Phone: 630-495-2282 Fax: 630-495-2260 Map/Directions
 

Customer information via Internet must be encrypted, FTC warns

November 17, 2010

The Federal Trade Commission reportedly is investigating a dealership that failed to secure the personal information of credit applicants when it e-mailed the information to others using unencrypted text. The data was collected from online credit applications.

 

The FTC Safeguards Rule requires that dealerships protect customer information that is physically maintained at the dealership and any personal information that dealers "access, collect, distribute, process, protect, store, use, transmit, dispose of, or otherwise handle . . . ." (emphasis added) 

Dealers should consult the NADA publication, "A Dealer Guide to Safeguarding Customer Information," available by calling the NADA at 800-252-6232, ext. 2. The publication offers guidance that includes:

 

"[With regard to] the transmission of customer credit applications over the Internet, you should ensure that the program application you use encrypts the data or otherwise transmits it in a secure manner to the bank or finance company. If you are submitting the customer’s application over the Internet, you should ensure that the information displayed on your computer screen is not visible to others who are not authorized to have access to this information." 

Dealers also can consult an FTC publication, "Financial Institutions and Customer Information: Complying with the Safeguards Rule." The publication, updated in April 2006, is available online at www.ftc.gov/bcp/conline/pubs/buspubs/safeguards.pdf.

 

The dealership under FTC investigation is not in Illinois.

 

Back