(a) A computer vendor shall not do any of the following: (1) Access, modify, or extract information from a confidential dealer computer record or personally identifiable consumer data from a dealer without first obtaining express written consent from the dealer and without maintaining administrative, technical, and physical safeguards to protect the security, confidentiality, and integrity of the information. (2) (A) Except as provided in subparagraph (B), require a dealer as a condition of doing or continuing to do business, to give express consent to perform the activities specified in paragraph (1). (B) Express consent may be required as a condition of doing or continuing to do business if the consent is limited to permitting access to personally identifiable consumer data to the extent necessary to do any of the following: (i) To protect against, or prevent actual or potential fraud, unauthorized transactions, claims, or other liability, or to protect against breaches of confidentiality or security of consumer records. (ii) To comply with institutional risk control or to resolve consumer disputes or inquiries. (iii) To comply with federal, state, or local laws, rules, and other applicable legal requirements, including lawful requirements of a law enforcement or governmental agency. (iv) To comply with lawful requirements of a self-regulatory organization or as necessary to perform an investigation on a matter related to public safety. (v) To comply with a properly authorized civil, criminal, or regulatory investigation, or subpoena or summons by federal, state, or local authorities. (vi) To make other use of personally identifiable consumer data with the express written consent of the consumer that has not been revoked by the consumer. (3) Use electronic, contractual, or other means to prevent or interfere with the lawful efforts of a dealer to comply with federal and state data security and privacy laws and to maintain the security, integrity, and confidentiality of confidential dealer computer records, including, but not limited to, the ability of a dealer to monitor specific data accessed from or written to the dealer computer system. Waiver of this subdivision or purported consents authorizing the activities proscribed by the subdivision is void. (b) A dealer shall have the right to prospectively revoke an express consent by providing a 10-day written notice to the computer vendor to whom the consent was provided or on any shorter period of notice agreed to by the computer vendor and the dealer. An agreement that requires a dealer to waive its right to prospectively revoke an express consent is void. (c) For the purposes of this section, the following terms mean as follows: (1) âConfidential dealer computer recordâ means a computer record residing on the dealerâs computer system that contains, in whole or in part, any personally identifiable consumer data, or the dealerâs financial or other proprietary data. (2) âComputer vendorâ means a person, other than a manufacturer, manufacturer branch, distributor, or distributor branch, who in the ordinary course of that personâs business configured, sold, leased, licensed, maintained, or otherwise made available to a dealer, a dealer computer system. (3) âDealer computer systemâ means a computer system or computerized application primarily designed for use by and sold to a motor vehicle dealer that, by ownership, lease, license, or otherwise, is used by and in the ordinary course of business of a dealer. (4) âExpress consentâ means the unrevoked written consent signed by a dealer that specifically describes the data that may be accessed, the means by which it may be accessed, the purpose for which it may be used, and the person or class of persons to whom it may be disclosed. (5) âPersonally identifiable consumer dataâ means information that is any of the following: (A) Information of the type specified in subparagraph (A) of paragraph (6) of subdivis
‹ Prev All California sections Next ›
Lexace provides legal information, not legal advice, and no attorney–client relationship is created. Statute text is provided for general information and may not reflect the most recent amendments; verify against the official state code.