Collecting sensitive data on consumers is integral to auto lenders' core business processes. Beyond credit decisions and identity verification, lenders also harness data to improve the customer experience in online channels. A finance company also may tap that data for insights into its consumers' needs, allowing it to pitch consumer-specific products that will grow the lender's portfolio.
But the recent spate of data breaches has prompted consumers to ask how their banks use, and secure, personal data. That in turn has sparked legal and regulatory changes.
Auto lenders are preparing for changes in the Federal Trade Commission's Safeguards Rule and the Jan. 1 implementation of the California Consumer Privacy Act, with perhaps more new state laws to come. They want to comply with the laws and reassure their customers, and their dealership partners, that they are fully safeguarding consumer data.
Many lenders that do business internationally have tweaked operations in accordance with the General Data Protection Regulation, which went into effect last spring in the European Union and has stringent rules regarding consumer data use and protection. Ally Financial of Detroit says that's partly why it's up to speed.
Jenn LaClair, Ally's CFO, said she has complete confidence in the compliance programs within the bank.
"I have very little concern in terms of compliance. Cybersecurity has helped us become even smarter in terms of how we manage, store and transmit data," she told Automotive News.