by Leonard A. Bellavia, Esq.
In the few short years since the launch of the iPad, tablet computers (or “tablets”) have achieved widespread adoption by consumers and businesses, some manufacturers have developed applications to assist their franchisees in offering consumers a more dynamic shopping experience. Today, businesses of all sizes are developing ways to use tablets as effective sales tools. As you determine how best to use tablets at your company, keep in mind that the ‘old’ rules regarding compliance apply to tablets. Here are a few issues to keep in mind:
- Safeguards Rule/Gramm-Leach-Bliley Act: The Safeguards Rule of the Gramm-Leach-Bliley Act obligates businesses to develop processes that protect nonpublic personal information obtained from consumers. Your processes should address how your company protects data that is either stored on the tablet itself or is accessed through applications on the tablet. Safeguards should include robust password protection, restricting who can use tablets to access nonpublic personal information or other business records, monitor employees use of tablets to access nonpublic personal information on and off premises, and the ability to remotely “wipe,” or erase, tablets that are lost or stolen.
- Adverse Action Notices/Red Flags Compliance: If you allow your staff to use tablets to retrieve consumers’ credit information, you will need to address how to monitor staff activity, detect staff that abuse this feature, and reconcile credit inquiries in order to guarantee customers receive adverse action notices. Your efforts to detect identity theft should address use of the tablets as well. Will your Red Flags Rule procedure help your staff detect illegal activity if they use tablets in their sales processes?
- Employee Use: There are many questions you will need to answer regarding how your company permits employees to use tablets. What will you allow your employees to do with tablets assigned to them? Will you permit employees to use tablets for personal reasons, such as checking their personal email, posting content to their personal social media accounts or playing games? Do you have provisions in your employee handbook addressing tablet use and do you train employees on appropriate use? If you forbid employees from such conduct, how will you monitor and enforce compliance? How will you restrict content that may be deemed offensive from being displayed on the tablet? Will you assign the tablets only to certain employees, and can these employees take the tablets off premises? Can employees use the tablets to upload photographs, videos, or other content to your dealership’s social media accounts, blogs, or your dealership’s website? How often do you inspect the tablets to make sure that they are not being used inappropriately or do not have offensive content stored on them? The answer to each of these questions will be specific to your dealership and should be determined after careful consideration.
If you have any questions about how to ensure that your business is compliant with sensitive information handling requirements, please call us at 631-224-7000.