Personal Data Collected by Cars Increasingly at Odds with the Law

Typical Fines/Damages per VIN:

  • State data security laws: $500 and up
  • State Privacy laws (e.g. CCPA) $1500-7500
  • UDAP laws: up to $43,250
  • Does not include cost of litigation & business disruption

VIDEO: Privacy4Cars Founder Andrea Amico discusses Regulatory issues with well-known compliance expert Randy Henrick

Personal Data Collected by Cars Increasingly at Odds with the Laws – Both New and Old:

  • State
  • Federal
  • International

NIADA Rates Privacy as #2 Regulatory Risk for Dealers (after recalls)

  • FTC Guidance Documents
  • FTC Deletion Rule Risk
  • FTC GLB Privacy Rule Risk

Sixt, Avis, Hertz and Enterprise Already Sued

  • One suit already in Discovery
  • Significant cost to defend
  • Multimillion dollar damages possible
$0

State Regulation Risks

Fines and penalties typically range from $500 to $7,500 per occurrence

State Privacy Laws

  • Famously CCPA in CA, but about 1/3 of the states have privacy proposals

State UDAP Laws

State Data Security Laws

  • 24 States have requirements for private entities by statute
  • 32 States have requirements for government entities by statute (e.g. apply to government fleets)
  • Other Laws (e.g. biometrics in IL)

Growing FTC Attention

UDAP penalties up to $43,280 per violation

FTC Posts on the topic:

For Car Rentals (August 2016)  |   For Fleets (August 2018)  |   For Consumers (August 2018)

The First Class Action Suits Already in Play

Greenley v. Avis Budget Group, Inc

Mitton v. Inc
Hertz Global Holdings, Inc

Ayala v. Sixt Rent A Car, LLC.

Kramer v.Enterprise Holdings, Inc.

SIXT case made it to Discovery

Defense costs alone: six-figures

Settlement likely to put damages at well over seven figures plus plaintiffs’ attorney’s fees