WASHINGTON, D.C. — As the National Automobile Dealers Association issued two new bulletins geared to help store staff respond to consumer questions on safety and fuel economy, it also shared news of the Federal Trade Commission's announcement of an enforcement action against and a proposed settlement agreement with a Georgia franchised dealer.

According to FTC officials, Franklin's Budget Car Sales Inc. — also known as Franklin Toyota/Scion of Statesboro, Ga. — has been reprimanded for allegedly:

—Violating the FTC Privacy Rule
—Violating the FTC Safeguards Rule
—Engaging in an unfair or deceptive act or practice (UDAP)

The agency explained the enforcement action alleges that, as a result of the dealership's failure to implement reasonable security measures to protect its customers' personal information (including names, addresses, Social Security numbers, dates of birth and driver's license numbers), the personal information of 95,000 consumers was made available on a peer-to-peer (P2P) network.

The FTC believes P2P file-sharing software can present significant data security risks, due in part to the fact that once a file has been shared to a P2P network, it may be viewed or downloaded by any computer user with access to the network, and it generally cannot be permanently removed from the network.

In addition to the data security violations, the FTC alleged that the dealership engaged in a UDAP violation by misrepresenting in its privacy notice the measures it takes to protect customer information from unauthorized access.

The agency charged that Franklin failed to assess risks to the consumer information it collected and stored online and failed to adopt policies to prevent or limit unauthorized disclosure of information.

The FTC also said the Georgia dealership allegedly failed to prevent, detect and investigate unauthorized access to personal information on its networks, failed to adequately train employees and failed to employ reasonable measures to respond to unauthorized access to personal information.

"Because Franklin is a financial institution, the alleged security failures violated the Gramm-Leach-Bliley (GLB) Safeguards Rule as well as Section 5 of the FTC Act," federal officials explained in a statement on the FTC website.

"Franklin also allegedly failed to provide annual privacy notices and provide a mechanism by which consumers could opt out of information sharing with third parties, in violation of the GLB Privacy Rule," they continued.

The FTC said this is its first action against a dealer charging GLB violations.

"The settlement agreement with Franklin will bar misrepresentations about the privacy, security, confidentiality and integrity of personal information collected from consumers," officials said.

"It bars Franklin from violating the GLB Safeguards Rule and Privacy Rule. Under the settlement, Franklin Auto must also establish and maintain a comprehensive information security program, and undergo data security audits by independent auditors every other year for 20 years," they continued.

The FTC vote to accept the consent agreement packages containing the proposed consent orders for public comment was 5-0.

The FTC indicated it will publish a description of the consent agreement packages in the Federal Register shortly. The agreement will be subject to public comment for 30 days through July 9, after which the commission will decide whether to make the proposed consent order final.

Officials said interested parties can submit written comments electronically here.

NADA's New Information Bulletins

As the announcement came from the FTC, NADA also rolled out two new documents.

A two-page question-and-answer bulletin issued jointly by NADA and the National Highway Traffic Safety Administration aims to help sales staff respond to consumer questions on "stars-for-cars" safety information.

Officials indicated this new information is required on Monroney labels starting with Model Year 2012 light-duty vehicles rated and manufactured after Jan. 31. They pointed out the Dealer Guide to NHTSA's 5-Star Safety Rating Label describes how vehicles are rated, what the new labels look like and how consumers can compare between vehicles.

That bulletin can be found here.

Furthermore, the association highlighted a four-page Q/A bulletin – Revised EPA/NHTSA Fuel Economy Labels – is meant to address the revised fuel economy and emissions information required for model year 2013 and later vehicles.

Designed to allow for better comparisons between vehicles, officials said this revised information also typically will be set out on light-duty Monroney labels.

The other NADA bulletin can be downloaded here.

"It's important to note that while vehicle manufacturers are responsible for putting this information on Monroney labels, dealership personnel must not remove these labels prior to vehicle delivery," NADA stressed.

"These bulletins are for informational purposes only," the association went on to say. "They work best when used electronically, but are also designed to be printed double-sided for distribution to new-vehicle sales personnel and interested customers, as needed."