FTC Safeguards Rule Changes on June 9, 2023

Critical Information for Dealerships, Auto Finance and Service Providers
Browse Our Free White Papers

Personal Data Collected by Cars Increasingly at Odds with the Law

Regulatory Environment

Personal Data Collected by Cars Increasingly at Odds with the Laws – Both New and Old:

  • State
  • Federal
  • International

Growing FTC Attention

NIADA Rates Privacy as #2 Regulatory Risk for Dealers (after recalls)

  • FTC Guidance Documents
  • FTC Deletion Rule Risk
  • FTC GLB Privacy Rule Risk

Class Action Suits

Sixt, Avis, Hertz and Enterprise Already Sued

  • One suit already in Discovery
  • Significant cost to defend
  • Multimillion dollar damages possible

Hear what top privacy and vehicle compliance experts say:

Watch Our Workshops
$0

State Regulation Risks

Fines and penalties typically range from $500 to $7,500 per occurrence

State Privacy Laws

  • Famously CCPA in CA, but about 1/3 of the states have privacy proposals

State UDAP Laws

State Data Security Laws

  • 24 States have requirements for private entities by statute
  • 32 States have requirements for government entities by statute (e.g. apply to government fleets)
  • Other Laws (e.g. biometrics in IL)

Growing FTC Attention

UDAP penalties up to $43,280 per violation

FTC Posts on the topic:

For Car Rentals (August 2016)  |   For Fleets (August 2018)  |   For Consumers (August 2018)

The First Class Action Suits Already in Play

Greenley v. Avis Budget Group, Inc

Mitton v. Inc
Hertz Global Holdings, Inc

Ayala v. Sixt Rent A Car, LLC.

Kramer v.Enterprise Holdings, Inc.

SIXT case made it to Discovery

Defense costs alone: six-figures

Settlement likely to put damages at well over seven figures plus plaintiffs’ attorney’s fees