FTC Announces Top Ten Consumer Complaints of 2013

Published on

On Thursday, the Federal Trade Commission released its top consumer complaints for 2013. Of the 2 million consumer complaints that the FTC received, 290,056 (14 percent) were related to identity theft. This is no surprise considering the recent “Target Hack” headlines. During the height of holiday shopping, Target announced that any credit or debit card used in a Target store in the United States between November 27 and December15, 2013 may have been compromised. It is approximated that this recent security breach affected as many as 110 million customers.

Also making the FTC’s Top Ten List are auto-related complaints, estimated at 4 percent. While this is the exact same percentage of auto-related complaints the FTC received last year, the actual number of complaints has increased by over 4,000 in 2013. The combination of these two facts can lead to only one conclusion: it is more important than ever that automobile dealerships update their Identity Theft Prevention Programs and take steps to protect DMS data in their daily operations

The FTC enforces the Red Flags Rule, which requires dealers and others to create and implement an Identity Theft Prevention Program. In addition to negative press, non-compliance can bring penalties. In the event of any knowing violation of the rules, the FTC may commence a civil action and may seek pecuniary penalties not to exceed $2,500 per infraction. For a list of practical issues dealers should be aware of in updating their Red Flags Compliance Program please read my previous post from August 13, 2013 entitled Is Your Red Flags Program up to Date?

Dealerships may also consider working with vendors that implement safeguards to protect the data in their Dealership Management System (DMS). As part of their daily operations, dealers collect a significant amount of non-public personal information (NNPI) from customers, which is then stored in the DMS. Therefore, as a means of preventing identity theft, a dealership might consider entering into a strong and enforceable agreement with a vendor that specifically addresses the protection of NPPI. And because an NPPI agreement is only as good as the vendor’s collectability in the event of a data breach, another good practice is to vet vendors to understand their method of access, usage of the data and, to the extent they are engaged to push data to another entity, their data delivery system. This may allow a dealer to choose, all other things remaining equal, a vendor that will leave it less vulnerable to DMS data breaches.

To assist dealers in protecting their data, on August 28, 2013, the National Automobile Dealers Association drafted a set of guidelines regarding data protection and third party access to Dealer Data. For more information on finding ways to better protect your DMS data, contact a knowledgeable automotive industry attorney.