Auto dealers must comply with GLBA by December 9

Automobile dealers don’t just sell vehicles, they do credit checks and issue loans as well. Because of this, dealers store important customer data, such as addresses, social security numbers and other personal identifiable information.

And if dealers aren’t compliant with new federal regulations by December 9 regarding how this information is handled, they could face financial penalties.

These federal regulations are part of the Gramm-Leach-Bliley Act and Privacy Rule.

GLBA was enacted on November 12, 1999, to reform the financial services industry and address concerns about consumer financial privacy. In 2022, changes were made to the Act that require dealerships to increase cybersecurity measures to protect consumer data. These changes include creating a security strategy, conducting risk assessments and training employees.

Auto dealers also must inform customers about what personal information they are collecting, what they will do with it and other entities that will receive the information.

Dealerships are required to comply with the new regulations by the deadline, or they could be subject to fines. They also must comply with the Federal Trade Commission’s Privacy Rule.

According to the FTC, the Privacy Rule applies to car dealers who:

  • Extend credit to someone in connection with the purchase of a car for personal, family or household use
  • Arrange for someone to finance or lease a car for personal, family or household use
  • Provide financial advice or counseling to individuals


“Traditional financial institutions are familiar with the Act and its requirements,” said Sarah Duncan, an account executive for HORNE’s Cyber division. “This is new for auto dealerships, but because they deal with information that can identify their customers, they also will have to comply with GLBA and the FTC’s Privacy Rule.

“Because they haven’t had to follow these regulations, it can seem complicated,” Duncan said. “But with some information and guidance, auto dealers will be well equipped to adhere to the new requirements.”

For help complying with GLBA and the FTC’s Privacy Rule, contact HORNE today.



More Insights

Federal Flood Risk Management Standard: What You Need to Know

On April 23, 2024, HUD released a “final rule” that updated their regulations for managing floodplains and protecting wetlands to incorporate the...


HORNE Ranked in Top 50 Professional Services Firms by Engineering News-Record

Engineering News-Record has ranked HORNE among the Top 50 professional services firms in two areas of program management for...


Crisis-Proof Your Construction Team

Step into the world of effective crisis communication tailored specifically for the construction sector. Whether you're managing large-scale...


SCOTUS, Chevron Deference, and the Future of Healthcare Fraud and Abuse Law

On Friday, in a striking blow to 40 years of administrative law doctrine, the Supreme Court overturned the “Chevron deference”. Previously, this...


Demystifying OSHA Inspections and Enhancing Workplace Safety

Are you confident that your team is prepared for an OSHA site visit? If the answer is no, or if you want to be more prepared, then join us as we...


Market Dislocations: Bid-Ask Spread and Risk Premium in Healthcare

We have been hearing about a “bid-ask spread” issue in the lower middle market healthcare space for a significant time, and I wanted to discuss...


Talk to an expert today.