The Industry's Leading Source For F&I, Sales And Technology


Peer-to-Peer Pressure

July 2012, F&I and Showroom - Feature

by Tom Hudson

A recent Federal Trade Commission (FTC) announcement caught my eye because it illustrates so well a compliance lesson that I try to teach to dealers. On June 7, the FTC announced that it had charged EPN Inc., a Utah debt collector, and Franklin’s Budget Car Sales Inc., a Georgia car dealership, with illegally exposing sensitive consumer information through the use of peer-to-peer ("P2P") file-sharing software.

For you non-techie folks, files shared to a P2P network are available for viewing or downloading by any computer user with access to the network. In general, a shared file cannot be permanently removed from the network, and files can be shared among computers long after they have been deleted from the original computer.

EPN collects debts for a variety of clients, including healthcare providers. According to the FTC’s complaint, EPN’s installation of P2P file sharing software on its computer network caused consumers’ sensitive information, including Social Security numbers belonging to approximately 3,800 hospital patients, to be made available on the network.

The FTC alleged that EPN did not have an appropriate information security plan, failed to assess risks to the consumer information it collected and stored, did not adequately train employees, did not use reasonable measures to enforce compliance with its security policies and procedures, and did not use reasonable methods to prevent, detect and investigate unauthorized access to its networks.

Because of EPN’s failure to implement reasonable and appropriate data security measures, the FTC charged it with committing unfair or deceptive acts or practices in violation of Section 5(a) of the FTC Act.

Franklin’s Budget Car Sales also allegedly compromised consumers’ sensitive personal information using P2P software, and was charged with violating the FTC Act, the Safeguards Rule, which implements Section 501(b) of the Gramm-Leach-Bliley Act, and the Privacy Rule, which implements Section 503 of the GLB Act.

Because of the store’s alleged failure to implement reasonable security measures to protect its customers’ personal information, the FTC charged that, among other personal information, the names, addresses, Social Security numbers, dates of birth, and driver’s license numbers of approximately 95,000 consumers were exposed on the network. Franklin’s also allegedly failed to provide annual privacy notices or a mechanism by which consumers could opt out of information sharing with third parties, a violation of the GLB Privacy Rule.

Settlements with the debt collection business and dealership will bar misrepresentations about their privacy, security, confidentiality, and integrity of any personal information, and will require the companies to establish and maintain comprehensive information security programs. They must also undergo data security audits.

Here’s my take on these two cases: Many dealers who have made an attempt to comply with the federal privacy laws and regulations, with the federal Red Flags requirements and with the federal Risk-Based Pricing rules have bought one-size-fits-all manuals for these programs. Other dealers have made more of an effort, some of them even enlisting their lawyers to assist with preparing the required manuals. But regardless of which compliance road the dealers have followed, most of them have one thing in common: Once they adopt the policy, they put it on the bookshelf and ignore it.

With technology developing at warp speed, those manuals need to be revisited, and frequently. When they are revisited, people who understand the technology developments need to be involved. These reviews need to be scheduled on a periodic basis, with the frequency determined after consultation with the lawyers and with the techies. And when the reviews are done, they should be documented so that the dealership can show its regulator that it does periodic reviews.

Would these steps have made any difference if they had been implemented by the debt collector and the dealer? Perhaps not, but you can bet your mama’s cornbread recipe that when it comes time to settle charges like these, the FTC will be a lot more lenient if its staffers believe that the dealer was making a real effort to do it right.

Thomas B. Hudson Esq. is a partner in the law firm of Hudson Cook LLP and the author of several books, available at © 2012, all rights reserved. Based on an article from Spot Delivery. Single print publication rights only, to F&I and Showroom magazine. HC# 4832-3040-7439 (6/12).

Your Comment

Please note that comments may be moderated. 
Leave this field empty:
Your Name:  
Your Email:  


So Here's the Deal

Ronald J. Reahard
Capture Missed VSC Sales

By Ronald J. Reahard
In response to a reader question, the magazine’s F&I wiz updates his plan for re-pitching service contracts to customers who declined the protection at the time of delivery.

The Dealer Moved My Goal Posts

By Ronald J. Reahard
Top trainer has hard-earned advice — and a word of warning — for F&I pros whose dealers seem to change their pay plans every time they have a good month.

Addressing F&I’s Internet Problem

By Ronald J. Reahard

(Video) Selling Eight Products Without Losing the Customer

By Ronald J. Reahard

Done Deal

Gregory Arroyo
Game Almost Over

By Gregory Arroyo
With the CFPB’s controversial guidance officially repealed, the editor delves into what the bureau was really after in its targeting of dealer participation.

The Repair Is Covered

By Gregory Arroyo
The editor opens up about his first service-contract claim, which resulted in a covered and repaired vehicle as well as a few lessons.

Change Is Happening

By Gregory Arroyo

Who Will Take Up the CFPB's Torch?

By Gregory Arroyo

Mad Marv

Marv Eleazer
I Love F&I. How About You?

By Marv Eleazer
His Madness challenges F&I professionals to decide right here and now whether F&I is your career or just a job.

Is That Legal?

By Marv Eleazer
Is manipulating a sales agreement to accommodate a customer’s request to cash out of a dealer-arranged retail sales contract allowed? His Madness gets answers from the industry’s top legal mind.

Overcome Your F&I Weaknesses

By Marv Eleazer

Proper Deal Structure Moves Mountains

By Marv Eleazer

On the Point

Jim Ziegler
Bound to Fail

By Jim Ziegler
Da Man returns with a message to vehicle manufacturers jumping into the subscription waters: It ain’t gonna happen.

Sharpen Your Survival Skills

By Jim Ziegler
‘Da Man’ has a plan you can use to survive the collapse of the car business and remain profitable through the dealer apocalypse.

Sales Rock Stars Still Exist

By Jim Ziegler

The New Stooges

By Jim Ziegler