California Vehicle Code 11713.25 – (a) A computer vendor shall not do any of the …
(a) A computer vendor shall not do any of the following:
(1) Access, modify, or extract information from a confidential dealer computer record or personally identifiable consumer data from a dealer without first obtaining express written consent from the dealer and without maintaining administrative, technical, and physical safeguards to protect the security, confidentiality, and integrity of the information.
Terms Used In California Vehicle Code 11713.25
- business: includes a proprietorship, partnership, corporation, and any other form of commercial enterprise. See California Vehicle Code 234
- Dealer: is a person not otherwise expressly excluded by Section 286 who:
California Vehicle Code 285
- distributor: is a ny person other than a manufacturer who sells or distributes new vehicles subject to registration under this code, new trailers subject to identification pursuant to Section 5014. See California Vehicle Code 296
- distributor branch: is a n office maintained by a distributor for the sale of new vehicles or new trailers subject to identification pursuant to Section 5014. See California Vehicle Code 297
- Fraud: Intentional deception resulting in injury to another.
- Lease: A contract transferring the use of property or occupancy of land, space, structures, or equipment in consideration of a payment (e.g., rent). Source: OCC
- Local authorities: means the legislative body of every county or municipality having authority to adopt local police regulations. See California Vehicle Code 385
- manufacturer branch: is a n office maintained by a manufacturer for the sale of new vehicles to dealers or for directing or supervising in whole or in part the manufacturer's representatives. See California Vehicle Code 389
- motor vehicle: includes a recreational vehicle as that term is defined in subdivision (a) of §. See California Vehicle Code 415
- Person: includes a natural person, firm, copartnership, association, limited liability company, or corporation. See California Vehicle Code 470
- Subpoena: A command to a witness to appear and give testimony.
- Summons: Another word for subpoena used by the criminal justice system.
(2) (A) Except as provided in subparagraph (B), require a dealer as a condition of doing or continuing to do business, to give express consent to perform the activities specified in paragraph (1).
(B) Express consent may be required as a condition of doing or continuing to do business if the consent is limited to permitting access to personally identifiable consumer data to the extent necessary to do any of the following:
(i) To protect against, or prevent actual or potential fraud, unauthorized transactions, claims, or other liability, or to protect against breaches of confidentiality or security of consumer records.
(ii) To comply with institutional risk control or to resolve consumer disputes or inquiries.
(iii) To comply with federal, state, or local laws, rules, and other applicable legal requirements, including lawful requirements of a law enforcement or governmental agency.
(iv) To comply with lawful requirements of a self-regulatory organization or as necessary to perform an investigation on a matter related to public safety.
(v) To comply with a properly authorized civil, criminal, or regulatory investigation, or subpoena or summons by federal, state, or local authorities.
(vi) To make other use of personally identifiable consumer data with the express written consent of the consumer that has not been revoked by the consumer.
(3) Use electronic, contractual, or other means to prevent or interfere with the lawful efforts of a dealer to comply with federal and state data security and privacy laws and to maintain the security, integrity, and confidentiality of confidential dealer computer records, including, but not limited to, the ability of a dealer to monitor specific data accessed from or written to the dealer computer system. Waiver of this subdivision or purported consents authorizing the activities proscribed by the subdivision is void.
(b) A dealer shall have the right to prospectively revoke an express consent by providing a 10-day written notice to the computer vendor to whom the consent was provided or on any shorter period of notice agreed to by the computer vendor and the dealer. An agreement that requires a dealer to waive its right to prospectively revoke an express consent is void.
(c) For the purposes of this section, the following terms mean as follows:
(1) “Confidential dealer computer record” means a computer record residing on the dealer’s computer system that contains, in whole or in part, any personally identifiable consumer data, or the dealer’s financial or other proprietary data.
(2) “Computer vendor” means a person, other than a manufacturer, manufacturer branch, distributor, or distributor branch, who in the ordinary course of that person’s business configured, sold, leased, licensed, maintained, or otherwise made available to a dealer, a dealer computer system.
(3) “Dealer computer system” means a computer system or computerized application primarily designed for use by and sold to a motor vehicle dealer that, by ownership, lease, license, or otherwise, is used by and in the ordinary course of business of a dealer.
(4) “Express consent” means the unrevoked written consent signed by a dealer that specifically describes the data that may be accessed, the means by which it may be accessed, the purpose for which it may be used, and the person or class of persons to whom it may be disclosed.
(5) “Personally identifiable consumer data” means information that is any of the following:
(A) Information of the type specified in subparagraph (A) of paragraph (6) of subdivision (e) of § 1798.83 of the Civil Code.
(B) Information that is nonpublic personal information as defined in Section 313.3(n)(1) of Title 16 of the Code of Federal Regulations.
(C) Information that is nonpublic personal information as defined in subdivision (a) of § 4052 of the Financial Code.
(d) This section does not limit a duty that a dealer may have to safeguard the security and privacy of records maintained by the dealer.
(Added by Stats. 2006, Ch. 353, Sec. 2. Effective January 1, 2007.)