Many dealerships are still scrambling to implement comprehensive privacy and security programs before the FTC’s new rules go into effect on June 9th. While the FTC understands that full compliance won’t happen overnight, disregarding the new requirements could lead to substantial penalties.
But dealers who demonstrate a good faith effort to meet standards will find regulators far more understanding in the early stages of enforcement. Some progress is better than none at all. Focus on the fundamentals, and start building the foundation of your privacy program right away.
Not Sure Where to Start? Focus on these 3 Things
With so much to do, it’s easy to feel overwhelmed and paralyzed by uncertainty over where to begin. We’re here to help prioritize your efforts. Start with these three critical areas:
1. Vet Your Vendors Thoroughly
Demand transparency into how your vendors handle, share, and protect customer data.
Don’t just rely on service agreements: have direct conversations to understand their specific policies and security controls. Require evidence of strong privacy practices and cyber liability insurance coverage.
Your dealership is liable for vendors failing to safeguard customer information adequately, so choose partners wisely. According to the new rules, if your vendor isn’t compliant, you are supposed to find vendors who are, so proceed with caution.
2. Document, Document, Document
Tedious documentation of critical activities shows your good faith attempts at compliance. Make sure to note all customer requests to opt out of communication and confirm those wishes were fulfilled. Log any privacy-related customer complaints, how they were resolved, and steps taken to avoid future issues.
Keep records of staff privacy training and efforts to comply with all new FTC rules and regulations. Create “Reports of Discussion” for conversations with vendors about their data security to show your good faith efforts to stay compliant. Thorough records can help demonstrate reasonable care in the event of an FTC investigation.
While plenty of fancy digital document solutions exist, a simple three-ring binder will suffice to get started.
3. Respond to Online Reviews
Pay close attention to customer reviews that mention privacy, data use, or security issues. Respond promptly, take responsibility for any mistakes, and outline remedies to resolve current problems and prevent them in the future.
Ask customers to update their reviews once concerns have been addressed. Customers don’t expect to see perfection on the review boards, but they do appreciate seeing honest efforts to make things right when they go wrong.
Demonstrating a commitment to privacy protection and customer satisfaction builds trust and loyalty.