In the rapidly changing world of digital retail, maintaining the integrity and security of Customer Non-Public Personal Information (NPI) is more than just best practice—it's critical. Service providers (DMS, CRM, etc) must comply with the Graham-Leach-Bliley Act’s (GLBA) Safeguards, especially when it comes to the sharing of dealer data with other service providers. This was made clear in the 2019 Federal Trade Commission (FTC) Consent Order issued to DealerBuilt and is applicable to every service provider working with dealers today.
Motive Retail Blog
In an era where personal data is one of the most valuable commodities, ensuring its security has become an urgent concern for both companies and regulators. An important warning for dealers and their Dealer Service Providers (DSPs) is the recent data breach that affected Clearwater Credit Union and several other financial institutions due to the security vulnerabilities present in a vendor’s software, MOVEit. Clearwater, a financial institution with nine locations and being roughly the same size as a small dealer group, probably never envisioned being caught in a massive data breach spanning dozens of countries and potentially hundreds of companies.
As the regulatory landscape around consumer data handling continues to evolve, Dealer Service Providers (DSPs) must keep up with compliance standards governing how they protect consumer data. With more stringent legislative requirements over consumer data rights and an increased focus on data security, managing this responsibility is critical.