Notifications & Messages

Jared Hamilton
From: Jared Hamilton
Hey - It’s time to join the thousands of other dealer professionals on DrivingSales. Create an account so you can get full access to the articles, discussions and people that are shaping the future of the automotive industry.
Amy Taggart

Amy Taggart Marketing Manager

Exclusive Blog Posts

Click-to-Call [Infographic]

Click-to-Call [Infographic]

  Most dealers understand the importance of making it easy for customers and prospects to find contact information. Websites often have prominent &…

Quick Tips for Improving Dealership Culture

Quick Tips for Improving Dealership Culture

Car dealers have a terrible reputation. It's such a negative experience for so many that people are electing to make a major purchase like a vehicle fr…

The Biggest Mistake Dealers Make When It Comes to Customer Retention

The Biggest Mistake Dealers Make When It Comes to Customer Retention

Jim Roche is the Divisional VP of Marketing & Managed Services at Xtime. We asked him to tell us the biggest mistake he sees dealers making today when …

Is 2018 the Year of Customer Convenience?

Is 2018 the Year of Customer Convenience?

It seems that every year has a theme attached to it in terms of where dealerships’ focus will be. Which themes or buzzwords will dominate 2018? We…

Upcoming Webinar: Show with Your Showroom, Sell with Your Website

Upcoming Webinar: Show with Your Showroom, Sell with Your Website

Today's customers walk into your showroom better-informed than ever before. Because they've done their research ahead of time, 89% walk into t…

Best Practices for Consumer Privacy Compliance (Part II)

Last week we took a look at best practices for handling consumer data offline. This week, we're taking a closer look at online practices.

Remember, always consult your lawyer when working with consumer data -- we've got best practices for you and your best interests at heart, but they're the ones who will make sure you've got all the legal questions covered.

On we go!


Privacy Policy

As thrilling as it is to watch you dealers migrate your store marketing to the web, there are still some places where you need to do your homework. Featuring a privacy policy on your website is one of them. (Wrote about this recently, too.)

If you’ve been paying attention, you know that you need a privacy policy if you’re collecting consumer information. The U.S. federal government requires that you describe what you’re gathering and why, and how it will be used. Your website visitors also need to be able to find it easily, which means it needs to be linked on each page and featured prominently on any of your contact forms.

Here’s a sample of what one looks like: this is the policy we have developed to use with our network of websites that car buyers use to apply for financing. Since they’re filling out a full application, including employment information and SSN, we have to be sure that we make clear what our intentions are for the information they’re sharing.

We spent a lot of time with our legal team developing this policy, which includes clear language describing what we do, why we do it, and how. It also gives the consumer the opportunity to limit how we share information, or to opt out of the process altogether. This is especially important to ensure compliance with federal regulations governing the use of the data - similar to CAN-SPAM on the email front.

This policy also addresses some specific questions the consumer might have, such as “How does [company] protect my personal information?” and “Why can’t I limit all sharing?” These are important considerations that a savvy potential customer will take a look at before deciding to share their sensitive data.

It should be noted that you can't just crib the privacy policy we've shared here - you need to work directly with legal counsel well-versed in these laws in order to develop your own.  If you copy someone else’s and run into legal trouble, you will have no recourse if you haven’t dotted your “i”s and crossed your “t”s.



After you put together your privacy policy to describe how you’re going to handle their data, you need to make sure that the method you’re using to capture that information is completely secure.

If you’re using a financial application on your dealership website, you need to make sure that it is using encryption technology to protect the bits and bytes that are moving through your system.

You’d be surprised how many dealers’ websites have financial applications - including those built by some reputable website providers - that are written in unencrypted HTML and do not include “https://” in the URL. That means that the information is wide open. If you’ve got someone on your website who knows anything about data leaks on the Internet, they will not submit their application if they recognize that it’s not being protected.

If you're using a website provider, ask them whether the data is secure, and how. If you don’t hear terms like “SSL”, “site certificate” and “encryption” as part of the conversation, you are not getting the best tool for collecting consumer information from your website visitors.

Take a look at our flagship consumer finance site,, as an example. When you hit the home page, we feature trust symbols from the Better Business Bureau and security services industry leader Network Solutions. When you click through to our finance application, you will immediately notice the “locked” symbol in the URL and “https://” as part of the address string. All of these elements -- and a strong domain name -- help to make it the best-performing consumer finance site in our network.

We also offer our expertise to the members of the Dealer Network, in the form of a customizable application. No muss, no fuss - we can create a secure financial application using your dealership’s branding that you can then use in conjunction with your website, regardless of who built your website and where it is hosted.


Consumer Consent Part II

You might not expect to see this again under online best practices, but think about it from their perspective. If a consumer is not actively engaged with you and sees a hard credit pull on their report - and many of them will - they will interpret that as a fraudulent action on your part and potentially sue your dealership. As far as they know, their financial information has been compromised, and you are responsible. Might sound far-fetched, but we’ve seen it happen.

That makes it worth mentioning again.

You have a legal and moral obligation to make sure that your prospects are aware when you are acting in a way that can potentially affect their credit. Period.



It is entirely up to you to make sure that you're on the right side of the law and tenaciously guarding this sensitive information.  Most of the dealers we see out there are using these best practices, which is great. It’s the bad actors that make it tough for the rest of us.

When you follow these best practices, you are ensuring the safety and security of sensitive personal information for your customers. Put a consistent process in place for handling consumer data, both offline and online. Protect your store and your customers.

If you treat them well, these consumers will expand your business by referring their friends and returning to buy more cars from you. Treat them poorly, and you can expect them to talk to their lawyers.

Be sure to speak to yours when you're setting up to ensure that you're following the letter of the law.

 Unlock all of the community & features  Join Now