This month’s request is a follow-up email from an F&I manager who writes, “Quick question, Ron. I’ve got an issue with salespeople who feel like they can come into the finance office at any time. They walk into my office during a deal and interrupt the transaction for any random reason. Do you have anything you can send me regarding the Safeguards Rule? I’d like them to know all the privacy laws they are breaking. I want to make them aware of legal issues so they understand the seriousness of the issue.”
Interrupting you when you’re with a customer in the F&I office is just plain rude. A salesperson who does this is so self-centered that they feel whatever they want or need is more important than the customer you have in your office. It’s not only arrogant, it’s also extremely distracting, especially when you’re right in the middle of trying to help a customer see the value of your products. Usually, this is more about a lack of common courtesy than a major legal concern.
However, you are absolutely right in that, under the Safeguards Rule, financial institutions must protect the consumer information they collect. The definition of a “financial institution” includes many businesses that may not normally see themselves that way, like automobile dealers. In fact, the rule applies to all businesses, regardless of size, that are “significantly engaged” in providing financial products or services.
Safeguard Your Office
The Safeguards Rule requires companies to develop a written information security plan to protect customer information. As part of its plan, each company must:
- Designate one or more employees to coordinate its information security program.
- Identify and assess the risks to customer information in each relevant area of the company’s operation, and evaluate the effectiveness of the current safeguards for controlling these risks.
- Design and implement a safeguards program, then regularly monitor and test it.
- Evaluate and adjust the program in light of relevant circumstances.
The Safeguards Rule also requires businesses to assess and address the risks to customer information in all areas of their operation, including areas that are particularly important to information security, like the F&I office. As part of your information security plan, your dealership should consider:
- Limiting access to customer information to employees who have a business reason to see it.
- Controlling access to sensitive information, which is often discussed in the F&I office.
- Training employees to take basic steps to maintain the security, confidentiality, and integrity of customer information — including not interrupting the business manager when he or she is with a customer!
- Regularly reminding all employees of your company’s policy — and the legal requirement — to keep customer information secure and confidential.
- Imposing disciplinary measures for security policy violations.
Not interrupting the business manager when you are with a customer should be part of the guidelines for your salespeople, and it should be included in your written information security plan required by the Safeguards Rule. Your guidelines should include a statement such as: “Under no circumstances should a sales representative enter the business office or interrupt the business manager when he or she is with a customer.”
You may need to discuss this with your GM and the person designated to coordinate your dealership’s information security program. This statement should certainly be part of the federally mandated code of conduct and information security plan to which your dealership’s sales representatives must agree. (You can learn more about Safeguards compliance at FTC.gov.)
Excuse Me a Moment
Next time a salesperson walks into your office when you’re with a customer, I suggest you excuse yourself with the customer and immediately escort the salesperson out of your office. Then politely inform them you will answer their question or provide whatever it is they need once you are finished helping this customer. But not until then.
You may also let your salesperson know that, unless the building is on fire and the flames are at your door, he is never to interrupt you when you are with a customer. Suggest they may need to reread the aforementioned code of conduct and information security plan. Do this every single time it happens. Eventually they will get the message.
Thanks for your question. If you have a question you would like answered or an objection you struggle with, send it to me. You’ll get it answered and receive a free YETI. Because it’s a beautiful day … to help a customer, or an F&I professional!
See all comments