Phone: 630-495-2282 Fax: 630-495-2260 Map/Directions

Overview of the FTC’s standards for safeguarding information

November 17, 2010

Which dealers are covered by the Safeguards Rule?


The Safeguards Rule applies to all dealers who are "financial institutions" under GLB [Gramm-Leach-Bliley Act] and the Privacy Rule. In other words, any dealer who is "significantly engaged in financial activities" is a financial institution.  

"Financial activities" include such things as entering into finance or lease transactions with consumers. It also includes insurance transactions, but those are governed by rules set by state insurance commissioners.


The FTC has never defined the phrase "significantly engaged." But as a rule of thumb, a dealer should consider himself "significantly engaged" in financial activities for purposes of the Safeguards Rule if the dealership regularly enters into retail installment sale contracts and/or lease agreements with consumers, even if the sales and lease contracts are immediately assigned to a bank or finance company. 

What information is covered by the Safeguards Rule?


The Safeguards Rule requires you to adequately protect and safeguard "Customer Information." Customer Information is "any record containing ‘nonpublic personal information’ as defined [in the Privacy Rule] about a customer of a financial institution, whether in paper, electronic, or other form, that is handled or maintained by or on behalf of you or your affiliates." 

In general, Customer Information is information about a consumer with whom the dealership entered into a finance or lease transaction; for example, information contained in a consumer’s credit report or credit application, account numbers, bank balances, etc.

It includes not only customer information gathered by the dealership, but also information about the customers received from other financial institutions (e.g. banks, finance companies, other dealerships, etc.). Even lists of the names of finance or lease customers would be covered by the Safeguards Rule.


An important note here—while Customer Information includes information related to insurance transactions, the Safeguards Rule does not apply to such information. 

That is because GLB requires each state’s Insurance Department to issue its own safeguards rule with respect to customer information relevant to insurance transactions.


This article is excerpted from an NADA guide, "A Dealer Guide to Safeguarding Customer Information." The guide can be ordered online or by calling the NADA at 800-252-6232 ext. 2.