There’s no question that tablet computers, like Apple’s iPad and Amazon’s Kindle Fire, are extremely popular. Personally, I see more and more people using tablets each day. In fact, I’m writing this post on my Nexus 7 tablet while I wait for a train in Jamaica (in Queens, not the tropical paradise of the same name) [EDIT: While my first draft for this post was on my Nexus 7, I used my Mac to finish it]. I’ve read many articles and participated in discussions about how to best use tablets at automobile and powersport dealerships. Several manufacturers, such as Ford and Mercedes Benz, have created applications for tablets specifically for use during the sales process at their dealerships. While tablets have the potential to make your staff more efficient and offer a “wow” factor to please your customers, tablets can be potential compliance traps, exposing your dealership to potential liability. The topics below aren’t meant to be an exhaustive list of compliance issues arising from tablet usage. Instead, these are a few thought starters to consider when deploying tablets at your dealership.
First, consider how widespread deployment of tablets will impact your dealership’s compliance with the Safeguards Rule of the Gramm-Leach-Bliley Act. The Safeguards Rule requires dealerships to maintain written plans (and implement processes) to protect nonpublic personal information collected from consumers. If you use tablets to collect nonpublic personal information or allow individuals to access this kind of data stored in your DMS or CRM through tablets, you’ll need to address potential breaches involving nonpublic personal information. Ideally, you’ll limit who can access sensitive files from tablets and monitor usage. Nonpublic personal information should not be stored on the tablet itself. The tablets themselves should be password protected and physically secured when not in use. Also, will you allow employees to use tablets from home? If so, you’ll need to determine ways to make sure employees aren’t transferring nonpublic personal information from the tablet to their own devices. These processes should be checked periodically for compliance, and you should train your employees on how to protect the data contained or accessed by tablets. Of course, whatever processes you implement will need to be documented as part of your dealership’s written compliance plan.
You’ll also need to consider how tablets will affect your Red Flags Rule compliance efforts. As part of the Red Flags Rule, dealerships must develop processes to detect identity theft and record potential or actual cases of identity theft and how your processes detected the threat or could be improved. Think of tablets as just another tool to collect data. As with your Safeguards Rule compliance efforts, your processes for Red Flags Rule compliance should include how tablets can be used to detect identity theft or prevent identity theft from occurring at the dealership.
Finally, your employee handbook and training processes should inform employees what is and what isn’t appropriate use of tablets. Don’t rely on a blanket waiver that speaks only to desktop computer use to protect your dealership. Make sure your documents are clear enough that a court would find your intent to apply the same rules pertaining to desktop computers to other kinds of devices and uphold these provisions as applied to tablets. Employees should not be allowed to store their own personal apps or information on tablets assigned to them. They also should not be allowed to access websites, applications or other things that are illegal or offensive. Nor should they be allowed to download or share copyrighted material. If employees break these rules, then you must consider appropriate discipline in order to give force to your policies.
If you use tablets at your dealership (or other kind of business), what steps do you take to stay compliant?