Think you have this Internet thing down pat? Guess again

So you think you have this Internet thing handled? Every thing is working smoothly, your Internet department is top notch, you have a snazzy web site with the latest features as you sell cars online.

“Guess again,” was the message at the Dealership Technology Forum in Washington D.C. Dealers will soon be encountering a host of legal issues brought about by the Internet, according to several forum speakers.

Attorney Michael Charapp warns, “Legal compliance is something you should be concerned about. As the technology progresses, the legal headaches will magnify.”

One issue dealers may be grappling with soon is Internet pricing. Wisconsin dealer Jon Lancaster cautions fellow dealers to be careful of how they price vehicles online.

“Offering a vehicle at a lower price online than in the showroom could violate many of the state advertising laws. Its just a matter of time before someone like a state attorney general begins looking into that area,” he says.

Gilbert Chavez, general manager for Burt Automotive in Denver, concurs. “It definitely does violate our state advertising laws. We offer a special price on our web site, but we have the same price in the showroom.”

Says Mr. Charapp, “That e-price obligates you to make that price available to everyone that comes into your store.”

Also, group pricing may come under the purview of anti trust laws. Dealers, third party sites and manufacturers need to be careful when considering new online initiatives that include pricing strategy, he advises.

Compliance with the Gramm-Leach-Bliley Act which went into effect on July 1, is an issue dealers are struggling with now. The GLB Act is a confusing document that raises more questions than it answers, say dealers.

John Anderson, Ward's Dealer Business' No. 1 e-Dealer, says his attorneys have told him “there are at least, 10 different interpretations to the law.”

Another Internet pioneer dealer, Ken Smith, owner of Dave Smith Motors in Idaho, admits that he is “still trying to figure it all out.”

Essentially, the law requires financial institutions to inform current and future customers that ‘nonpublic personal information’ is being collected; what they intend to do with that data; and provide a means for the customer to opt out, or prevent the institution from selling that information to third parties. The act also requires companies to implement basic security procedures that states can make stricter.

“Aha,” you say. “I'm a dealership, not a financial institution!”

Well, the Federal Trade Commission (the agency responsible for enforcing the law) thinks differently. According to its definition of financial institution, car dealerships are financial institutions, says a newsletter Auto Advisory Services sent to California dealers.

The GLB Act impacts the entire dealership, but Larry Kelsey, partner, Information Risk Management, KPMG, LLP, urges dealers to not forget to make sure their web sites are compliant, also.

“Dealers have been getting involved online, they are very creative - but at some point they cross the line and become financial institutions,” he says. “If the web site is able to collect data and if the web site uses cookies to collect data, then that information could considered nonpublic information,” says Mr. Kelsey.

Anytime a customer submits a credit application online or any kind of financial information online, a dealership needs to be compliant with the GLB Act.

As a start, Mr. Kelsey suggests that every web site include:

  • A privacy statement that notifies customers when nonpublic personal information is being collected and informs the customer how that information may be used;

  • The showing of the encryption method when information is collected (Mr. Kelsey suggests using the Amazon.com method of showing an image of a key when data is collected);

  • Having an outside source review the web site and its security annually.

Mr. Kelsey advises dealers that securing any information needs to be a top priority.

Physical security — Who, in the dealership, has access to the information?

Security of the Internet portal - Is your web site an easy target for hackers or online fraud?

Security of the F&I database - Is it in a secure location? Is access limited and tightly controlled?

For the web site, complying with the ‘opt out’ requirements may be tricky, says Mr. Anderson. To satisfy the “opt out' requirements, he speculates his dealership will email or fax a form to each customer who provides financial information on the web site.

To protect themselves, dealers should consult with their attorneys to find out exactly how the law applies to each aspect of the dealership.