Dealership Compliance – Sacramento Valley IT

Step 1 of 20

Do you have a WiFi Network?

Do you use firewalls to segment your network and limit access between computers on your network and between your computers and the internet?

Yes

If your website has a link that states "Your California Privacy Choices," does it also use the CPRA-approved "blue and white check and X" icon?

Yes

Your online Privacy Policy and Notice at Collection is:

WCAG compliant for consumers with disabilities.

Available in foreign language for which you regularly conduct business.

Easily printable without formatting issues.

All of the above.

None of the above.

Do you use MFA on all company email accounts and identity services?

Yes

Do you provide a mechanism for the secure destruction and disposal of documents containing personal information?

Yes

Are documents containing NPI left unattended or unsupervised for more than 15 minutes?

Yes

Do you use MFA on cloud based applications containing NPI?

Yes

Are the computers and disks used to store NPPI encrypted?

Yes

You require authorized agents submitting CCPA requests on behalf of consumers to provide you with:

A valid Power of Attorney document

A notarized document signed by the consumer

The consumer’s residential address and government-issued photo ID

All of the above.

None of the above.

When communicating sensitive information, do you use a tool with end to end encryption?

Yes

Do you segment your WiFi network from your wired LAN?

Yes

Do you keep backups?

Yes

Do you allow insecure storage of credentials in plain text (e.g., Word or Excel files) or in other vulnerable formats?

Yes

Do you currently use a cookie banner or other mechanism to obtain visitors' consent to deploy third-party cookies on your website?

Yes

Is your DSAR Portal translatable to other foreign languages?

Yes

Do you allow Guests to use your WiFi network?

Yes

Has your dealership completed a comprehensive data inventory for each location and department?

Yes

Do you have a required addendum for each of the service providers and third parties you work with?

Yes

Does your website honor standardized opt-out signals such as Global Privacy Control and Do Not Track signals?

Yes

Do you support a consumer’s "request to correct" their information?

Yes

Does your cookie banner have both an “accept” and “decline” button?

Yes

Do you encrypt information sent over wireless networks?

Yes

Are the backups stored Offline or on segregated systems?

Yes

Do unattended computers containing NPPI automatically lock themselves in 15 minutes or less of inactivity?

Yes

Is your Guest WiFi network segmented from your Work network and does it employ Wireless Client Isolation?

Not Segmented, No Client Isolation

Segmented, No Client Isolation

Segmented & Client Isolation Configured

What are some ways that you can receive an NPPI violation?

Think you’re compliant? Find out by taking this short dealership compliance quiz:

Lets get started.