The Industry's Leading Source For F&I, Sales And Technology


Peer-to-Peer Pressure

July 2012, F&I and Showroom - Feature

by Tom Hudson

A recent Federal Trade Commission (FTC) announcement caught my eye because it illustrates so well a compliance lesson that I try to teach to dealers. On June 7, the FTC announced that it had charged EPN Inc., a Utah debt collector, and Franklin’s Budget Car Sales Inc., a Georgia car dealership, with illegally exposing sensitive consumer information through the use of peer-to-peer ("P2P") file-sharing software.

For you non-techie folks, files shared to a P2P network are available for viewing or downloading by any computer user with access to the network. In general, a shared file cannot be permanently removed from the network, and files can be shared among computers long after they have been deleted from the original computer.

EPN collects debts for a variety of clients, including healthcare providers. According to the FTC’s complaint, EPN’s installation of P2P file sharing software on its computer network caused consumers’ sensitive information, including Social Security numbers belonging to approximately 3,800 hospital patients, to be made available on the network.

The FTC alleged that EPN did not have an appropriate information security plan, failed to assess risks to the consumer information it collected and stored, did not adequately train employees, did not use reasonable measures to enforce compliance with its security policies and procedures, and did not use reasonable methods to prevent, detect and investigate unauthorized access to its networks.

Because of EPN’s failure to implement reasonable and appropriate data security measures, the FTC charged it with committing unfair or deceptive acts or practices in violation of Section 5(a) of the FTC Act.

Franklin’s Budget Car Sales also allegedly compromised consumers’ sensitive personal information using P2P software, and was charged with violating the FTC Act, the Safeguards Rule, which implements Section 501(b) of the Gramm-Leach-Bliley Act, and the Privacy Rule, which implements Section 503 of the GLB Act.

Because of the store’s alleged failure to implement reasonable security measures to protect its customers’ personal information, the FTC charged that, among other personal information, the names, addresses, Social Security numbers, dates of birth, and driver’s license numbers of approximately 95,000 consumers were exposed on the network. Franklin’s also allegedly failed to provide annual privacy notices or a mechanism by which consumers could opt out of information sharing with third parties, a violation of the GLB Privacy Rule.

Settlements with the debt collection business and dealership will bar misrepresentations about their privacy, security, confidentiality, and integrity of any personal information, and will require the companies to establish and maintain comprehensive information security programs. They must also undergo data security audits.

Here’s my take on these two cases: Many dealers who have made an attempt to comply with the federal privacy laws and regulations, with the federal Red Flags requirements and with the federal Risk-Based Pricing rules have bought one-size-fits-all manuals for these programs. Other dealers have made more of an effort, some of them even enlisting their lawyers to assist with preparing the required manuals. But regardless of which compliance road the dealers have followed, most of them have one thing in common: Once they adopt the policy, they put it on the bookshelf and ignore it.

With technology developing at warp speed, those manuals need to be revisited, and frequently. When they are revisited, people who understand the technology developments need to be involved. These reviews need to be scheduled on a periodic basis, with the frequency determined after consultation with the lawyers and with the techies. And when the reviews are done, they should be documented so that the dealership can show its regulator that it does periodic reviews.

Would these steps have made any difference if they had been implemented by the debt collector and the dealer? Perhaps not, but you can bet your mama’s cornbread recipe that when it comes time to settle charges like these, the FTC will be a lot more lenient if its staffers believe that the dealer was making a real effort to do it right.

Thomas B. Hudson Esq. is a partner in the law firm of Hudson Cook LLP and the author of several books, available at © 2012, all rights reserved. Based on an article from Spot Delivery. Single print publication rights only, to F&I and Showroom magazine. HC# 4832-3040-7439 (6/12).

Your Comment

Please note that comments may be moderated. 
Leave this field empty:
Your Name:  
Your Email:  


So Here's the Deal

Ronald J. Reahard
[Video] Selling to Short-Term Owners

By Ronald J. Reahard
The magazine’s F&I pro responds to a question about how to build value in F&I protections if the customer says he plans on paying off his loan long before the term expires.

(Video) Selling High-Mileage VSC Plans

By Ronald J. Reahard
How do you sell a $3,000 VSC on an $8,000 car? Top trainer offers a four-step process to ensure every customer gets the protection they need.

Selling Warranty Compliance Plans

By Ronald J. Reahard

Handling the ‘Last Car’ Objection

By Ronald J. Reahard

Done Deal

Gregory Arroyo
Resolution Needed

By Gregory Arroyo
The editor shares some insider information regarding the industry’s efforts to get the Defense Department to reconsider last month’s interpretive rule regarding the sale of GAP and credit insurance to military consumers.

Rescinding the CFPB’s Auto Finance Guidance

By Gregory Arroyo
The editor debunks a few myths about the Consumer Financial Protection Bureau, then explains why the industry is on the brink of repealing the bureau’s auto finance guidance.

Still a Work in Progress

By Gregory Arroyo

It Is Unwise to Lower Your Defenses

By Gregory Arroyo

Mad Marv

Marv Eleazer
Chargeback Prevention

By Marv Eleazer
How do you respond to a customer who wants to cancel the F&I program you sold them? His Madness digs into four common reasons consumers give for wanting out of a protection plan.

Your F&I Backup Plan

By Marv Eleazer
Equipment failures can’t stop an F&I manager who is prepared for any contingency. His Madness lists four backup plans you can implement today.

Love It or Leave It

By Marv Eleazer


By Marv Eleazer

On the Point

Jim Ziegler
Sharpen Your Survival Skills

By Jim Ziegler
‘Da Man’ has a plan you can use to survive the collapse of the car business and remain profitable through the dealer apocalypse.

Sales Rock Stars Still Exist

By Jim Ziegler
Da Man says $40,000-a-month sales rock stars still exist. He says you’ll find them on YouTube and Facebook Live.

The New Stooges

By Jim Ziegler

Is Your Quick Lube Driving Away Business?

By Jim Ziegler