Mont. Code § 30-11-717

Current through the 2023 Regular Session
Section 30-11-717 - Definitions

As used in 30-11-718 through 30-11-720, and this section, the following definitions apply:

(1) "Authorized integrator" means any third party with whom a dealer has entered into a contractual relationship to perform a specific function for the dealer that permits the third party to access protected dealer data or to write data to a dealer data system, or both, to carry out the specified function.
(2) "Cyber ransom" means to encrypt, restrict, or prohibit or threaten or attempt to encrypt, restrict, or prohibit a dealer's or a dealer's authorized integrator's access to protected dealer data for monetary gain.
(3) "Dealer" has the same meaning as "new motor vehicle dealer" provided in 61-4-201 and includes any authorized dealer personnel acting on behalf of the dealer owner-operator.
(4) "Dealer data system" means any software, hardware, or firmware owned, leased, rented, or controlled by a dealer and used by the dealer in its business operations or licensed by a dealer that includes a system of web-based applications, computer software, or computer hardware, whether located at the motor vehicle dealership or hosted remotely, and that stores or provides access to protected dealer data and includes dealership management systems and consumer relations management systems.
(5) "Dealer data vendor" means any dealer management system provider, consumer relationship management system provider, or other vendor providing similar services that permissibly stores protected dealer data pursuant to a contract with a dealer.
(6) "Fees" means charges for allowing access to protected dealer data in excess of any direct costs incurred by the dealer data vendor in providing protected dealer data access to an authorized integrator or allowing an authorized integrator to write data to a dealer data system.
(7) "Prior express written consent" means the dealer's express written consent that is contained in a document separate from any other consent, contract, franchise agreement, or other writing and that contains:
(a) the dealer's consent to the data sharing and identification of all parties with whom the data may be shared;
(b) all details that the dealer requires relating to the scope and nature of the data to be shared, including the data fields and the duration for which the sharing is authorized; and
(c) provisions and restrictions that are required under federal law to allow the sharing.
(8) "Protected dealer data" means any:
(a) personal, financial, or other data relating to a consumer that a consumer provides to a dealer or that a dealer otherwise obtains and that is stored in the dealer's data system;
(b) other data regarding a dealer's business operations that is stored in the dealer's dealer data system; or
(c) motor vehicle diagnostic data that is stored in a dealer data system. This subsection (8)(c) does not give a dealer any ownership rights to share or use the motor vehicle diagnostic data beyond what is necessary to fulfill a dealer's obligation to provide warranty, repair, or service work to a consumer.
(9) "Required manufacturer data" means:
(a) data required to be obtained by the manufacturer under federal or state law or to complete or verify a transaction between the dealer and the manufacturer; and
(b) information that is reasonably necessary for any of the following:
(i) a safety, recall, or other legal notice obligation;
(ii) the sale and delivery of a new motor vehicle or a certified used motor vehicle to a consumer;
(iii) the validation and payment of consumer or dealer incentives;
(iv) claims for dealer-supplied services relating to warranty parts or repairs;
(v) the evaluation of dealer performance, including but not limited to the evaluation of the dealer's monthly financial statements and sales or service, consumer satisfaction with the dealer through direct consumer contact, or consumer surveys;
(vi) dealer and market analytics;
(vii) the identification of the dealer that sold or leased a specific motor vehicle and the time of the transaction;
(viii) marketing purposes designed for the benefit of or to direct leads to dealers, not including a consumer's financial information on the consumer's credit application or a dealer's individualized notes about a consumer that are not related to a transaction;
(ix) motor diagnostic data; or
(x) the development, evaluation, or improvement of the manufacturer's products or services.
(10) "STAR standards" means the current, applicable security standards published by the standards for technology in automotive retail.
(11)
(a) "Third party" includes service providers, vendors, dealer data vendors, authorized integrators, and any other person other than the dealer.
(b) The term does not include a government entity acting pursuant to federal, state, or local law, a third party acting pursuant to a valid court order, or a manufacturer.

§ 30-11-717, MCA

Amended by Laws 2023, Ch. 362,Sec. 1, eff. 5/2/2023.
Added by Laws 2019, Ch. 283,Sec. 1, eff. 5/3/2019.

Applicability: Laws 2023, Ch. 362, § 11 provides:

"(1) [This act] applies to all presently existing or hereafter established systems of distribution of motor vehicles in this state, including all existing agreements between a manufacturer, a factory branch, a distributor or a distributor branch, and a motor vehicle dealer, except to the extent that such application would impair valid contractual agreements in violation of the state or federal constitution.

(2) [This act] does not:

(a) govern, restrict, or apply to data that exists outside of a dealer data system, including data that is generated by a motor vehicle or devices that a consumer connects to a motor vehicle; or

(b) authorize a dealer or third party to use data that is obtained from a person in a manner that is inconsistent with either:

(i) an agreement with the person; or

(ii) the purposes for which the person provided the data to the dealer or third party."