Do I Have to Mail Privacy Notices?
Recently, we received a question regarding privacy notices through our Compliance Consultation Service. Specifically, a dealer wanted to know whether or not he had to mail a privacy notice to all of his customers. In this blog post, we examine what is required and how dealers can comply with privacy notice requirements.
Dealer Question - Do I have to mail a privacy notice to all of my customers?
Answer - You do not have to mail the notice, but you do have to provide the notice to your customers every year UNLESS you can take advantage of the provision discussed below.
Auto dealers must give their customers a "clear and conspicuous" written notice describing their privacy policies and practices.
Whether or not you share personal customer information, you must give all your customers a privacy notice. You must provide an "initial notice" by the time the customer relationship is established, with only minor exception. This initial notice must be in writing and delivered by hand or electronically.
You must also give your customers an "annual notice" - a copy of your full privacy notice - for as long as the customer relationship lasts. You may reasonably expect that your customers have received your annual notice if they agree to receive notices at your website, and you post your notice continuously in a clear and conspicuous manner on your website.
Notices given orally or posted in your office(s) don't comply with the rule.
*IMPORTANT* In 2016, the Fixing America's Surface Transportation Act included an amendment that eliminates the annual privacy notice requirement for financial institutions that meet both of the following conditions:
- Does not disclose nonpublic personal information (NPI) that would trigger a customer's right to opt –out.
- Has not changed its policies and practices regarding disclosing NPI since its most recent privacy notice to customers.
For more information, or to obtain a referral to an attorney who can advise you on whether your dealership needs to provide an annual privacy notice, contact the TIADA Compliance Consultation Service.