Timonium, MD – Helion Technologies has partnered with the California New Car Dealers Association (CNCDA) to educate dealers on how to comply with the California Consumer Privacy Act (CCPA). The sweeping new privacy law takes effect in January 2020, imposing new data security standards on dealerships located in California, as well as third-party vendors that access and/or store customer data from these dealerships.
In a nutshell, the CCPA requires businesses to implement “reasonable measures” to protect consumers’ personal data. The CA Attorney General defines “reasonable measures” as compliance with 20 controls established by the Center for Internet Security.
“For most dealers, compliance will require significant upgrades to their software, hardware and data security equipment,” said Erik Nachbahr, president and founder of Helion Technologies. “Additionally, dealerships will need to implement internal processes designed to keep data safe, and provide their employees with security awareness training.”
“CNCDA is excited about our new partnership with Helion and the technical expertise they will bring to our members. We are committed to supporting the necessary outreach and critical education so that California dealers better understand the legal requirements of the CCPA, as well as the most cost-effective ways to keep their dealerships in compliance,” said Brian Maas, president of CNCDA. “Helion’s knowledge in data security and technology will be enormously helpful to our dealer members as they navigate bringing their networks up to CCPA standards.”
The CCPA applies to any business that meets ONE of these requirements:
- grosses $25 million or more in revenue
- buys, sells or shares personal information for 50,000 or more consumers
- derives 50% or more of its revenues from selling consumers’ personal information
Many dealerships meet the first two requirements. In addition to dealers, the CCPA applies to third parties located outside of California. This means that auto manufacturers, dealership management software (DMS) vendors, CRM vendors, marketing vendors and any other entity that dealers share their customers’ personal information with, must also comply with the new law.
The CCPA gives more rights to consumers related to how dealerships may collect and use their information. Once the laws take effect, upon a request from a consumer, dealers will be required to:
- Correct inaccurate consumer data
- Delete the consumer’s personal data unless it’s necessary to do business, as well as delete all of their data from the databases of third parties with which you’ve shared such information
- Restrict processing or sharing of information if the consumer objects to its usage for reasons not related to the purpose for which it was collected; such as usage in direct marketing
- Allow customers to easily opt-out of having their personal information sold to a third party
Dealerships are also required to proactively provide full disclosure to consumers about what their data is used for, who it gets shared with and for what purpose, at the time said data is collected.
Non-compliance may result in fines and a flood of litigation from consumers.