Arizona Senate Ponders Legislation that would Legalize Data Breaches

Arizona’s House Bill 2418 is anti-consumer, in that it would  put the private data of consumers at risk. Specifically, it would allow third-parties to access Dealer Management Systems (DMSs) that contain personally identifiable information of consumers, potentially including their name, address, phone number, Social Security number, employment data, purchase history, financial information and other private information that needs protection from the general public, hackers, data brokers, vendors and marketing firms, and other third-parties.

House Bill 2418 would require dealer management systems to permit system access to anyone designated by a dealer, without regard to that person’s technical competence, ethical values or criminal history, or commitment to utilize the data in ways that do not harm other DMS participants (e.g., auto manufacturers, lenders and consumers). It would not prohibit the resale or secondary use of personal data by “authorized” third-parties; it would not require consumer notification if and when their personal data has been used; and it would not prohibit unauthorized access, collection or retention of consumer data by “authorized” third-parties. In effect, the bill would legalize data breaches of personally identifiable information. Consumers deserve better.

To read ACI’s letter to Arizona lawmakers, click here.

FacebooktwitterredditlinkedinFacebooktwitterredditlinkedin