Notifications & Messages

Jared Hamilton
From: Jared Hamilton
Hey - It’s time to join the thousands of other dealer professionals on DrivingSales. Create an account so you can get full access to the articles, discussions and people that are shaping the future of the automotive industry.
Amy Taggart

Amy Taggart Marketing Manager

Exclusive Blog Posts

Women in the Dealer Workforce: Where We Are & Where We Can Go

Women in the Dealer Workforce: Where We Are & Where We Can Go

It’s no secret that women make up a small portion of the dealer workforce and turnover among women is high. By not attracting and retaining women in the …

Car Subscriptions - Q and A with Bill Playford

Car Subscriptions - Q and A with Bill Playford

I had the chance to interview Bill Playford about car subscription services, and how they're going to change the marketplace. Take a look what this ins…

Be The Exception

Be The Exception

How brilliant marketers find and follow what makes their stories different in a world full of average content DrivingSales is excited to announce th…

Keeping Up with the Joneses in Quick Lube

Keeping Up with the Joneses in Quick Lube

More than half of all sales customers will abandon your dealership’s service department in the first year. It’s a widely varying statistic &nda…

It Has Never Been Easier To Be Average

It Has Never Been Easier To Be Average

It has never been easier to be average. This post was written by Jay Acunzo, who will be speaking at the upcoming DrivingSales Executive Summit in Octob…

Best Practices for Consumer Privacy Compliance (Part II)

Last week we took a look at best practices for handling consumer data offline. This week, we're taking a closer look at online practices.

Remember, always consult your lawyer when working with consumer data -- we've got best practices for you and your best interests at heart, but they're the ones who will make sure you've got all the legal questions covered.

On we go!


Privacy Policy

As thrilling as it is to watch you dealers migrate your store marketing to the web, there are still some places where you need to do your homework. Featuring a privacy policy on your website is one of them. (Wrote about this recently, too.)

If you’ve been paying attention, you know that you need a privacy policy if you’re collecting consumer information. The U.S. federal government requires that you describe what you’re gathering and why, and how it will be used. Your website visitors also need to be able to find it easily, which means it needs to be linked on each page and featured prominently on any of your contact forms.

Here’s a sample of what one looks like: this is the policy we have developed to use with our network of websites that car buyers use to apply for financing. Since they’re filling out a full application, including employment information and SSN, we have to be sure that we make clear what our intentions are for the information they’re sharing.

We spent a lot of time with our legal team developing this policy, which includes clear language describing what we do, why we do it, and how. It also gives the consumer the opportunity to limit how we share information, or to opt out of the process altogether. This is especially important to ensure compliance with federal regulations governing the use of the data - similar to CAN-SPAM on the email front.

This policy also addresses some specific questions the consumer might have, such as “How does [company] protect my personal information?” and “Why can’t I limit all sharing?” These are important considerations that a savvy potential customer will take a look at before deciding to share their sensitive data.

It should be noted that you can't just crib the privacy policy we've shared here - you need to work directly with legal counsel well-versed in these laws in order to develop your own.  If you copy someone else’s and run into legal trouble, you will have no recourse if you haven’t dotted your “i”s and crossed your “t”s.



After you put together your privacy policy to describe how you’re going to handle their data, you need to make sure that the method you’re using to capture that information is completely secure.

If you’re using a financial application on your dealership website, you need to make sure that it is using encryption technology to protect the bits and bytes that are moving through your system.

You’d be surprised how many dealers’ websites have financial applications - including those built by some reputable website providers - that are written in unencrypted HTML and do not include “https://” in the URL. That means that the information is wide open. If you’ve got someone on your website who knows anything about data leaks on the Internet, they will not submit their application if they recognize that it’s not being protected.

If you're using a website provider, ask them whether the data is secure, and how. If you don’t hear terms like “SSL”, “site certificate” and “encryption” as part of the conversation, you are not getting the best tool for collecting consumer information from your website visitors.

Take a look at our flagship consumer finance site,, as an example. When you hit the home page, we feature trust symbols from the Better Business Bureau and security services industry leader Network Solutions. When you click through to our finance application, you will immediately notice the “locked” symbol in the URL and “https://” as part of the address string. All of these elements -- and a strong domain name -- help to make it the best-performing consumer finance site in our network.

We also offer our expertise to the members of the Dealer Network, in the form of a customizable application. No muss, no fuss - we can create a secure financial application using your dealership’s branding that you can then use in conjunction with your website, regardless of who built your website and where it is hosted.


Consumer Consent Part II

You might not expect to see this again under online best practices, but think about it from their perspective. If a consumer is not actively engaged with you and sees a hard credit pull on their report - and many of them will - they will interpret that as a fraudulent action on your part and potentially sue your dealership. As far as they know, their financial information has been compromised, and you are responsible. Might sound far-fetched, but we’ve seen it happen.

That makes it worth mentioning again.

You have a legal and moral obligation to make sure that your prospects are aware when you are acting in a way that can potentially affect their credit. Period.



It is entirely up to you to make sure that you're on the right side of the law and tenaciously guarding this sensitive information.  Most of the dealers we see out there are using these best practices, which is great. It’s the bad actors that make it tough for the rest of us.

When you follow these best practices, you are ensuring the safety and security of sensitive personal information for your customers. Put a consistent process in place for handling consumer data, both offline and online. Protect your store and your customers.

If you treat them well, these consumers will expand your business by referring their friends and returning to buy more cars from you. Treat them poorly, and you can expect them to talk to their lawyers.

Be sure to speak to yours when you're setting up to ensure that you're following the letter of the law.

 Unlock all of the community & features  Join Now