If you’re a new- or used-car dealer who is striving to be in compliance with privacy laws such as the new Red Flag Rules and the GLBA Safeguards Rule, you should be able to immediately name your chief information officer. You also should be able to describe
the steps that person is taking, on a daily basis, to protect customer information. If you can’t, you probably don’t have an effective data security program in place. You could be, in essence, gambling with your dealership’s profits.
Identity theft continues to gain momentum, and the danger lies within. A recent statistic: 70 percent of identity theft-related crimes are the result of an unsecured work environment, due to either careless or corrupt employees. Seventy percent of identity theft-related crimes in 2002 stemmed from one-on-one attacks such as dumpster diving or e-mail scams like phishing.
Did you know that a deal jacket can be worth more than $100,000 to an identity thief? Can you believe that today, these thieves would rather have a Social Security Number than $1,000 in cash? Boy, how times have changed. The fact is, identity thieves know that if they can get access to your customer records, they get a lot more bang for the buck. That means you can no longer take chances with noncompliance.
There have been documented cases of identity thieves posing as customers to sniff around the dealership in hopes of finding deal jackets, driver licenses and other personal, sensitive information lying around.
Customers are getting smarter, too. They may be looking for an opportunity to sue you and your dealership. If you’re not legally prepared, they just might find one.
If you have a data breach and a customer suffers losses, you can be held responsible for those damages along with federal and state fines. By the way, USA Today recently reported that the average damages to victims of identity theft now exceed $92,000. If you’re going to take chances with amounts like that, you may need more than Lady Luck by your side. You need a solid data security plan.
Breaking the habit
Have you ever heard the expression, “The house rules”? In the game of compliance, the FTC is the “house,” and you don’t want to find yourself in a heads-up game with the FTC. Here are some simple but necessary steps you can take to get your dealership on the right path and out of the lottery.
• Designate an employee as your chief information officer. This person will be responsible for overseeing your security program.
• Draft a written security plan for handling nonpublic information.
• Train every employee on how to handle the kind of sensitive information that identity thieves seek.
• Have employees and vendors sign confidentiality agreements.
• Draft a checklist that includes a quarterly audit to see how well you’re following your security plan.
• Gather information and documentation on the Red Flag Rules.
These steps in no way ensure compliance; however, they will put you on the right path and certainly will be better than you gambling with the FTC.
If you have to gamble, go to your local casino or head out to Vegas. Don’t gamble with your dealership. You will probably lose. The FTC is serious about getting dealers to comply with these laws, so take control of the situation now. Contact your attorney today and make sure that you have protection in place for your customers, employees and the dealership itself. If you do that, the odds will be stacked in your favor.
Lisa Asbell is the president of Identity Theft Resolutions Inc. in St. Petersburg, Fla. She is an identity theft expert who trains employees on how to combat identity theft at dealerships across the United States. E-mail her at [email protected]