Privacy & Cybersecurity

Navigating digital privacy

Consumer privacy and data security are two of the most vital topics facing California auto dealers and other retailers today. Scali Rasmussen’s Privacy & Cybersecurity blog explores the changing legal landscape, its impact on retailers, and how to take a practical approach to issues when perfection may be unattainable. Count on us for updates on new laws and regulations, enforcement actions by regulators and the plaintiff’s bar, and steps you can take to decrease liability and increase customer confidence.

Ransomware attack hits car dealer

What should you do to prepare?

Published on

In December of 2019, a Florida car dealership was hit by a ransomware attack. This sophisticated style of data security attack breaks into a network and locks access to email, databases, and other essential files and programs. The hackers typically then demand a large payment in the form of an untraceable financial instrument. In this case the hackers demanded 65 Bitcoins, roughly equivalent to $600,000, to restore access to the dealership’s systems.

Published on

On February 10, 2020, the California Attorney General issued an amended version of its proposed California Consumer Privacy Act (CCPA) regulations in a redlined format. Overall the redlined regulations are generally favorable to businesses operating in California in that they clarify requirements without imposing significant new requirements. Here are changes that are particularly notable.

Published on

The California Department of Consumer Affairs (DCA), which includes the Bureau of Automotive Repair (BAR), is reporting that its licensees are being targeted in attempted fraud schemes and is urging awareness and caution. This is an important message for all staff members, but also a good opportunity to remind them that any communication with a licensing agency such as BAR or the Department of Motor Vehicles should be treated seriously. Following good fraud prevention habits will also help prevent important notices such as requests for information from falling in the cracks and leading to license enforcement.

Published on

The California Consumer Privacy Act includes multiple references to the idea of a “business purpose” for the use of consumer Personal Information (“PI”). For businesses covered by the CCPA, it is crucial to understand what “business purpose” means generally, what information uses of the business it specifically includes, and what obligations it triggers. In short, this type of information use must be disclosed to consumers, but also is generally shielded from deletion requirements and receives other potential protections.

CCPA and vendors

What you need to know

Published on

Many automotive vendors rely on accessing automotive dealers’ customer data to provide services as varied as lead generation, vehicle tracking, and customer service. Under the CCPA, dealers may be held liable if any vendor misuses customer data or experiences a data breach. Each vendor that uses your customer data therefore has the potential to steeply increase your potential liability, particularly in light of the fact that you cannot directly control the vendor’s data use or data security practices.

Monica Baumann published in Automotive News

Dealerships must safeguard customer data

Published on

Automotive News turned to Scali Rasmussen attorney Monica Baumann for this article about the California Consumer Privacy Act. The most aggressive consumer-privacy law in the country, the CCPA goes into effect January 1, 2020.

Understanding the CCPA, part 5

What does the law require?

Published on

The California Consumer Privacy Act has four major prongs intended to protect consumer’s privacy while also allowing consumers to use services provided by companies that share and sell data. In general terms, businesses will need to tell customers what type of data they collect, what they disclose or sell, and what purpose they use the data for. Businesses may also be required to erase data and, in more limited circumstances, allow customers to “opt out” of certain usages.

Understanding the CCPA, part 4

What kind of data uses are restricted?

Published on

The California Consumer Privacy Act governs three different types of data usages: collection of data, disclosure of data, and sale of data. It is important for businesses, including auto dealers, to know not only what type of data they are collecting, but what use they intend to put it to, as their duties under the law depend on the data usage.