On July 1, 2001 the Privacy Act notifications that were enacted back on November 13, 2000 take effect. There is a lot of information that is not yet agreed upon by the active thinkers in the automotive world and thus there are many interpretations of the law's efffects. I have used the information available in the "Federal Register" as submitted by the Federal Trade Commission (16 CFR Part 313) to form my thoughts. I am not a lawyer and do not offer legal opinions so you are on your own. However, I have formed some ideas of my own as I read the new law as presented by the FTC and my ideas are expressed below. This entire article is intended for licensed used car dealers who do not sell or give their customer names to other parties to solicit product sales that were not already agreed to at the time of the initial finance agreement. If you do sell or give out customer information to other people or companies for follow-up sales, this explanation is not for you. .

The Gramm-Leach-Bliley Act (GLB). The background of this new law is a little confusing. It is my belief that it began as a bill to offer relief to banks, securities firms, and insurance companies from a 1933 Federal law that was enacted to inhibit certain types of financial companies from offering similar types of products or services that were offered by certain other types of financial companies. Thus banks, securities companies and insurance companies could not offer competing lines of products and services that the other offered because federal (and in some cases, state) law prohibited it. As time passed, loopholes were found in the law that would somewhat allow banks to offer certain types of securities and would also allow securities companies to form "non-bank" banks to offer credit cards and other banking products. But, this level of doing business was not enough to satisfy the desires of the financial companies who wanted to do it all with minor limitations. Thus, enters the new "privacy laws". It sounds like a wonderful thing for the people. In fact it is. But... its main thrust is as a bonus to the major financial institutions to allow them to offer many heretofore restricted products and services. Along with this new freedom for banks, security firms and insurance companies comes an accompanying restriction to protect the public's right to privacy when those companies begin sharing information about customers and their private information with related and unrelated companies. If sharing is with unrelated companies, you must give the customer the option to not have his name shared (Opt out) between companies. While the push for this new flexibility came from the big companies, the little ones feel the shock effects. Thus it is that no matter how big or small your company is, the simple act of getting any private information from a customer brings the one who acquires the information under the watchful eye of the GLB act. And, that is not really bad. It is only bad when people try to read more complexity into the act than is necessary.

Is this guy a Consumer or a Customer? This question has now become important because it determines how you deal with people. A consumer is anyone who stops and looks at your products, whether he buys or not. If in the process of him looking, you ask for and take information about his private life that is not ordinary public information, you have turned him into a customer, no matter whether he buys or not. (In truth, the FTC position is that if you just destroy his application when he does not buy, there is no real need for a privacy notice and he does not really become a customer... I choose to err on the side of caution so I have chosen the position that if you take privacy information you should give him a privacy notice just as though he were a customer.) Customers get Privacy notices... other consumers do not. If the only information you take is readily available from sources such as the phone book or the public DMV data base, that is not private information and thus no privacy notice is involved even if the consumer buys something and becomes a customer. But, if you gather information about him that is not public such as a credit application, he is now turned into a privacy notice receiving customer. Remember, the GLB act does not define a customer relationship solely by the execution of a written contract. Just filling out the credit application is enough.

Sale for cash. Since you do not need to take private information to consumate the sale, you do not need to provide a privacy notice. The only information you ask the customer for is readily available in the phone book or the public DMV data base. If you are going to give or sell his information to some other company to solicit him for another product, you have now entered into the world of GLB and should consider privacy and opt out notices. If he informs you that he has an unlisted phone number or that he has requested DMV to not disclose his registration information then that would make his input private and I would offer him a privacy notice. But the normal used car dealer who sells for cash doesn't get involved with all of that... therefore he is really no different from the department store that makes a cash sale. No notices required. If you want to err on the side of caution, give everyone a privacy notice and then you really don't care if he has an unlisted number.

Third party finance. If you are a car dealer who is acting as the front man for a bank or finance company who actually lends the money, you still have a responsibility to the customer. If you take any credit information from him you are obliged to give him a privacy notice at once (whether he buys or not). If the servicing of his account is then sold to a financial institution then that institution will now have a customer relationship with the buyer and you will now go back to having a consumer relationship.

Buy-here Pay-here. If you are a dealer who finances his own customers, then you are also a financial institution. When you took a credit application, the consumer became a customer. The customer must be given a privacy notice whether he buys or not. If he buys, you should also send him an annual privacy notice because of the fact that he now has an active on-going relationship. There is no reason for different wording on either the initial notice or the annual one. If you first finance the customer as a BHPH borrower and then sell the contract to another finance company, that finance company now has to send an initial privacy notice within 30 days and then an annual notice because your customer has now become his. The fact that you sold the account now makes him no longer your customer but now he is your consumer again and no additional notices are required from you.

Privacy notice. The FTC provides sample notices for different types of financial institution situations. You must remember that these notices only apply when a customer is a person making a transaction for personal, family or household purposes. If your customer is a business the GLB act does not apply. The privacy notice for financial institutions that do not give or sell privacy information to non-related parties is as follows:

We collect nonpublic personal information about you from the following sources:

Information we receive from you on applications or other forms;

Information about your transactions with us or others; and

Information we receive from a consumer reporting agency.

We do not disclose any nonpublic personal information about you to anyone, except as permitted by law.

If you decide to payoff your loan(s), we will adhere to the privacy policies and practices as described in this notice.

We restrict access to your personal and account information to those employees who need to know that information to provide products or services to you.

We maintain physical, electronic, and procedural safeguards that comply with federal standards to guard your nonpublic personal information.

Your confidence is important to us. If we can be of service in any way, please contact us.