The California Consumer Privacy Act, which goes into effect in 2020, sets up new challenges for businesses operating in the state. While technology companies may be the most affected, almost every business today relies on customer data to some degree, and auto and truck dealerships are no exception.

Does the CCPA apply to my dealership?

Most dealerships do not gain more than 50% of their revenue from selling consumer data, nor do they sell the records of more than 100,000 consumers. These are two of the three ways of determining if the CCPA applies to your business. But many dealership groups will be caught by the third: more than $25 million in annual gross revenue. If your dealership is above this threshold or close to it, you should expect to be subject to the CCPA.

The presence of the CCPA provides an opportunity to assess and improve your current data security practices. To help get you started, here’s a handy roadmap with some key steps to complying with the new law:

  • Take an inventory of all the ways your dealership collects customer information. This may include online forms, paper forms, and information obtained over the phone. Make sure to capture every one of these. Your IT service provider can help with this process.
  • Take an inventory of any information your dealership discloses to third parties. Dealerships sometimes develop strategic partnerships that involve the transfer of customer data to other businesses. Be sure to record all of these relationships, how they’re managed, and what specific data is being shared.
  • Develop policies for dealing with all data collected after January 1, 2020. To stay in compliance with the law, you must have ways of removing this data from your system upon customer request as well as an easy way to track what you store. Keep in mind that financial information may be excluded from the CCPA and covered under other applicable federal laws like Gramm-Leach-Bliley. It may be necessary to separate these pieces of information from each other (if they’re not already sequestered).
  • Work with your IT service provider to organize and secure past data. All of the consumer information that you currently have saved may be relevant to future CCPA compliance requirements, and it’s important to be able to easily sort and categorize it. Work with your IT service provider to ensure that you’ll be able to comply with the law.
  • Have a series of meetings to inform employees about relevant changes. All customer-facing employees should be given some training about complying with the law. This should cover properly entering data into the computer system and what must be explained to the customer when this happens. By making sure all relevant employees know what to do, you can help avoid costly mistakes.
  • Update your website to include opt-out instructions. One of the key components of the CCPA is that you must make it easy for customers to opt out of third-party data sharing. At least two methods must be made available. Telephone and web are the most common options. Work with employees and your IT team to make sure phone reps can fulfill these requests. Be sure to also include a form on your website, alongside updated text about data collection policies and CCPA rights.
  • Stay updated about the CCPA in order to learn about any additional best practices. The actual rollout of the law will likely reveal some hiccups in the process, and these will be covered by the press and industry journals. Dealer IT professionals are another great resource. By staying up to date, you can learn from the experiences of other businesses facing similar regulatory burdens and avoid costly lawsuits and fines.

While the passage of the CCPA presents some challenges, it also represents an opportunity to improve your data management policies and IT systems. Complying with the CCPA isn’t just about following the law, but also about building consumer trust.

Is your dealership ready for the CCPA? Contact Us.