Executive Update: SC Advertisement Violations View this email in your browser
October 23, 2014
SC CAR DEALERSHIP ADVERTISING VIOLATIONS
The South Carolina Department of Consumer Affairs has released statistics on advertising reviews conducted in the first two quarters of 2014. The most common violation is Truth in Lending, meaning failure to list terms of repayment (i.e. monthly payment or repayment period) and not disclosing the APR. Some listed the down payment but failed to list the APR. The next most common violation is Truth in Leasing including failure to list whether a security deposit is required and/or the amount. Finally, Dealers are often fined for Unfair and/or Misleading Advertising, using terms that would confuse or mislead the consumer such as misleading trade-in valuation and misleading trade terminology "dead cost" and use of the word "free" and for excluding dealer fees from advertised price.
In the second quarter alone, 17 violation letters were issued to South Carolina Dealerships, 4 fines were levied and 2 subpoenas were issued.
It is evident from the advertisement review results that Dealerships still need education on Advertising Laws. SCADA Dealers have a great opportunity available in the coming weeks to attend or send staff to attend private Advertising Law Seminars. If you have not yet signed up, please complete and return
the registration form found below by November 3rd. This is one seminar you CAN NOT AFFORD TO MISS.
All seminars will begin with registration at 9:30AM
and the seminar from 10AM to 12PM
MYRTLE BEACH - Wednesday, November 5
Sheraton Myrtle Beach Convention Center
2101 North Oak Street
CHARLESTON - Thursday, November 6
Town & Country Inn and Suites
2008 Savannah Highway
GREENVILLE - Monday, November 10
Hilton Greenville
45 West Orchard Park Drive
COLUMBIA - Tuesday, November 11
Embassy Suites
200 Stoneridge Drive
For questions or further details please contact Kristen Christie
at 803-252-0205 or via email at kchristie@scada.org
SCDMV FAQ'S
Provided by the SCDMV1. What if my trade-in customer (vehicle owner) leaves before he signs the vehicle over to the
dealership? If the dealership is in possession of the title, you MUST have the customer assign the title to the dealership. If not, if the title was/is present at the time of the transaction, an unsecured power of attorney must be submitted to support the dealer or other attorney-in-fact to sign on behalf of the owner.
2. If a non-secured power-of-attorney can be used for nearly anything that is specified on the POA, why do we need to submit the secured POA? The federal government has outlined specific requirements for odometer disclosure if the title is lost or with the lienholder. Those requirements include the disclosure of the odometer on a secure power of attorney authorizing another person to disclose the odometer on their behalf. This requirement is only when the title is not present at the time of transfer because it is lost or being held for lien.
3. Can the same person sign as the transferor and transferee on the title? Yes, when the 5047 (secured POA) or unsecured power of attorney is present.
4. We’ve had problems when the vehicle had a lien with an ELT lender. When the title is received, it does not have a lien on it and the title issue date is before the 5047 date. Why won’t SCDMV accept the 5047 and the clear title in these incidences? SCDMV staff have been trained to recognize titles that were previously ELT. Unfortunately, they are unable to make this determination without looking at the title record in SCDMV’s database. In the future, previous ELT titles will be identified on the title with a statement indicating the title was a previous ELT.
5. My customer lost his title for the trade-in vehicle. Can I have the customer sign the 5047 and then my title clerk completes the Form 400 and obtains the title on his behalf? While 5047 must be used to authorize the dealer to disclose the odometer on the title once the title is received; it cannot be used to sign the title application for the customer. Remember, the 5047 is only for odometer disclosure purposes. The trade-in customer should sign the 400 to obtain a duplicate title; or authorize the dealer to sign on their behalf by using a non-secure power of attorney.
6. Can we use the MC-25 found on the internet as our non-secure POA? The MC-25, is a limited power of attorney specifically for matters related to IFTA fuel taxes and IRP licensing. It cannot be used for vehicle transactions that are not related to IFTA and IRP processes.
the guidelines outlined by SCDMV. There is no standard format for non-secure POA’s; however, the POA must contain the owner of the vehicle, owner naming a person or person(s) as attorney-in-fact to act in all matters relating to a specific vehicle, vehicle’s description (VIN, Year, Make and Model), the owner must sign and the signature must be witnessed. The POA does not have to be notarized and the attorney-in-fact does not need to sign.
8. What if the vehicle owner is unable to appear at the dealership for the transfer? For example, a wife is trading in a vehicle that is in the name of her husband who is in the military and is not present? If the wife has the title in her possession and a POA authorizing her to serve as attorney-in-fact for her husband, a copy of the POA can be submitted along with the signed title. A 5047 is not necessary because the wife can present the title at the dealership at the time of transfer. If, however, the title is lost or with the lienholder, the wife can still sign the Form 5047 for her husband. Then the transaction should be accompanied by both the non-secure and secure POA’s.
10 STEPS DEALERS NEED TO TAKE TO PROTECT "DEALER DATA"
Provided by NADA1. Conduct an audit of access to your DMS and other dealer systems
Know and understand who is in your systems and what they have access to - both employees and third parties. Review external access to all of your systems and databases (DMS, CRM, websites, etc.). Work with your vendors and don’t forget non-DMS databases or data access points (e.g., online credit
applications). Review password authorization policies to ensure that internal and external access is limited appropriately. If another third party is gathering data on behalf of your service provider, you must understand and limit that access just as you limit access by your service providers.
2. Determine and limit scope of access / control passwords
Delete all outdated or unauthorized access and require all third party service providers with legitimate access to provide written list of data they have access to as well as a listing of all data fields they are “taking.” Ensure that you understand and appropriately limit the scope of access that all your authorized service providers have. For example, if a service provider is providing services related to your parts department, it should not have access to sales data. Document all access and any changes to access. Establish protocols for adding or expanding data access. Work with your DMS provider to ensure proper controls and reporting.
Centralize and control authority to grant password access and scope of access to dealer systems. Work with your DMS provider to monitor and audit. Require regular changes to passwords, and require employees to use “stronger” passwords for any access to sensitive data.
3. Review all contracts and ensure required GLB language is included
GLB requires that you include provisions in your service provider contracts that (a) prohibit the service provider from accessing data beyond what they need or from using that data for any purpose other than providing you with the service, and (b) require the service provider to take steps to safeguard customer data they obtain from you. You must understand what data your third party service providers need and why. To do this, you must understand the service provided and legitimate reasons for the scope of data accessed. YOU MUST limit this via contract with your service providers as well as with anyone who accesses or obtains data on their behalf. Take steps to audit service providers regularly. Seek regular written confirmation, run internal reports, hold your service providers accountable, and document your processes!
Consider the use of the NADA Service Provider Data Access Addendum. This document is intended to be used by dealers to amend their current service provider agreements to ensure that the required contractual provisions are included. Consult your counsel.
4. Consider implementing a strict data “push” system for sharing data
This means that you need to understand what data a service provider needs to provide the service, gather it internally from your systems (or through a vendor), and send it to the appropriate service providers in a secure manner. You would no longer allow vendors to access your systems directly for any reason. This approach allows you to have control over what data is shared, prevents concerns regarding the scope of access, and provides a documented audit trail of all data you have shared. Note that it is possible that a push system could affect the functionality of some services. However, carefully consider claims by vendors that they “need” “real-time” access. In many cases, regularly “pushed” data will be more than adequate.
5. Understand and control remote access issues
Mobile devices raise tremendous data access and data breach concerns. You should take steps to limit remote access and control the devices that provide access. Work with your counsel and DMS and other vendors to address the policy, security, and business implications of mobile device access. Consider the implications of remote access from employees “home” computers. Enact policies to control data access, copying, and sharing.
6. Understand data flow to your manufacturer(s)
You may not share certain protected data – even with your manufacturer – unless an exception to the Privacy Rule applies. This is a complicated area that depends highly on the facts and circumstances. If your manufacturer seeks to obtain NPI, get written confirmation that it is pursuant to an exception to the Privacy Rule.
7. Understand “P2P” (“Peer-to-Peer”) networks and enact a “P2P” policy
Have a policy, train your employees, and consider prohibiting access to P2P sites. Go here for more information: http://business.ftc.gov/documents/bus46-peer-peer-file-sharing-guide-business.
Do you gather any customer information via social media? What is your involvement with customer comments/dealership reviews? Do you engage the services of a “reputation management” vendor? Do you understand exactly what services they are providing, what they have access to, and why?
9. Confirm that your Privacy Notice is accurate!
Use the Model Privacy Notice form, and review “A Dealer Guide to the FTC Privacy Rule and Model Privacy Notice” at www.nadauniversity.com. Ensure that you are properly using the model notice form. If you share customer information with service providers, you must properly disclose that on your privacy notice.
10. Consider additional steps to segregate and track data
For example, consider segregating your data to further protect the most sensitive and valuable data - by store; by manufacturer; and by separating “sensitive” data from “non-sensitive.” You can segregate the data physically (different servers/systems) or by password. The more you segregate the data, the more control you have over access to that data – both internal and external.
Another step to consider is the use of “dummy” or false customers in your databases with a physical and email address you can monitor. Once inserted, you can then test what, if any, marketing information comes to that “customer.” This can provide good insight into who may be accessing your data without your knowledge.
2015 CONVENTION: SAVE THE DATE
Join us at the Kiawah Island Golf Resort, Kiawah Island, SC
May 15 - 17, 2015
E. Sims Floyd, Jr. Executive Vice President
DISCLAIMER:
The material, summary or information forwarded to you is for your general business information only and is not and does not constitute legal advice or a legal opinion. You should consult with legal counsel for any advice regarding your specific legal issue or circumstances. The information contained in this email message may be privileged or strictly confidential information for Association Members. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of the communication is strictly prohibited. If you have received this communication in error, please notify us by telephone at 803.252.0205, and delete this email.
Copyright © 2014 SC Automobile Dealers Association, All rights reserved. unsubscribe from this list update subscription preferences
