. You will lose. The FTC is serious about dealer compliance. Contact your attorney today, and make certain you have what you need in place to protect your customers, your employees and your dealership. If you do, the odds are stacked in your favor.

Vol 5, Issue 8


  1. 1. Mike [ October 26, 2009 @ 07:27AM ]

    Mitigation pertains to "lessening your damages" or "mitigating your damages" There are many ways to do that. One way is to comply with the law, another is to offer a voluntary ID theft protection to your clients or employees or both. There are many ways to mitigate damages. I suggest GREAT EMPLOYEE TRAINING!

    Hope this helps!

  2. 2. Dan Seelye [ April 27, 2015 @ 08:04AM ]

    I cal on dealers daily and more are not in compliance.


Your Comment

Please note that comments may be moderated. 
Leave this field empty:
Your Name:  
Your Email:  



Jim Ziegler
Stupid Is as Stupid Does

By Jim Ziegler
The Alpha Dawg charts the brief rise and long fall of Johan de Nysschen, the recently departed president of Cadillac and author of the business plan that effectively crowned Lincoln as the new king of American luxury.

They Finally Killed Somebody

By Jim Ziegler
Ziegler believes Uber’s directors should face criminal charges for their role in an Arizona woman’s violent death.

20 Things a GM Must Do Every Week

By Jim Ziegler

All Things Must Pass

By Jim Ziegler

Opening Observations

They Took Cadillac for a Ride

By Tariq Kamal
Hindsight is 20/20, but at least one industry member saw GM’s latest mishap coming a mile away.

Stand Up and Be Counted

By Tariq Kamal
The Dealers’ Choice Awards are the Yelp of vendors and finance sources.

Over the Curb

This Is Us: Dealer Edition

By Jason Heard
Heard knows delegation and outsourcing are the quickest path to a work-life balance.