The Industry's Leading Source For F&I, Sales And Technology

Article

Peer-to-Peer Pressure

July 2012, F&I and Showroom - Feature

by Tom Hudson

A recent Federal Trade Commission (FTC) announcement caught my eye because it illustrates so well a compliance lesson that I try to teach to dealers. On June 7, the FTC announced that it had charged EPN Inc., a Utah debt collector, and Franklin’s Budget Car Sales Inc., a Georgia car dealership, with illegally exposing sensitive consumer information through the use of peer-to-peer ("P2P") file-sharing software.

For you non-techie folks, files shared to a P2P network are available for viewing or downloading by any computer user with access to the network. In general, a shared file cannot be permanently removed from the network, and files can be shared among computers long after they have been deleted from the original computer.

EPN collects debts for a variety of clients, including healthcare providers. According to the FTC’s complaint, EPN’s installation of P2P file sharing software on its computer network caused consumers’ sensitive information, including Social Security numbers belonging to approximately 3,800 hospital patients, to be made available on the network.

The FTC alleged that EPN did not have an appropriate information security plan, failed to assess risks to the consumer information it collected and stored, did not adequately train employees, did not use reasonable measures to enforce compliance with its security policies and procedures, and did not use reasonable methods to prevent, detect and investigate unauthorized access to its networks.

Because of EPN’s failure to implement reasonable and appropriate data security measures, the FTC charged it with committing unfair or deceptive acts or practices in violation of Section 5(a) of the FTC Act.

Franklin’s Budget Car Sales also allegedly compromised consumers’ sensitive personal information using P2P software, and was charged with violating the FTC Act, the Safeguards Rule, which implements Section 501(b) of the Gramm-Leach-Bliley Act, and the Privacy Rule, which implements Section 503 of the GLB Act.

Because of the store’s alleged failure to implement reasonable security measures to protect its customers’ personal information, the FTC charged that, among other personal information, the names, addresses, Social Security numbers, dates of birth, and driver’s license numbers of approximately 95,000 consumers were exposed on the network. Franklin’s also allegedly failed to provide annual privacy notices or a mechanism by which consumers could opt out of information sharing with third parties, a violation of the GLB Privacy Rule.

Settlements with the debt collection business and dealership will bar misrepresentations about their privacy, security, confidentiality, and integrity of any personal information, and will require the companies to establish and maintain comprehensive information security programs. They must also undergo data security audits.

Here’s my take on these two cases: Many dealers who have made an attempt to comply with the federal privacy laws and regulations, with the federal Red Flags requirements and with the federal Risk-Based Pricing rules have bought one-size-fits-all manuals for these programs. Other dealers have made more of an effort, some of them even enlisting their lawyers to assist with preparing the required manuals. But regardless of which compliance road the dealers have followed, most of them have one thing in common: Once they adopt the policy, they put it on the bookshelf and ignore it.

With technology developing at warp speed, those manuals need to be revisited, and frequently. When they are revisited, people who understand the technology developments need to be involved. These reviews need to be scheduled on a periodic basis, with the frequency determined after consultation with the lawyers and with the techies. And when the reviews are done, they should be documented so that the dealership can show its regulator that it does periodic reviews.

Would these steps have made any difference if they had been implemented by the debt collector and the dealer? Perhaps not, but you can bet your mama’s cornbread recipe that when it comes time to settle charges like these, the FTC will be a lot more lenient if its staffers believe that the dealer was making a real effort to do it right.

Thomas B. Hudson Esq. is a partner in the law firm of Hudson Cook LLP and the author of several books, available at CounselorLibrary.com. ©CounselorLibrary.com 2012, all rights reserved. Based on an article from Spot Delivery. Single print publication rights only, to F&I and Showroom magazine. HC# 4832-3040-7439 (6/12).

Your Comment

Please note that comments may be moderated. 
Leave this field empty:
Your Name:  
Your Email:  

Blog

So Here's the Deal

Ronald J. Reahard
Sold But Not Closed

By Ronald J. Reahard
An F&I manager from Atlanta had a service contract sold to a cash customer — that’s until he went for more. The magazine’s resident F&I pro weighs in.

(Video) Measuring Up

By Ronald J. Reahard
Top trainer has a three-part answer for an F&I newbie who wants to know how he measures up against his peers.

It's OK to Be Nervous

By Ronald J. Reahard

(Video) Have a Real Conversation

By Ronald J. Reahard

Done Deal

Gregory Arroyo
What's Really Behind the Subprime Pullback?

By Gregory Arroyo
One F&I insider says there’s more to the subprime pullback than the recent uptick in delinquencies. He says regulators are the real reason finance sources are so risk-averse.

What’s Your Take?

By Gregory Arroyo
The editor provides an up-close look at the topics he hopes to cover during his Industry Summit 2017 panel session. He’d also like to hear your take on these hot-button issues.

Connecting the Dots

By Gregory Arroyo

See You in Big D

By Gregory Arroyo

Mad Marv

Marv Eleazer
The Little Things

By Marv Eleazer
Reading about one of the first-known cybercrimes gets His Madness thinking about how small issues can morph into big problems.

Industry Summit: It’s Worth the Investment

By Marv Eleazer
Reflecting on the returns of a well-trained service technician, His Madness has a message for dealers who think F&I training isn’t worth the investment.

6 Ways to Deliver Exceptional Service

By Marv Eleazer

Doing Our Part

By Marv Eleazer

On the Point

Jim Ziegler
Sharpen Your Survival Skills

By Jim Ziegler
‘Da Man’ has a plan you can use to survive the collapse of the car business and remain profitable through the dealer apocalypse.

Sales Rock Stars Still Exist

By Jim Ziegler
Da Man says $40,000-a-month sales rock stars still exist. He says you’ll find them on YouTube and Facebook Live.

The New Stooges

By Jim Ziegler

Is Your Quick Lube Driving Away Business?

By Jim Ziegler