Counselor’s Corner JULIE CARDOSI Law Office of Julie A. Cardosi, P.C. Application of Federal Privacy Laws – Dealership Customer Records Subject to Subpoena – How Should the Dealership Respond? It is not uncommon for a dealership to receive a subpoena commanding production of customer records or information. With the presentday labyrinth of federal, state and local laws governing the privacy of customer information, how does the dealership respond? Working with legal counsel, dealerships should understand how to respond when they receive a subpoena for customer records and information. They should know what the governing privacy laws are, what privacy rights those laws seek to protect and how those laws may apply when a subpoena is received. There are several privacy-related federal and state laws that protect customers’ privacy rights and information in their transactions with a dealership. This article focuses on several federal laws in the context of the dealership’s receipt of a subpoena. First, the Gramm-Leach-Bliley Act (“GLBA”) requires financial institutions – including auto dealerships – to safeguard the confidentiality of customer information. 15 U.S.C. § 6801, et seq. Dealerships are subject to the requirements of the GLBA and the Safeguards Rule, as recently amended,i to protect the security and privacy of customer financial information. The GLBA mandates an “affirmative and continuing obligation” to respect and protect the security, integrity and confidentiality of customer information. Under the GLBA, notices must be provided to customers regarding the dealership’s collection and information-sharing policies, and customers must be able to opt out if they do not want their information shared with nonaffiliated third parties. The GLBA limits only the disclosure of “nonpublic personal information,” which essentially includes any personally identifiable information about a customer, created through utilization of personally identifiable information that is not publicly available. The GLBA allows for certain exceptions for providing information for which the customer cannot choose to opt out. The Right to Financial Privacy Act (“RFPA”) affords customers the right to be informed by the government before it obtains nonpublic information. 12 U.S.C. §3401, et seq. The RFPA protects customer records, maintained by dealerships, from improper disclosure to officials or agencies of the federal government. The RFPA also prohibits dealerships from disclosing to the federal government records, without the government first notifying the customer and allowing for passage of a prescribed waiting period. Importantly, the RFPA only applies to the federal government. The RFPA does not apply to requests made by state or local government or private parties. Under the USA Patriot Act, the government is permitted to obtain personal information about a customer without the customer knowing or obtaining consent from the customer. The Patriot Act requires financial institutions, including auto dealerships, to report a suspicious transaction or activity without notifying the customer. 10 Automobile Dealer News illinoisdealers.com
RkJQdWJsaXNoZXIy ODQxMjUw