Dealers must develop, implement, maintain, and regularly audit a comprehensive security program to protect customer information. Under the FACT Act, dealers are required to respond to identity theft victim requests for records and imposes responsibilities on users of credit reports and persons who furnish information to consumer reporting agencies.These rules add new anti-identity theft and creditor responsibilities to the current FCRA guidelines. A well-developed prevention program will help to mitigate fines, fees, and penalties as well as increases consumer confidence.

Dealerships are highly regulated organizations that handle large amounts of sensitive data. A breach can harm the reputation and also the bottom line.


Most of the following rules should be considered as part of your data breach prevention program;

  • Fair Credit Reporting Act (FCRA)
  • Fair and Accurate Credit Transactions (FACT) Act
  • Disposal Rule
  • Fraud/Active Duty Alerts
  • Medical Information Rule
  • Prescreen Opt-Out Disclosure Rule
  • Red Flags and Address Discrepancy Rules
  • Truncation of Credit/Debit Card Numbers
  • Victim Requests for Records
  • Gramm-Leach-Bliley Act (GLB Act): Privacy Rule
  • GLB Act: Safeguards Rule


  • 76% of companies that experienced a breach of customer data believed the incident had a moderate or significant impact on the organization’s reputation.
  • 59% of it workers have experienced two or more data breaches in the past 12 months at their organizations.
  • In 2010, the average cost for companies per breached record was $214, up from $204 in 2009.
    -2ponemon institute, “2010 u.s. cost of a data breach.” (2011)