Cybercrime is the fastest-growing crime in the U.S. and has sparked a consumer data privacy revolution. Laws like the California Consumer Privacy Act (CCPA) and New York’s Stop Hacks and Improve Electronic Data Security (SHIELD) Act are changing the way businesses collect, store, and share consumer information.

The CCPA takes effect in January, 2020, and requires businesses to take “reasonable measures” to secure consumers’ personal and identifiable information (PII). If the law applies to your dealership, compliance should be a top priority. But many dealerships are still unsure of how to comply with the California Consumer Privacy Act, and what it means for their businesses.

Even if you can’t achieve full compliance by the deadline, there are some steps you can take to demonstrate that you’re working toward compliance. Follow this CCPA compliance checklist to get your dealership on track.

1. Take an inventory of all the ways your dealership collects customer information.Whether it’s obtained through online forms, paper forms, or over the phone, dealerships collect a lot of highly sensitive personal information (name, address, date of birth, phone number, social security number, and financial information) from customers.This is exactly the type of information the CCPA aims to protect, so it’s important to keep track of how it’s gathered and where it’s stored.

2. Take an inventory of any information your dealership discloses to third parties.Depending on your various business relationships, you may be sharing consumer data with warranty, insurance, and financing companies, as well as vehicle manufacturers and consumer reporting agencies. Keep detailed records of these relationships, including what data is shared and how.

3. Develop policies for dealing with all data collected after January 1, 2020.One consumer protection offered by the CCPA is the right to have personal information deleted upon request. Make sure you have appropriate systems in place for quickly and easily removing consumer data from your systems should they make that request.Take note of what data is covered under the CCPA and what data is covered under other laws, such as Gramm-Leach-Bliley, and separate it appropriately.

4. Work with your IT service provider to organize and secure past data.Even data that was collected before January 1, 2020 may become relevant to the CCPA or other laws in the future. Work with your IT service provider to properly organize and store this data so you’ll be prepared for anything.

5. Hold meetings and trainings to inform employees about relevant changes.Employee negligence is the main cause of data breaches, so it’s vital to have well-trained, diligent employees who understand the gravity of consumer protections. Any changes to your technology, processes, and policies should be clearly communicated to dealership staff, especially those who will directly handle consumer information.

6. Update your website to include opt-out instructions.One key to CCPA compliance is making it easy for customers to opt out of third-party data sharing, and providing at least two methods for them to do so.Whether it’s in paperwork, over the phone, online, or face-to-face, clearly explain the steps the consumer can take to opt out of data sharing. Additionally, make sure your website is updated with the appropriate text regarding data collection policies and CCPA rights.
7. Stay updated about the CCPA in order to learn about any additional best practices.As the CCPA is rolled out and implemented, changes may occur. And considering the wave of consumer privacy legislation proposals and approvals we saw in 2019, additional laws won’t be far behind. Be sure to stay up to date on industry best practices and shifting compliance requirements and learn from the experiences of other businesses.

These steps may feel overwhelming — it’s a lot to handle, and not very much time to get it done, especially when you already have your dealership’s day-to-day operations on your plate. But when you partner with a professional dealer IT service provider like Helion, you can make the necessary changes to achieve compliance and build consumer trust.