Tuesday, September 28, 2010

Safe Harbor - New Privacy Notices

In November of last year, in order to produce uniformity in the privacy notices being issued to consumers, government agencies amended the Gramm-Leach-Bliley Act. The amendment called for the creation of an online form builder that would generate standardized compliant privacy notices.

The privacy notices that we have been commanded to provide to our customers since July of 2001 will not protect us from our government's wrath after Dec 31, 2010. It's been a good run though.

Anyway, there are new rules for the content that dealers need to have in their new privacy notices to give them the "safe harbor" that they enjoyed while providing the old privacy notice.

A "safe harbor" is a provision in the regulation that reduces a dealers potential liability if the dealer provides a privacy notice exactly the way the online tool dictates them to do. This makes the dealer compliant with federal law and protects them if any issues arise.

I am all for protection, so how do these privacy notices need to look?

Here is a link to the Privacy Notice Online Form Builder: This is where you will need to go to actually create your privacy notice.


and a FTC workshop on "Writing Effective Privacy Notices"


It looks like we will be giving a 2 page privacy notice doesn't it? Well, actually it could probably be tightened up into 1 page and still remain compliant. No - it states that there needs to be a Page 2 - and I quote:

"As in the proposed model form, the second page of the final model form provides additional explanatory information that, in combination with page one, ensures that the notice includes all elements described in the GLB Act as implemented by the privacy rule".

Maybe it can be front and back. Oh well - Still waiting to see what my main dealer group is going to roll out.


Here's a link to the actual Rules and Regulations of this thing: http://www.ftc.gov/privacy/privacyinitiatives/PrivacyModelForm_FR.pdf

I continue to be amazed at the waste of our tax dollars.

Does anyone else have a headache?

Compare with the full text of Regulation P back from 2002: Regulation P - Compliance Guide for Small Entities

Seems like the Government continues to become more and more complicated in spite of itself - although I know that we still live in the greatest country in the world!

Actually - come to think of it...

I have been scanning this monstrosity of the rules and regs of the final rule, and I don't see the words "Safe Harbor" anywhere in the rule. It is just titled "The Final Model Privacy Form Under The Gramm-Leach-Bliley Act"

If anyone can find it and prove me wrong - please leave a comment.

In fact - do a Google search for "Safe Harbor Privacy Notice" and you'll see examples of the Safe-Harbor privacy rules of large companies such as Merck and even Ford Motor Credit on the first page of results.


Their notices keep these companies in compliance with information sharing policies between American companies and the European Union and Switzerland.

From MeadeWestvaco:

"MeadWestvaco Corporation is committed to protecting the privacy and security of its Employee Personal Information and has certified that it abides by the Safe Harbor privacy principles as set forth by the United States Department of Commerce. The principles regulate the use, collection, storage and transfer of data between the European Union and the United States. This Policy outlines the practices and procedures for implementing these principles."

So why are Automotive Compliance gurus all referring to our version as a Safe-Harbor Privacy notice?

It really doesn't matter does it.

I'll bet that I am the first to expose the truth though - ha.

Anyway - sorry to all of my readers for the lack of recent posts. Building a company is exhaustive work.

Please feel free to leave comments!!



Next post: my comments on the U.S. Fidelis fiasco.

Back to the Auto Finance Insider blog homepage:


Anonymous said...

ha, I will try out my thought, your post get me some good ideas, it's truly awesome, thanks.

- Murk

Profit Drivers said...

Although this doesn't apply to me directly as we use a generic Privacy form that hasn't been scrutinized by our Canadian government (yet), I always appreciate your posts. Interesting and valuable information! I'm most interested to hear about the company you have been building. Do tell more :)

Anonymous said...

Very well written post. It will be valuable to anybody who utilizes it, as well as myself. Keep doing what you are doing – for sure i will check out more posts.
My blog is about [url=http://www.depressionsymptomsmedication.com]Childhood depression[/url].