Dallas County Automobile Dealers Association

Gramm-Leach-Bliley Act Compliance
Home
President Message
TX DOT
Legislative Wrap-Up 2007
TIADA Legislative Accomplishments
Dealer Location Licensing Requirements
Foreign Motor Vehicle rule
Quick Reference to Texas Dealer Laws
Message Board
Reasons why you probably shouldn't become a member
Is it a Lemon?
WHY SHOULD I JOIN AND PARTICIPATE IN DCADA
Legal Resources
Auto Auction Directory
DCADA Websites
Gramm-Leach-Bliley Act Compliance
Auto wholesale
Future Members (Membership Application)
Executive Committee 2008
Curbstoning Information
***Online advertising
Dealer License Information
Vendor Links

Gramm-Leach-Bliley Act

SUBJECT: Gramm-Leach-Bliley Act Compliance

 

As you may know, the Gramm-Leach-Bliley Act was signed by President Clinton in 1999. Federal

Agencies with regulatory authority were empowered to adopt and implement rules setting forth

which entities are subject to the Act and how to comply with its provisions. In the case of motor

vehicle dealerships, finance companies and collection agencies, the Federal Trade Commission

(FTC) is the regulatory agency with enforcement authority. The FTC issued a Final Rule on

Privacy of Consumer Financial Information in May, 2000. The FTC’s Final Rule became effective

on November 13, 2000. Full compliance with the Act and the Rule are required by July 1, 2001.

The stated purpose of the Act and Rule is to ensure that "financial institutions" respect the privacy

of their customers and protect the security and confidentiality of "nonpublic personal information"

collected when an individual obtains a "financial product or service." The FTC chose to retain a

broad definition of "financial institution". For example, the definition of "financial institution"

encompasses retail sellers of goods if they assist consumers in obtaining credit or extend credit

themselves. A motor vehicle dealership is also a financial institution if it, in the regular course of

its business, leases motor vehicles on a non-operating basis for longer than 90 days.

Like the definition of financial institution, the FTC also adopted broad definitions for "financial

products or services" and "nonpublic personal information". The definition of "financial products

and services" includes the financial institution’s evaluation of information collected in connection

with an application by a consumer for a financial product or service, even if the application

ultimately is rejected or withdrawn. It also includes the distribution of information about a

consumer in obtaining a financial product or service. In some cases, the only product or service

offered is the funding of the loan, directly or indirectly. In other cases, the product or service is the

processing of payments, sending account-related notices and responding to consumer inquiries.

"Nonpublic Personal Information" means any personally identifiable financial information that is

provided by a consumer to a financial institution, the results from any transaction with the

consumer or any financial service performed for the consumer, or information otherwise obtained

by the financial institution. Examples of "nonpublic personal information" include:

• Information a consumer provides on an application to obtain a loan;

• Account balance information, payment history and credit card information;

• The fact that an individual is or has been one of a dealer’s customers or has obtained a financial

product or service from the dealership;

• Any information that a consumer provides to a dealership, or the dealership’s agent or is

otherwise obtained in connection with collecting on or servicing a credit account;

• Any information a dealer collects through an Internet "cookie" (an information collecting device

from a web server);

• Information from a consumer report; and

• Any list, description, or other grouping of consumers that is obtained in whole or in part using

any personally identifiable financial information that is not publicly available.

Simply put, a motor vehicle dealer or his related finance company is required to comply with the

notice and opt out requirements under the Act and the Rule if it:

• Accepts a credit application from an individual, even if financing is never extended by either the

dealership, the related finance company or a third party;

• Agrees to assist the individual to obtain a loan or credit to purchase or lease a vehicle and/or

related goods or services;

• Contracts to extend financing to an individual for the purchase or lease of a vehicle and/or

related goods or services, including any side agreement to finance a product or service and/or

agreement for a deferred down payment;

• Assists a consumer to obtain financing for the purchase or lease of a vehicle and/or related

goods or services, whether or not the finance or lease agreement is subsequently assigned to a

lender or is directly between the consumer and the lender; or,

• Insures, guarantees, or indemnifies against loss, damage, illness, disability, or death or act as

principal, agent, or brokers for the sale of insurance designed for any of these purposes.

Full Compliance with the Act and the FTC’s Final Rule by July 1, 2001 means that you have

established a system for providing an initial notice to all new customers, have mailed the initial

notices to all of your existing customers (those with whom you have a continuing relationship) and

have afforded them the opportunity to opt out of any disclosures which are not otherwise

permitted by law. In addition to complying with the notice and opt out requirements, your

dealership and each of your affiliated entities must be capable of tracking whether an individual

has opted out of a disclosure and following the opt out instructions. You must also have

procedures and policies in place to ensure that nonpublic personal information is safeguarded

and kept in a confidential manner.

The Gramm-Leach-Bliley Act and the Federal Trade Commissions Final Rule on Privacy of

Consumer Financial Information are quite lengthy and too complex to cover all of the compliance

issues in this Memo. A motor vehicle dealership’s individual business practices, state privacy

laws and the Fair Credit Reporting Act may have an impact on the required disclosures. Dealers

are encouraged to consult legal counsel to ensure that any forms or materials they use to make

required disclosures accurately describe their individual dealership’s policies and are appropriate

for their use. Additional information on the Act and Rule can be obtained from your State

Independent Dealer Association.