Customer Privacy: Necessity for Compliance, Good Business

Wed October 12, 2022 - National Edition
Trnsact

While there is growing attention to new regulations for equipment and commercial trucking dealers taking effect this year, it is the existing ones that are often overlooked and place dealers at risk of non-compliance.

There's been a lot of discussions lately around the Gramm-Leach-Bliley Act (GLBA) Safeguards Rule due to revisions that go into effect in December 2022.

As onerous as the new Safeguards Rule will be, the GLBA Privacy Rule may be even more vital to dealers' day-to-day conduct when it comes to managing customer information. Moreover, its good business and critical to maintaining customer confidence.

Building Digital Trust With Customers

Whether they are a large company or an individual buyer, your customers need to trust you. They need to trust that you are giving them a good price, that you are providing a good product, and that you are providing quality services to support that truck or piece of equipment.

They also expect you to protect and manage their private information, especially once it is stored and managed digitally.

The concept is so important, IBM even coined the term "digital trust." Per Forbes, IRM defines the digital trust as "a consumer expectation that companies have privacy controls to ensure that the right user has the right access to the right data for the right reason and the right purpose."

It means you're using customers' personal data the way they want you to by:

Explaining why you want their information, what you're going to do with it, and who can access it before any data is collected
Giving them opportunities to opt-out of having certain information collected or shared
Providing cybersecurity and privacy process measures that ensure information isn't exposed by bad actors or human error

Meeting Compliance Requirements

The good news is that delivering on your customers' expectations also meets the needs of the privacy provisions in the GLBA, which sets standards for how equipment and commercial trucking dealers collect, store and share a client's personal and financial information.

The privacy rule requires privacy notices and places limitations on the sharing of nonpublic personal information (NPI), and applied to consumers who financial products or services from a financial institution primarily for household purposes, while some requirements apply to any customers with an ongoing relationship with the dealership.

To meet these requirements, the financial institution must:

1: Provide a clear notice of the information-sharing policies and practices, including what information it collects and with whom it shares the information. The notice must be provided when a customer relationship is established, and each year following as long the information sharing continues.

2: Provide customers an opportunity to opt-out of having NPI shared with non-affiliated third-party activities, including joint marketing, processing consumer transactions, and service providers. Opt-outs must be provided within 30 days.

3: Refrain from disclosing account numbers or similar forms to any nonaffiliated third parties for marketing purposes. There are narrow exceptions for joint marketing arrangements, as addressed is the second requirement listed above.

Dealers as Financial Institutions

As a reminder: yes, dealers are financial institutions. Under the GLBA, the federal guidance already had a broad definition of a financial institution and it just became broader. Prior to the recent GLBA amendments, this definition included any business that "significantly engaged" in financial activities or in activities incidental to financial activities. This definition included everything from real estate settlement to tax preparers.

Up until last year, the rules within the GLBA were generally high-level and based on a company's "size and complexity, the nature and scope of [its] activities, and the sensitivity of the customer information at issue." This sort of language created very flexible compliance standards based on a company's intent of its processes. In other words, as long as a dealer was seemingly trying to protect the information, then that was enough. However, that recently changed.

The recent GLBA amendment expanded this definition. The guidelines now specifically include "finders," which are businesses that connect buyers and sellers of a product or service incidental to financial activities. So this includes any business connecting a customer to a financial institution. That includes most dealers.

Business of Trust

However, whether a dealership views itself as a financial institution or not, there is a value in following the privacy rules, besides meeting compliance requirements.

Like many businesses, equipment and commercial trucking dealerships are in the business of trust. They must work with manufacturers they trust, and in turn must build trust with their customers. Similarly, both customers and dealers must trust the financial institutions that they work with.

Managing your customer's personal information to these standards is part of building an atmosphere of trust, and trust is simply good business.

Webinar: Complying with Privacy & Financial Protection Regulations for Equipment Dealers

Topic: The regulatory landscape related to the management of customers' personal and financial information is ever-changing at the federal and state levels. Heavy equipment and truck dealers must comply with mandates that could result in costly audits and hefty fines, including under new revisions to the Gramm-Leach-Bliley Act (GLBA) Privacy and Safeguards Rules and key state regulations. This webinar will explore these issues and address what dealers need to do to stay updated on regulatory and compliance issues.

When: Oct. 20, 2022, 1 p.m. ET / 10 a.m. PT

Moderator/Presenters: