Tuesday, December 27, 2011

Legal Lessons to be Learned from the TrueCar Discussions

As the TrueCar debate rages on, one thing is certain: there is going to be increased scrutiny on auto sales practices by a number of state regulatory agencies. While TrueCar has a number of challenges to overcome and may be forced to alter their business model, the real concern is how these legal issues may affect dealers. Several state authorities have indicated that they will hold dealers responsible for any violations. It’s important that dealers are aware of these issues and protect themselves accordingly.

Brokering – TrueCar has been accused of operating as an illegal broker in some states due to their method of compensation (i.e. charging a fee for the sale of a vehicle). What has also come to light is that some states may also consider other common lead-provider compensation arrangements to be illegal as well. For instance, the Virginia Motor Vehicle Dealer Board has indicated that "motor vehicle dealers may only compensate an unlicensed third party vendor by flat payment structure (e.g., per month) rather than per sale, per referral, or any other transactional basis". As an example, they stated that "a monthly fee tied to the number of consumers who submit their contact information to the dealership via a vendor’s website...would appear to be in violation of Virginia law in that any search that resulted in a sale would mean that the dealer has compensated an unlicensed individual in connection with the sale of a motor vehicle." Does this mean that paying a lead provider a fixed amount per lead (a common arrangement) is not allowed in Virginia or some other states? Maybe.

The lesson to be learned here is that is important for dealers to have their legal counsel scrutinize vendor contracts and ensure that they are compliant. It’s conceivable that some vendors are either not aware of state prohibitions or are trying to fly under the radar. TrueCar altered their compensation program in Virginia last year in an attempt to comply with state brokering prohibitions, but apparently is still out of compliance.

Advertising – It’s been noted that TrueCar’s current advertising practices run afoul of certain states’ regulations. It remains to be seen if TrueCar will be able to adjust their adverting accordingly to comply, but there’s a lesson to be learned for dealers. A number of complaints have been published by TrueCar customers about dealerships failing to honor advertised prices, attempting to add additional fees, and alleged “bait and switch” tactics. While these accusations may or may not be true, it’s a good reminder for dealers to ensure that their staff members fully understand and follow state and federal advertising guidelines. Advertising violations can be quite serious and the potential penalties are substantial. Once again, state regulators have indicated that they will be taking a closer look at dealerships since being made aware of the TrueCar model. It’s a good idea to train employees on advertising rules of the road and hold them accountable for strict compliance.

Privacy – The TrueCar discussions have also brought into question the sharing of dealers’ DMS data with vendors. It’s vitally important for dealers to ensure that their privacy policies accurately reflect their actual practices in sharing of consumers’ Personally Identifiable Information (PII). Many dealers have boilerplate privacy policies that may state that they do not share PII with non-affiliated parties. If vendors are accessing DMS data from the dealership, that statement may not be true. The Federal Trade Commission and state regulators have been taking an increasingly aggressive stance against companies that fail to follow their own privacy guidelines. It’s time for dealers to dust off their privacy policies and adjust them if necessary.

The good news is that the regulators have given fair warning that they’re going to be looking closely at these issues. The increased legal scrutiny on dealerships may be an unintended consequence of the TrueCar debate, but at least the dealers that are paying attention won’t be blindsided.

Friday, December 9, 2011

Have You Read Your Website Privacy Policy Lately?

Dealerships typically collect a great deal of personal information from their website visitors through contact forms, online credit applications, etc. What many businesses don’t realize is how vitally important it is to properly handle any Personally Identifiable Information (PII) collected from consumers through their sites.
So what’s the big deal about privacy policies? Our website provider takes care of that, right?
Not necessarily. In researching dealer websites recently, we looked at a random sample of privacy policies on 12 dealer sites from around the country. What we found was…interesting:

·         2 dealers had no privacy policy link on their sites (both were in states where it’s required by law)
·         1 dealer had only the website provider’s privacy policy published on its site (won’t do the dealer much good if there’s a legal claim against them)
·         2 dealers had only the manufacturers’ policies published on their sites (same as above)
·         1 dealer had a privacy policy with another company’s name on it (need to make sure you customize those templates!)
·         3 dealers had the same policy that they hand out to consumers who apply for credit at the store (NOT the same thing as an online privacy policy)
·         2 dealers had identical boilerplate policies provided by their website provider – not a problem, unless the policies don’t truly reflect the dealers’ actual processes. For instance, the policies state: “Subscribers to our e-mail services (or any other feature/service found on our Web site) will not receive unsolicited e-mail messages from us”. If the dealers decide to launch an email marketing campaign to these website visitors (which is legal as long as they adhere to CAN-SPAM regulations), they could be in danger of violating their own policies. Federal and state regulators can take action against companies that fail to comply with their own privacy policies or otherwise misrepresent their information management practices. And of course, there is the real possibility of substantial private lawsuits.
·         1 dealer had a nicely-written, personalized policy (good job!)

While posting a privacy policy on your website is not yet required by federal law, it looks like it will be soon. There are several bills pending in Congress that address online privacy, such as the Commercial Privacy Bill of Rights Act of 2011, and full disclosure tends to be a common element. Some states already have laws on the books mandating online privacy policies. For instance, if you’re collecting personal information from any California residents, state law requires you to conspicuously post a privacy policy on the site and strictly comply with its provisions.

The internet can be a dangerous place when it comes to privacy. Do yourself and your customers a favor by establishing best practices for handling consumer privacy. The first step is to review your company’s privacy policy and ensure that you have a clear understanding of its contents and that it reflects your dealership’s actual practices. The next step is to make sure that it’s published on your website. Finally, review the policy with your employees and vendors to ascertain their understanding. This will help minimize (or hopefully eliminate) breaches due to unfamiliarity on the part of individuals acting on your behalf.