When Compliance Met Technology
When Compliance Met Technology

I recently met a friend at a local McDonald’s for a cup of coffee. To my surprise, there were no order-takers behind the counter. Rather, a row of sleek kiosks accepted my order and payment; a minute later, a runner brought out our coffee.

Technology, it seems, is capable of changing everything. Why not dealership compliance?

To answer that question, a bit of history is helpful. Once upon a time, dealership legal compliance was a sometimes thing, certainly driven more by the ethics of a given dealer than any technology.

Enforcement, too, was erratic. Egregious cases of consumer fraud were prosecuted with much media fanfare, but a constant drip of “normal graft” was tough to defeat. Then, in the decade from 1999 to 2009, all that began to change. What changed it was the confluence of law and technology.

Federal Regulations

First, the law. While such standards as the Truth in Lending Act, Consumer Leasing Act and Fair Credit Reporting Act had been on the books for years, it was the Gramm-Leach-Bliley Act of 1999 that seemed to be a wake-up call. The GLBA created the Privacy Rule and the Safeguards Rule. They relate to one another and must be considered together.

The Privacy Rule requires dealers to inform customers what nonpublic personal information (NPI) the dealer collects, what the dealer does with that NPI, and how it safeguards that NPI. If the dealer shares a customer’s NPI with non-affiliated third parties, the Privacy Rule allows the customer to opt out from that sharing in certain circumstances.

The Safeguards Rule sets forth the minimum standards a dealership must meet in protecting its customers’ NPI. When a privacy notice says the dealership protects that NPI “in accordance with law,” it means the dealership is satisfying the requirements of the Safeguards Rule.

Then came the Red Flags Rule. Like the Privacy Rule and The Safeguards Rule before it, the Red Flags Rule enacted a set of bright-line obligations the dealership must meet. If the Safeguards Rule was meant to prevent identity theft, the Red Flags Rule was designed to spot identity thieves before they could do more damage.

Advancing Technology

All of this evolved against a background of burgeoning technology development and usage. When the Gramm-Leach-Bliley Act was passed, smartphones had not yet been invented. The internet was accessed at dial-up speeds. And social media? Mark Zuckerberg was in eighth grade.

Those three technologies — the internet, smartphones, and social media — did more to accelerate legal compliance than any single law intended to constrain dealership behavior. Let’s look at each in turn.

The internet provides near-instantaneous access to information that is practically without limit. This reduces a reality that once both protected dealership profits and obscured their sins: informational asymmetry. That fancy term means one side had all the knowledge. And when one side has all the knowledge, that side usually wins. Remember the expression “Knowledge is power”? In fact, it is.

Informational asymmetry meant that customers didn’t know how much a dealer had invested in any piece of its inventory, or how reliable particular vehicles were, or if a used car had been in a wreck. Under such circumstances, customers were in no position to drive a hard bargain.

The internet changed all that, and smart phones made access to the internet easy, quick, and cheap. Want to know what a car should cost? Visit Kelley Blue Book or any of a host of other valuation sites. Want to know if there is an open recall on the car of your dreams? Visit NHTSA.gov/recalls. All of a sudden, negotiating got a whole lot fairer, and dealers’ margins got a whole lot thinner.

Social media gave everyone a platform to praise or curse dealership behavior. The odds of any given dealership becoming a target of an FTC investigation are remote. But the odds of a dealership getting flamed on Facebook, Yelp or Twitter (more likely, all three) are a certainty.

OK, back to the law part of all this. If a dealer sinned in the 1980s, the only people who knew about it were the victims and those who read newspapers. If a dealer sins today, the news can travel around the world and literally into everyone’s hands in an instant.

Because of the internet, knowledge of what is and is not legal is more common than ever. Awareness of identity theft, in particular, has reached dizzying heights in the wake of the Equifax breach. The Safeguards Rule and the Red Flags Rule connect that awareness to the world of retail automotive. And instances of consumer fraud, always wrong, are now easier to discover.

In short, it is technology that is really driving the increased interest in dealership compliance. That is not a bad thing. In addition to being the driver of compliance awareness, technology can be the most effective means of achieving compliance.

Next time, we’ll examine how technology can ensure dealership compliance with legal requirements and consumer expectations.

About the author
Jim Ganther

Jim Ganther


Jim Ganther is president of Mosaic Compliance Services. He is an attorney and a member of the National Association of Dealer Counsel.

View Bio