Consumer privacy is a hot topic this year. With the FTC’s new Safeguards Rule going into effect, your dealership has almost certainly begun looking at your data security and compliance procedures. Our dealers tell us that the new rules are some of the most challenging to put into place. Did you know that all third-party vendors (DMS, F&I, lenders, etc.) must also comply?
Helping you sleep at night.
Here's the good news: Priority One complies with all Safeguards regulations. In doing so, we help protect your customers and your business, too.
Safeguards is just one of many consumer data protections that you must have in place to run a dealership. Federal law also requires you to adhere to Red Flag Rules, not to mention the individual state laws that apply to your dealership.
More good news: Priority One checks Red Flags on customer data for all of our dealers and monitors your state laws to remain compliant.
Protecting your customers and your business.
We’ll avoid giving you the 100-page document that details our policies ad nauseam. We know you don’t have time for that. But we do want to assure you that our process is thorough and compliant. Below are some high-level steps that we take at Priority One to keep your customer information protected and your F&I reserve rolling in.
Red Flags Rule:
The following are potential Red Flags that we check on all applications submitted to Priority One.
Fraud Alert on a consumer’s credit bureau report
Credit/Security freeze from credit bureau
Address discrepancy between credit application and credit bureau
Name discrepancy between credit application and credit bureau
Suspicious, altered or forged identification documents
Social security number not issued, or reports as deceased on the Social Security Administration’s Death Master File
Information on ID does not match any address information on credit bureau
Suspicious addresses supplied such as a mail drop, prison, or phone is an answering service
Social security number matches one submitted by another person applying for credit
The person applying for credit is unable to supply identifying information in response to a notification that the application is incomplete
Safeguards Rule:
The Safeguards Rule requires nine key elements that are inherent to Priority One’s Information Security Program.
Designate a Qualified Individual to implement and supervise the company’s Information Security Program.
Conduct a risk assessment at least annually.
Design and implement safeguards to control the risks identified through the risk assessment.
Regularly monitor and test the effectiveness of established safeguards.
Conduct Security Training.
Monitor our service providers.
Keep the Information Security Program current.
Keep a written Incident Response Plan.
Regularly report to Executive Management.
State Compliance:
Since Priority One supports dealers nationwide, we monitor and comply with individual state laws regarding consumer protections. Consumer Privacy Laws and NAIC Insurance Laws are the two primary categories that these protections fall under.
Our Managing Director reviews new state legislation on a regular basis. Each quarter, laws that are anticipated to go into effect are reviewed by leadership to ensure our processes and technology meet upcoming requirements.
Meeting more than just the requirements.
As a division of Forest River, a Berkshire Hathaway Company, Priority One leverages the tools and resources provided to Berkshire Hathaway businesses to ensure we are meeting the highest standards of excellence in data security.
Earlier this year, Ernst & Young conducted a security audit of Priority One, where all policies and procedures were tested and documented. Additionally, we leverage endpoint security reports, code reviews, and penetration testing to regularly assess and restore system vulnerabilities.
As a Priority One dealer, you can rest easy knowing that you are working with a trusted, responsible and proactive partner. As data and security requirements continue to change, we have the processes in place to stand alongside you for the protection of your customers and your business.
