Sep 19, 2019
California Amends CCPA, Adopts Data Broker Law
During the final days of the 2019 legislative calendar, California lawmakers passed several bills to amend the California Consumer Privacy Act (CCPA). If signed into law by [...]
On June 12, 2019, the Federal Trade Commission (FTC) settled with LightYear Dealer Technologies, LLC (LightYear) over a major data breach that occurred in October of 2016 and the subsequent allegations that LightYear’s data security was woefully insufficient.
LightYear, an auto dealer software provider operating under the name DealerBuilt, provides dealer-management system software and data processing and/or storage services to its dealership clients. The company is one of the biggest operators in its field with some of the largest dealers in the country utilizing its software in their day-to-day operations. The products licensed to these dealerships collect large quantities of personal and financial information, including consumers’ Social Security numbers and bank account information.
According to the FTC, LightYear’s problematic data security practices included:
In order to address these issues, the proposed settlement:
This is an incredibly hands-on approach to enforcement and consistent with the direction the FTC has been moving in the realm of data security, as evidenced by Clixsense and iDressup settlements announced in April.