Franchised dealerships in the Golden State now have another resource to foster compliance with privacy regulation set to be implemented in less than a year.
According to a news release distributed on Tuesday, Helion Technologies has partnered with the California New Car Dealers Association (CNCDA) to educate dealers on how to comply with the California Consumer Privacy Act (CCPA). Officials explained the sweeping new privacy law takes effect in January, imposing new data security standards on dealerships located in California as well as third-party vendors that access and/or store customer data from these dealerships.
In a nutshell, Helion Technologies indicated the CCPA requires businesses to implement “reasonable measures” to protect consumers’ personal data. The California attorney general defined “reasonable measures” as compliance with 20 controls established by the Center for Internet Security.
“For most dealers, compliance will require significant upgrades to their software, hardware and data security equipment,” said Erik Nachbahr, president and founder of Helion Technologies. “Additionally, dealerships will need to implement internal processes designed to keep data safe, and provide their employees with security awareness training.”
Helion Technologies indicated the CCPA applies to any business that meets one of these requirements:
1. Grosses $25 million or more in revenue
2. Buys, sells or shares personal information for 50,000 or more consumers
3. Derives 50% or more of its revenues from selling consumers’ personal information
The firm pointed out that many dealerships meet the first two requirements. In addition to dealers, the CCPA applies to third parties located outside of California. This situation means that auto manufacturers, dealership management software (DMS) vendors, CRM vendors, marketing vendors and any other entity that dealers share their customers’ personal information with, must also comply with the new law.
Helion Technologies went on to note the CCPA gives more rights to consumers related to how dealerships may collect and use their information. Once the laws take effect, upon a request from a consumer, the firm said dealers will be required to:
• Correct inaccurate consumer data
• Delete the consumer’s personal data unless it’s necessary to do business, as well as delete all of their data from the databases of third parties with which you’ve shared such information
• Restrict processing or sharing of information if the consumer objects to its usage for reasons not related to the purpose for which it was collected; such as usage in direct marketing
• Allow customers to easily opt-out of having their personal information sold to a third party
Dealerships are also required to proactively provide full disclosure to consumers about what their data is used for, who it gets shared with and for what purpose, at the time said data is collected, according to Helion Technologies.
The firm added non-compliance may result in fines and a flood of litigation from consumers.
“CNCDA is excited about our new partnership with Helion and the technical expertise they will bring to our members. We are committed to supporting the necessary outreach and critical education so that California dealers better understand the legal requirements of the CCPA, as well as the most cost-effective ways to keep their dealerships in compliance,” CNCDA president Brian Maas said.
“Helion’s knowledge in data security and technology will be enormously helpful to our dealer members as they navigate bringing their networks up to CCPA standards,” Maas added.
The pending regulation will be discussed in even more detail during the Automotive Intelligence Summit. Mary Ross, president of Californians for Consumer Privacy, and former CIA Counterintelligence Officer and counsel on the House Intelligence Committee, will explore the intersection of data privacy and big data during the event, which runs July 23-25 in Raleigh, N.C. Early bird registration discounts are already available.