California Privacy Act and Car Dealerships
The California Consumer Privacy Act, or CCPA, expands the rights of consumers have regarding their personal information, how it’s used and how it’s store. The CCPA was signed into law on June 28, 2018. While it likely won’t take effect until summer of 2020, you should start familiarizing yourself now. Even if you aren’t in California it will likely set a precedent, so expect to see similar laws being passed all over the country. New York already has one in the works. Plus if any of your customers live in California, then you may be subject to the law.
The law defines “personal information” as "information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household." This includes things like name, address, social security number, driver’s license number, etc., which dealerships use on a daily basis.
So what’s included in the law?
Under CCPA California residents have the right to know what personal information is collected about them and know what personal information is sold or disclosed for a business purpose. This clause is something that probably already exists in the forms your customers sign, so no big change here.
Consumers can now opt out of the "sale" of their personal information. Your dealership isn’t likely “selling” someone’s personal information, but you may be sharing it with third parties like lenders, your marketing firm or other entities you do business with who may market to your customers. If they choose, consumers can ask to have their personal information deleted your systems as well, so make sure you have a well-maintained CRM database where you can easily manage personal information. Check for duplicates and varied name spellings that employees may have accidentally entered.
More importantly people can’t be discriminated against if they choose not to share their personal information. Obviously dealerships need personal information for lending purposes, but this may come into play if someone is “just shopping.” Sales staff can’t pressure them for the information to follow up later. They also can’t ignore or pass on a customer who isn’t willing to share as this could be construed as discriminatory.
Lastly, ensure your dealership’s security is top-notch and hire employees you trust. Under CCPA, consumers can sue a company if their personal information is breached. So if someone hacks your server or an employee steals customer information, you can be held accountable for the consumers’ data being stolen.
If you’re in California or a neighboring state and need more guidelines about how to comply with this law, the International Association of Privacy Professionals have put together a bunch of information to help you. Of course, you should also consult your corporate attorney to make sure you’re compliant.
As technology advances, we expect to see more of this, so be prepared for the future.
