Privacy Notices: Is Your Dealership Doing This?

Recently, several dealers have reached out to TIADA with questions about privacy notices.

Recently, several dealers have reached out to TIADA with questions about privacy notices. Are they required to deliver them to all their customers every year? Do they have to be mailed or can they be emailed? In this week's blog, we address these and other questions to help your dealership.
Take these questions for example:
Q: Do I have to deliver a privacy notice to all of my customers every year?
A: You do NOT have to deliver an annual privacy notice to all customers every year UNLESS you share customer non-public personal information (NPI) with a third party.

Q: If I share NPI with a third party, do I have to mail the privacy notice by United States Postal Service (USPS) or can I send the required annual notice by email or post on my website?
A: Delivery by USPS is NOT required and the annual privacy notice can be delivered electronically so long as it is in a clear and conspicuous manner, i.e. website and/or email. You can also send via USPS mail just in case, but certified mail is not required by law.

Auto dealers must give ALL of their customers a "clear and conspicuous" written notice describing their privacy policies and practices. You must provide an "initial notice" by the time the customer relationship is established. This initial notice must be in writing and may be delivered by hand or electronically.
You must also give your customers an "annual notice"—a copy of your full privacy notice—for as long as the customer relationship lasts IF you share non-public personal information (NPI) with a third party. You may reasonably expect that your customers have received your annual privacy notice if they agree to receive notices by email or at your website and you post your notice continuously in a clear and conspicuous manner on your website. Notice delivery methods must match the customer's delivery election (mail=mail; email=email). Notices given orally or posted in your office(s) DO NOT comply with the rule.

In 2016, the Fixing America's Surface Transportation Act included an amendment that eliminates the annual privacy notice requirement that meets both of the following conditions:
  • Does NOT disclose nonpublic personal information (NPI) that would trigger a customer's right to opt –out.
  • Has not changed its policies and practices regarding disclosing NPI since its most recent privacy notice to customers. 
Conclusion: What this means is that if an auto dealer does NOT share customers' NPI for any reason not associated with maintaining the customer's account, AND if a dealer keeps their privacy notice policies the same, then that auto dealer does NOT have to provide additional annual privacy notices to their customers by USPS or other means.

For more information, or to obtain a referral to an attorney who can advise you on whether your dealership needs to provide an annual privacy notice, contact the TIADA Compliance Consultation Service.


There have been no comments made on this article. Why not be the first and add your own comment using the form below.

Leave a comment

Commenting is restricted to members only. Please login now to submit a comment.