Many car dealers wonder if they need to make sure they are in compliance with the recently enacted CCPA or California Consumer Privacy Act of 2018 which went into affect January 1,2020. According to the compliance guidelines if the following is true you will need to make some changes to the way you handle personal data of anyone visiting your website:
The CCPA applies to any business, including any for-profit entity that collects consumers’ personal data, which does business in California, and satisfies at least one of the following thresholds:
- Has annual gross revenues in excess of $25 million;
- Buys or sells the personal information of 50,000 or more consumers or households; or
- Earns more than half of its annual revenue from selling consumers’ personal information.
If you meet any of the above you are required to “implement and maintain reasonable security procedures and practices in protecting consumer data”.
For the full breakdown of if you dealership meets these requirements, see the official documentation on the governement website here.
Most car dealerships will not fall into any of these categories, and would therefore not be subject to be in compliance with this law. However, it does raise the serious question of how are the used car dealerships current policies in handling sensitive customer information? This could be in digital form via your website, or physical form when you make a copy of a drivers license before a test drive. You will want to discuss that with your business or legal professional, and this is a conversation that every dealership should have.
Obviously this is not a legal blog and we offer no advice on the matter of used car dealer privacy compliance. However, privacy is something that every car dealer should pay close attention to and that needs to be investigated. For further reading check out this website dedicated to the CCPA and this excellent article written by JD Supra.