Fullpath: FTC Compliance and the Gramm-Leach-Bliley Act

Chaya David
  • Updated
Follow

What is the Gramm-Leach-Bliley Act?

The Gramm-Leach-Bliley Act requires financial institutions - which auto dealers are now considered -  that offer consumers financial products or services like loans, financial or investment advice, or insurance - to explain their information-sharing practices to their customers and to safeguard sensitive data.

To be GLBA compliant, dealerships must communicate to their customers how they share the customers’ sensitive data, inform customers of their right to opt-out if they prefer that their personal data not be shared with third parties, and apply specific protections to customers’ private data in accordance with a written information security plan created by the institution.

 
The primary data protection implications of the GLBA are outlined in its Safeguards Rule, with additional privacy and security requirements issued by the FTC’s Financial Privacy Rule, created under the GLBA to drive implementation of GLBA requirements. 



What is Fullpath Doing?

Fullpath is proud to be one of the very few companies in the automotive space that is ISO 27001 certified. This is top international standard of information security. Learn more about our certification and  Data Security and Privacy at Fullpath.

 

With regards to the FTC compliance and GLBA, Fullpath is constantly monitoring FTC rules and regulations and adjusting our ads to make sure that they are fully compliant. We apply the highest standards  - including California requirements (see below):

  • Fullpath has a designated Chief Information Security Officer (CISO) to ensure thorough and consistent compliance with ISO data security standards.

  • All our customer data is encrypted and siloed in separate databases.

  • In accordance with our ISO certification, we conduct ongoing risk assessment on all our data services.

  • We maintain separate permission levels for different dealership employees and different products and data sets those employees may/ may not have access to

  • We offer 2 Factor Authorization (2FA) to access Dashboards and sensitive customer information including PII

  • Fullpath complies with the top standards and protocols for incident response as outlined in our ISO Certification (above and beyond this, we are committed to keeping the Dealership informed of any potential or actual security breach)

  • Fullpath conducts periodic internal data security audits along with yearly external data audits conducted by ISO reps. 

  • With regards to Fullpath emails and California compliance specifically:
    • Our emails display offer disclaimers in the body of the email for both OEM and Dealership offers.
    • Our emails clearly display the offer expiration date as a separate line in the email body (not just in disclaimer)
    • Our emails display the VIN on all vehicle-specific offers
    • Our CDP verifies that any price drop we notify shoppers about via email, is a ‘real price drop’ and not artificially created in order to look like a discount is given. Fullpath has specifically made sure the that the ‘previous price’ was the lowest price for a specific VIN in the past 3 months.
    • Fullpath has added ‘this is an advertisement’ disclaimer in all emails

 

 

 

[Reviewed: Dec 24, 2024]