FI showroom red and grey logo
MenuMENU
SearchSEARCH

Peer-to-Peer Pressure

The magazine’s legal eagle explains why the FTC’s charges against a dealer and a debt collector for saving sensitive data on a P2P network should serve as a wake-up call to the auto finance industry.

by Tom Hudson
July 13, 2012
4 min to read


A recent Federal Trade Commission (FTC) announcement caught my eye because it illustrates so well a compliance lesson that I try to teach to dealers. On June 7, the FTC announced that it had charged EPN Inc., a Utah debt collector, and Franklin’s Budget Car Sales Inc., a Georgia car dealership, with illegally exposing sensitive consumer information through the use of peer-to-peer ("P2P") file-sharing software.

For you non-techie folks, files shared to a P2P network are available for viewing or downloading by any computer user with access to the network. In general, a shared file cannot be permanently removed from the network, and files can be shared among computers long after they have been deleted from the original computer.

Ad Loading...

EPN collects debts for a variety of clients, including healthcare providers. According to the FTC’s complaint, EPN’s installation of P2P file sharing software on its computer network caused consumers’ sensitive information, including Social Security numbers belonging to approximately 3,800 hospital patients, to be made available on the network.

The FTC alleged that EPN did not have an appropriate information security plan, failed to assess risks to the consumer information it collected and stored, did not adequately train employees, did not use reasonable measures to enforce compliance with its security policies and procedures, and did not use reasonable methods to prevent, detect and investigate unauthorized access to its networks.

Because of EPN’s failure to implement reasonable and appropriate data security measures, the FTC charged it with committing unfair or deceptive acts or practices in violation of Section 5(a) of the FTC Act.

Franklin’s Budget Car Sales also allegedly compromised consumers’ sensitive personal information using P2P software, and was charged with violating the FTC Act, the Safeguards Rule, which implements Section 501(b) of the Gramm-Leach-Bliley Act, and the Privacy Rule, which implements Section 503 of the GLB Act.

Because of the store’s alleged failure to implement reasonable security measures to protect its customers’ personal information, the FTC charged that, among other personal information, the names, addresses, Social Security numbers, dates of birth, and driver’s license numbers of approximately 95,000 consumers were exposed on the network. Franklin’s also allegedly failed to provide annual privacy notices or a mechanism by which consumers could opt out of information sharing with third parties, a violation of the GLB Privacy Rule.

Ad Loading...

Settlements with the debt collection business and dealership will bar misrepresentations about their privacy, security, confidentiality, and integrity of any personal information, and will require the companies to establish and maintain comprehensive information security programs. They must also undergo data security audits.

Here’s my take on these two cases: Many dealers who have made an attempt to comply with the federal privacy laws and regulations, with the federal Red Flags requirements and with the federal Risk-Based Pricing rules have bought one-size-fits-all manuals for these programs. Other dealers have made more of an effort, some of them even enlisting their lawyers to assist with preparing the required manuals. But regardless of which compliance road the dealers have followed, most of them have one thing in common: Once they adopt the policy, they put it on the bookshelf and ignore it.

With technology developing at warp speed, those manuals need to be revisited, and frequently. When they are revisited, people who understand the technology developments need to be involved. These reviews need to be scheduled on a periodic basis, with the frequency determined after consultation with the lawyers and with the techies. And when the reviews are done, they should be documented so that the dealership can show its regulator that it does periodic reviews.

Would these steps have made any difference if they had been implemented by the debt collector and the dealer? Perhaps not, but you can bet your mama’s cornbread recipe that when it comes time to settle charges like these, the FTC will be a lot more lenient if its staffers believe that the dealer was making a real effort to do it right.

Thomas B. Hudson Esq. is a partner in the law firm of Hudson Cook LLP and the author of several books, available at CounselorLibrary.com. ©CounselorLibrary.com 2012, all rights reserved. Based on an article from Spot Delivery. Single print publication rights only, to F&I and Showroom magazine. HC# 4832-3040-7439 (6/12).

Topics:F&I
Subscribe to Our Newsletter

More F&I

Photo of businessman's hands holding eyeglasses at a desk
F&Iby Rick McCormickJuly 7, 2026

Trust Is Personal

Technology, no matter how efficient, can’t replace what the human F&I manager can do, which is to bridge the divide between cyberspace and the in-store experience.

Read More →
Photo of executive in a sports coat and glasses
Industryby StaffJuly 2, 2026

Amplify 2026 Billed as Turning Innovation Into Results

Reynolds and Reynolds says its annual retail summit will connect dealers with practical strategies, peer insight, and technology-driven ideas.

Read More →
Woman standing on stage smiling.
F&Iby Lauren LawrenceJuly 1, 2026

Own Your Outcome: F&I in the Digital Customer Journey

Finance has historically been the last step in the car-buying process, but it doesn’t have to be. The customer’s journey starts long before they arrive at the dealership, and so should F&I’s involvement.

Read More →
Ad Loading...
$100 bill and magnifying glass on top of paper that says insurance policy terms and conditions.
F&Iby Lauren LawrenceJune 29, 2026

Tariffs Could Raise Insurance Premiums

As U.S. import tariffs affect repair costs, consumers might find it more affordable to replace a damaged vehicle, according to recent Insurify tariff analysis.

Read More →
Red toy car sitting on top of coins.
Auto Financeby Lauren LawrenceJune 24, 2026

Smaller Loans, Longer Terms

The youngest generation of car buyers is more likely to finance less expensive vehicles, more than half of generation Z consumers borrowing less than $25,000.

Read More →
Under the hood of a Toyota Prius EV Hybrid car.
F&Iby StaffJune 15, 2026

New Lifetime Battery F&I Product Meant to Drive Dealer Traffic

EFG Cos. offering is intended to create lifetime auto dealer engagement with customers.

Read More →
Ad Loading...
Several illustrations of question marks on a surface
F&IJune 10, 2026

The Psychology Behind Menus That Increase Add-On Sales

There is a science to crafting a menu that gives customers confidence in the choices presented, and moving the process outside the F&I office can further boost results.

Read More →
Man holding magnifying glass over sales volume paper.
F&IMay 29, 2026

Why Your F&I PVR Is Misleading You

Here’s a handy checklist of the numbers to track in 2026 instead.

Read More →
Photo of woman typing on a laptop as she sits on a couch
F&Iby Hannah MitchellMay 29, 2026

Auto Consumer Anxiety Presents Opportunity

A survey of U.S. drivers found the majority are concerned about finances and the economy, but those fears make many ready to buy vehicle-protection products.

Read More →
Ad Loading...
Dustin Gingerich standing on stage giving a presentation
F&Iby Lauren LawrenceMay 28, 2026

Humble and Hungry: 12 Rules for an F&I Life

Dustin Gingerich, with a decade in the F&I business under his belt, shares his thoughts on leadership, building trust with customers, and the importance of learning and innovation.

Read More →