• Stop being a LURKER - join our dealer community and get involved. Sign up and start a conversation.

A Dealer Guide to the FTC Safeguards Rule - Download PDF

Jump to latest Follow Reply
#11
Burt Lewis said:
We are a small used 100+ independent trying to wrap our brains around this. We're not prepared to marry a "security compliance" vendor at this time so we are doing what we can to understand and try to comply on our own. If anyone other independent has any documentation advice or ideas on how we, as a small dealer, can comply on our own it would be much appreciated. Thank you!
Click to expand...
Burt

I am in the process of finishing up. I am a small independent as well.

I have taken the Guide in the post as a starting point. I changed a couple of things, but for the most part just left it as it is.

Let's start with this. Who is your DMS Provider and who is your CRM Provider.
 
  • Like
Reactions: Jeff Kershner
#12
It's two small companies you probably have never heard of but what is it that I need to ask or do with them? What role do they need to play? The crm has lead info only, no financial data is stored with it. We use dealer.com for our website who intake finance apps that we access by logging in to the back end. I believe we do the same with cars.com. Thank you very much.
 
  • Like
Reactions: Tallcool1
#13
Burt Lewis said:
It's two small companies you probably have never heard of but what is it that I need to ask or do with them? What role do they need to play? The crm has lead info only, no financial data is stored with it. We use dealer.com for our website who intake finance apps that we access by logging in to the back end. I believe we do the same with cars.com. Thank you very much.
Click to expand...
It is pretty much covered in the guide here in the thread.

Basically, any data that is traveling between a lead provider and your CRM must be secured. Any data traveling between your CRM and your DMS must be secured. Any data traveling between your DMS and anyone else (credit reporting agencies, lending platforms, etc.) must be secured. All of these platforms must have Multifactor Authentication installed. The term secured means encrypted (generally speaking).

Lead Info only is not a reason to believe that you don't have to secure that information. We do.
 
  • Like
Reactions: Jeff Kershner
#17
Alex Snyder said:
We have Tom Kline on RefreshFriday this week. Got any questions you want us to ask?
Click to expand...
@Alex Snyder

These are some questions that I have for Refresh Friday.

1. Each State likely has their own Data Retention minimum requirements. In Nebraska it is clearly stated to be 5 years. I have heard that there are maximum retention timelines as well, but don't positively know what they are.

Can I retain customer information in my CRM as long as we have periodic contact with this person on an ongoing basis for purposes of customer care and communication? We typically contact every customer in some form at least 2 times per year. What are the rules specifically?

2. ADF/XML emails are not secure. All of our incoming ADF/XML emails move from websites to a stand alone Email Parsing application. The parsed data then comes into my CRM via API which is secure. No data is transmitted into my CRM through unsecured methods. At what point is this incoming data considered "my data"? When it hits my Email Parse, or when the consumer clicks SUBMIT on my website or any 3rd party listing site?

3. If the answer to #2 is that the data security responsibility falls on me when the customer clicks SUBMIT, then what are we supposed to do if a vendor does not have the ability to send data via API? I understand the ease of responding with "don't do business with them", but is that considered reasonable?

4. The ADF/XML data referenced above is very basic Customer Information. Name, Phone, Email, and what vehicle they are looking at. There is not Credit Information contained in these Emails. I realize that the safeguards rule doesn't differentiate. I just wanted to be clear what the information is.
 
  • Like
Reactions: Jeff Kershner and Alex Snyder
#18
Tallcool1 said:
@Alex Snyder

These are some questions that I have for Refresh Friday.

1. Each State likely has their own Data Retention minimum requirements. In Nebraska it is clearly stated to be 5 years. I have heard that there are maximum retention timelines as well, but don't positively know what they are.

Can I retain customer information in my CRM as long as we have periodic contact with this person on an ongoing basis for purposes of customer care and communication? We typically contact every customer in some form at least 2 times per year. What are the rules specifically?

2. ADF/XML emails are not secure. All of our incoming ADF/XML emails move from websites to a stand alone Email Parsing application. The parsed data then comes into my CRM via API which is secure. No data is transmitted into my CRM through unsecured methods. At what point is this incoming data considered "my data"? When it hits my Email Parse, or when the consumer clicks SUBMIT on my website or any 3rd party listing site?

3. If the answer to #2 is that the data security responsibility falls on me when the customer clicks SUBMIT, then what are we supposed to do if a vendor does not have the ability to send data via API? I understand the ease of responding with "don't do business with them", but is that considered reasonable?

4. The ADF/XML data referenced above is very basic Customer Information. Name, Phone, Email, and what vehicle they are looking at. There is not Credit Information contained in these Emails. I realize that the safeguards rule doesn't differentiate. I just wanted to be clear what the information is.
Click to expand...
Fantastic questions Clint! I’m adding these to the agenda.
 
  • Like
Reactions: Tallcool1
#19
Burt Lewis said:
Appreciate any first hand vendor recommendations to help us to comply with the FTC Safeguards rules. We are a small independent used car dealer in Mass. Thank you.
Click to expand...

Hi Burt,
I am with cbc, creditdriver and Dealer Safeguard powered by informativ.

Informativ brings together leading companies CreditDriver, Credit Bureau Connection, and Dealer Safeguard Solutions, and their long history of dealership marketing, fraud protection, dealer compliance and credit reports.
We are the:
  • ONLY mobile-first lead gen that tracks the lead source & delivers qualified buyers to dealerships.
  • ONLY enforcement platform that ensures a dealership’s people, policies, paperwork, and process are consistent & compliant.
  • ONLY complete credit & compliance tech with robust reporting & industry-leading 99.99% uptime.
  • ONLY company that offers flat rate on credit bureaus!
Happy to answer any questions! [email protected]
 
#20
Interested said:
Hi Burt,
I am with cbc, creditdriver and Dealer Safeguard powered by informativ.

Informativ brings together leading companies CreditDriver, Credit Bureau Connection, and Dealer Safeguard Solutions, and their long history of dealership marketing, fraud protection, dealer compliance and credit reports.
We are the:
  • ONLY mobile-first lead gen that tracks the lead source & delivers qualified buyers to dealerships.
  • ONLY enforcement platform that ensures a dealership’s people, policies, paperwork, and process are consistent & compliant.
  • ONLY complete credit & compliance tech with robust reporting & industry-leading 99.99% uptime.
  • ONLY company that offers flat rate on credit bureaus!
Happy to answer any questions! [email protected]
Click to expand...

:hello: welcome to DealerRefresh Lucinda. Can you expand on how your company helps with the FTC Safeguard rules specifically?
 
Top Bottom
Back
Jump to latest Follow Reply
Jump to latest Follow Reply
Menu