Saturday, November 3, 2007

(GLBA) Gramm - Leach - Bliley Act Part 2 - "Privacy Rule"

by: AFI

I remember back in 2001 when the controller of our dealer group told all of the F&I managers that we needed to have customers sign Privacy Notices. A big case full of the things showed up with instructions that every one who signs a credit ap must sign one of these also. That was it. We originally made the salespeople get it signed at the same time as they got the credit application signed.

It wasn't until a short while later did I receive the full explanation of exactly why a Privacy Notice needed to be issued.

Dealers are required to issue Privacy Notices to customers who avail themselves of vehicle funding and indemnification services offered by the dealer, even when an outside lender provides the credit.

The notices are required to be delivered regardless of whether the nonpublic information is shared with unrelated entities or not.

*** More boring legal stuff:

The Federal Reserve board dictates in Section 313.4 - Initial privacy notice to consumers required.

Initial notice requirement. You must provide a clear and conspicuous notice that accurately reflects your policies and practices to:
* Customers and Consumers. Before you disclose any nonpublic personal information about the consumer to any nonaffiliated third party.

313.5 - specifies the need to send annual privacy notices if you are a lienholder.

313.9 - How to provide privacy and opt-out notices.

313.10 - Conditions for disclosure.

* You may not, directly or through any affiliate, disclose any nonpublic personal information about a consumer to a nonaffiliated third party unless:

1. You have provided to the consumer the initial notice as required by 313.4;

2. You have provided to the consumer an opt out notice as required in 313.7;

3. You have given the consumer a reasonable opportunity, before you disclose the information to the nonaffiliated third party, to opt out of the disclosure; and

4. The consumer does no opt out.

Pretty cut and dry I think.

The Privacy notice used by my dealership since July 2001 uses the following exact words.
Consult your legal council before copying and using this notice.

Privacy Notice
In connection with your transaction, this dealership may obtain information about you as described in this notice, which we handle as stated in this notice.
1. We collect nonpublic personal information about you from the following sources:
* Information we receive from you on applications or other forms;
* Information about your transactions with us, our affiliates or others; and
* Information we receive from a consumer reporting agency.
2. We may disclose all of the information we collect, as described above, to the companies that perform marketing services on our behalf or to other financial institutions with whom we have joint marketing agreements. We may make such disclosures about you as a consumer, customer, or former customer. At no time will your information be sold to any third party nor disclosed to any company or individual without a need to know that information.
3. We may also disclose nonpublic personal information about you as a consumer, customer, or former customer, to nonaffiliated third parties as required by law.
4. We restrict access to nonpublic personal information about you to those employees who need to know that information to provide products or services to you. We maintain physical, electronic, and procedural safeguards that comply with federal regulations to guard your nonpublic personal information.
CUSTOMER ACKNOWLEDGEMENT: I (we) acknowledge that I (we) received a copy of this notice on the date indicated below.
---------------------------- ----------
customer signature date

Back to blog homepage

No comments: