GA Motor Vehicle Franchise Practices Act (d) (1) A dealer data systems vendor shall adopt and make available a standardized integration framework that allows for integration through secure open APIs to authorized integrators. In the event that application programming interfaces are no longer the reasonable commercial or technical standard for secure data integration, a similar open access integration method may be provided to the extent such method provides the same or better secure integration to dealers and authorized integrators as a secure open API. Any dealer data systems vendor that utilizes STAR standards or comparable system shall comply with the requirements of this subsection. (2) A dealer data system vendor and authorized integrator: (A) Shall be authorized to integrate, or otherwise access, use, store, or share protected dealer data to the extent only outlined in and authorized by dealer data systems vendor contract or authorized integrator contract; (B) Shall provide that any dealer data systems vendor contract or authorized integrator contract may be terminated upon no more than 90 days’ notice from the dealer; and (C) Shall, in order to prevent any risk of consumer harm or inconvenience, ensure a secure transition of all protected dealer data to a successor dealer data systems vendor or authorized integrator upon notice of a dealer’s intent to terminate a dealer data systems vendor contractor authorized integrator contract. The requirements of this subparagraph may be satisfied by taking any of the following actions (i) Providing unrestricted access to all protected dealer data and all other data stored in the dealer data system within a commercially reasonable time and in a format that a successor dealer data systems vendor or authorized integrator is capable of accessing and using; (ii) Deleting or returning to the dealer all protected dealer data prior to termination of the contract pursuant to any written directions of the dealer; (iii) Providing a dealer, upon request, with a list of all entities with whom it is sharing or has shared protected dealer data or to whom it has allowed access to protected dealer data; and (iv) Allowing a dealer to audit access to and use of any protected dealer data by the dealer data systems vendor or authorized integrator access. (3) Any dealer data system vendor, authorized integrator, or third party acting pursuant to a written contract with or on behalf of a dealer shall indemnify the dealer for any third-party claims asserted against or damages incurred by the dealer from complaints, claims, or actions arising out of the willful, negligent, or impermissible use or disclosure of protected dealer data, consumer data, or authorized integrator, or third party. Such indemnification shall include, but not be limited to judgements, settlements, fines, penalties, litigation cost, defense costs, court costs, cost related to the disclosure of security breaches and attorneys’ fees arising out of complaints, claims, civil, or administrative actions. (e) A manufacturer, franchisor, distributor, or affiliate thereof, or any third party acting on behalf of a manufacturer, distributor, or affiliate thereof; data systems vendor; or dealer shall not prohibit a dealer from regularly and continually monitoring or auditing the specific data accessed from written to a dealer data system or from complying with applicable state and federal laws or any rules or regulations promulgated thereunder. This subsection shall not impose an obligation on a manufacturer, franchisor, distributor, or affiliate thereof, a data systems vendor, or a third party to perform such monitoring or auditing. (f) A manufacturer, franchisor, distributor, data systems vendor or any third party acting on behalf of a manufacturer, franchisor, distributor, data system vendor, or dealer shall not prohibit a dealer from copying, storing, or backing up data stored on its dealer data systems, or duplicating the critical components or functions thereof, for the purpose of allowing a dealer to restore business operations in the event of a security breach or other event that renders a dealer data system inoperable. This subsection shall not impose an obligation on a manufacturer, franchisor, distributor, data systems vendor, or third party to provide such WWW.GADA.COM | 63
RkJQdWJsaXNoZXIy MTg3NDExNQ==