By Mark Sanborn
Senior Product and Regulatory Counsel
Listen up, dealership pros. We need to talk about privacy policies. Turns out, they’re extremely important; in the evolving landscape of privacy and data protection, privacy policies have become an increasingly relevant requirement for automotive dealerships. With new state privacy laws coming into effect left and right, many dealers are finding themselves in uncharted territory, required for the first time to have a privacy policy that meets specific requirements.
Now, before you roll your eyes and mutter “just another compliance headache,” let’s break this down. Getting your privacy policy right isn’t just about adding boilerplate text to your website. It’s about taking a good, hard look at how information flows through your dealership. Where does it come from? Where does it go? Who gets their hands on it? It’s like following a trail of digital breadcrumbs through your systems, processes, and vendors. Fun, right?
But wait, there’s more!
You also need to take inventory of all those third parties you’re sharing data with. Why? Because when a customer comes knocking, asking about their data rights under these new privacy laws, you need to know exactly who’s holding what. It’s like a game of data hot potato, and you’re the referee.
Now, here’s where things get fun. Your vendors and third-party partners might start asking you to add custom bits to your privacy policy. They’ll often say it’s to cover the specific service they provide. But here’s a pro tip: sometimes, it’s more about covering their own behinds than yours. These requests can be like trying to fit a square peg in a round hole – they might contradict other parts of your policy or even how you actually handle data in real life.
Take The Campaign Registry (TCR), for example. If you’re running text message campaigns, you might have received a request based on their guidance to add some specific language to your privacy policy. Sounds reasonable, right? Well, pump the brakes. A lot of the time, these requests aren’t based on any actual law or regulation. And they’re often confusing and might conflict with how you actually process and share information in practice.
So, what’s a savvy dealer to do?
First, don’t just copy-paste whatever language vendors throw at you. And for heaven’s sake, don’t allow an OEM or other third-party’s privacy policy to be posted on your website as your own. Be cautious and discerning. Work with competent counsel and trusted compliance vendors to review these requests. Think of it as assembling your privacy policy A-team. Because here’s the kicker: being lax about what goes into your privacy policy isn’t just sloppy – it’s risky.
Remember, privacy policies are public-facing promises about what you do with information and how you protect it. That’s why the regulators are so keen on you having these policies. But, if you make promises you have no way to keep, that could be worse than no promise at all. Remember that those state privacy laws we mentioned earlier are coupled with enforcement mechanisms, and regulators are watching. And let’s not forget about those state and federal UDAP laws. If your privacy policy says one thing, but your practices say another, you might as well be waving a red flag in front of regulatory bulls.
Your privacy policy isn’t just another box to check. It’s a living document that needs your attention. Get it right, and you’re not just covering your legal bases – you’re building trust with your customers and partners. Get it wrong, and… well, let’s just say you might be in for some interesting conversations with regulators or plaintiffs’ lawyers. So roll up those sleeves, dig into those data flows, and craft a privacy policy that actually reflects your dealership’s practices. Your future self (and your legal team) will thank you.
ComplyAuto has your back!
Our privacy customers have access to an easy-to-use tool that does the hard work for you. Simply answer a few questions, confirm your vendors, and a privacy policy tailored to your operations will be generated. Need to update things as you go along? No problem. Just update your questionnaire or contact your Customer Success Manager, and we’ll get you going in no time. We also prioritize security and accuracy. We don’t allow just anyone to add things to dealers’ privacy policies. When custom requests come through, we ensure they are vetted and approved by the dealership decision-makers.