FTC: Car Dealers Must Protect Data After Business Deals End
Car dealers must protect a customer’s personally identifiable financial information even after the business relationship ends, the FTC said in its FAQs on the agency’s Safeguards Rule.
Sign up for a free preview to unlock the rest of this article
Privacy Daily provides accurate coverage of newsworthy developments in data protection legislation, regulation, litigation, and enforcement for privacy professionals responsible for ensuring effective organizational data privacy compliance.
Enforced under the Gramm-Leach-Bliley Act, the rule requires companies to keep customer data secure and ensure affiliates and service providers do the same.
Question 10 on the FAQs asks: “If I no longer have a continuing relationship, does the Safeguards Rule still require me to protect the information received from the customer?”
“You must continue to protect customer information that you obtained from a customer, even if they are no longer a customer, for as long as you have that customer information in your possession,” the agency answers. “You can securely dispose of the customer information at any point, however, and should do so once you no longer have a business need to keep it.”