View in browser.

700Credit to File a Consolidated Breach Notice with the FTC on Behalf of its Dealer Clients

The Federal Trade Commission (FTC) Safeguards Rule requires financial institutions (including dealers) to provide an electronic notice to the FTC as soon as possible and no later than 30 days after discovering a notification event involving the information of at least 500 consumers. A notification event is the unauthorized acquisition of unencrypted customer information.

Questions have arisen concerning whether the security incident recently reported by 700Credit triggers this requirement. If it does, each dealer client of 700Credit would be required to file a breach notification with the FTC and complete its data fields, including (among other entries) the types of information involved in and a summary of the notification event.

700Credit has filed a breach notice with the FTC on its own behalf, and 700Credit would like to file a consolidated breach notice with the FTC on behalf of its dealer clients.

Accordingly, NADA, in coordination with 700Credit counsel, proposed to the FTC that the FTC permit 700Credit to file a single electronic notice in this matter on behalf of all of its affected dealer clients.

In such notice, 700Credit would complete all of the required data fields based on available information, including the identity of its affected dealer clients. This would satisfy any reporting obligation the dealer may have under the FTC Safeguards Rule.

The FTC has accepted this proposal. Consequently, dealers have no obligation to file a breach notice with the FTC related to this matter.**

However, dealers are reminded that (i) the full range of FTC Safeguards Rule requirements remains in effect, and (ii) every state has a breach notification requirement, and the FTC’s acceptance of this proposal has no effect on state notification requirements.  Therefore, it is important for dealers to consult with legal counsel to ensure they are in compliance with any applicable state breach notification requirements.

700Credit will communicate directly with its dealer clients related to this matter.

- - -

** A dealer can opt out of having 700Credit handle this matter on its behalf, in which case the dealer will have to file a breach notice if the dealer determines that a notification event has occurred.

The foregoing is offered for informational purposes only and is not intended as legal advice. Consult legal counsel that is familiar with applicable federal, state, and local law for specific guidance on legal requirements applicable to your operations.

National Automobile Dealers Association, 8484 Westpark Drive, Suite 500, Tysons, Virginia 22102

If you do not wish to receive email messages promoting commercial products or services from NADA or its affiliated entities - click here to opt out