The Gramm-Leach-Bliley Act of 1999 (“the Act”) can be found in title 15 of the United States Code. The Act provides for administrative, technical, and physical safeguards of consumers’ personal financial information by requiring certain agencies and authorities to establish a set of standards for the recording, storage, and use of said information. The Act specifically protects the personally identifiable information of financial institutions’ customers by prohibiting financial institutions from disclosing individuals’ nonpublic personal information to certain third parties without the proper authorization.
The Act applies to any institution whose business is to engage in financial activities. It defines “financial activities”, in part, as “arranging, effecting, or facilitating financial transactions for the account of third parties.” Because one of the primary activities of an auto dealership is to arrange for banks and/or credit unions to provide loans to its customers, an auto dealership is considered to be in the business of engaging in financial activities, and therefore a financial institution for the purpose of the Gramm-Leach-Bliley Act. As an entity covered by the Act, an auto dealership is required to provide its customers with an explanation of what information may be disclosed to a third party, whom that third party may be, and to provide an explanation of how the customer may exercise the option of directing that their information not be disclosed. The dealership must provide this information to its customers before any disclosure is made.
The Act applies to nonpublic personal information, which is defined as “personally identifiable financial information” disclosed to the institution or obtained by it in the course of any transaction between the institution and the consumer or any service provided to the consumer. Such personally identifiable information is commonly requested during the discovery phase of litigation. The Gramm-Leach-Bliley Act permits auto dealers to redact personal identifiers from responses to discovery requests in order to ensure compliance with section 6802(b)(1). This section would require that, before answering discovery requests, a dealer contact all consumers whose information is being requested, inform them of the information requested, advise them as to the name of the third party requesting the information, and provide them with an option for directing that the information not be disclosed. Since answers to discovery requests are generally due within thirty (30) days, the only way to comply with section 6802(b)(1) of the Gramm-Leach-Bliley Act and return discovery responses in a timely manner is to redact all personally identifiable information from the responses.
Recognition of the importance of financial privacy is enshrined in public policy and codified in the Gramm-Leach-Bliley Act. The discovery process may not be used in order to circumvent the Act and the redaction of personally identifiable information from discovery requests is permitted by operation of the Act.
Special thanks to Shelley Riseden for her help on this piece.
The Agresta Firm’s dealer law practice is experienced and ready to handle the demands of civil litigation for automobile dealerships. Please contact us for more information about how the Gramm Leach Bliley Act can affect your business.