Dealerships that allow salespeople to collect customer driver’s licenses on personal phones may be exposing themselves to federal privacy violations, according to compliance experts cited by Automotive News. The publication reported that the practice occurs at 39% of dealerships, raising concerns under the Federal Trade Commission’s Safeguards Rule.
License scans need a process owner
The risk is not that a store asks to see a license. Dealers need licenses for test drives, loaners, rentals and identity checks. The concern is whether the store can show that customer information is collected, handled and removed under a consistent dealership policy.
A driver’s license image can include sensitive identifying information, and a personal phone is rarely managed like a dealership record. If a customer’s license sits in a salesperson’s photo library, personal account or shared album, the store may struggle to prove who had access to it, why it was kept or whether it was ever removed. That is a weak position if a regulator, lender partner, insurance carrier or customer asks questions later.
I'd argue this is less of a technology problem than a management problem.
Departments with the most exposure
Sales gets the attention because test drives are frequent and informal. A busy Saturday can turn a quick license photo into a habit, especially when a guest is waiting and the salesperson wants to keep momentum. But the same issue can show up in several corners of the store, including areas that do not always think of themselves as privacy hot spots.
- New and used vehicle sales, where licenses are collected before test drives and sometimes re-used later in the transaction.
- F&I, where identity documents may be handled alongside credit applications, lender forms and deal jackets.
- Service, especially when a customer receives a loaner vehicle or provides documentation at the lane.
- Rental and mobility operations, where license collection is part of the daily workflow and may involve repeat customers.
- BDC and appointment teams, if they ask customers to send license photos before arrival or during remote deal steps.
The data doesn't fully prove this yet, but the pressure on dealers appears to be moving in one direction: regulators and business partners expect stores to know where customer information goes, who touches it and how long it stays there.
What managers should review this week
This does not need to start with a six-month project. A general manager can learn a lot by walking the store and asking how licenses are captured in real situations. Do not ask only what the policy says. Ask what happens when the showroom is full, a customer refuses to wait, a service loaner is needed fast or a salesperson is working from the lot.
- Confirm who owns the process. In many stores, compliance sets the policy, but sales, service and rental managers have to enforce it daily.
- Ban personal photo capture for licenses unless the store has reviewed and formally approved the method. A casual snapshot is the behavior to eliminate.
- Create one standard procedure for each department. Test drives, loaners and rentals may need slightly different steps, but the customer information should receive the same level of care.
- Make sure managers can explain where the license record is kept, who can view it and when it should no longer be retained.
- Check whether exceptions are being documented. If an employee works around the normal process, management should know why and how often it happens.
- Train to the practical moments. Employees need clear wording for customers, not just a policy PDF buried in a shared folder.
The customer experience matters, too
A tighter license process should not make the store feel colder or slower. In fact, a clear policy can make employees more confident. Instead of improvising, a salesperson can say, “We use a dealership-approved process for driver’s licenses so your information is handled properly.” Most customers will understand that.
Managers should also watch for the small shortcuts that create outsized risk. A salesperson texts a license photo to another employee. A service adviser keeps an image because the customer is a regular. A rental coordinator uses a personal device because the counter is backed up. None of those choices may feel reckless in the moment, but together they create a pattern that is hard to defend.
A simple control beats a perfect policy
The Safeguards Rule expects dealers to protect nonpublic personal information, but a policy only helps if it matches store behavior. For most operators, the immediate goal should be straightforward: remove personal phones from license capture, assign department ownership and verify that employees know the approved path.
One misplaced license image may not lead to an enforcement action by itself. Still, it can create customer complaints, internal cleanup, insurance questions and uncomfortable conversations with outside partners. That is enough reason for a GM or department head to treat license scans as a weekly operating issue, not an annual compliance reminder.