Starting June 9th, 2023, the Federal Trade Commission (FTC) will be enforcing the Safeguards Rule, which requires financial institutions and certain other businesses to have measures in place to protect customers' personal information. Auto dealers, as a subset of the broader financial industry, will be among the businesses affected by this rule. In this blog post, we will discuss the Safeguards Rule, how it will impact auto dealers and the steps auto dealers need to take to comply with the new regulation.
The Safeguards Rule
The Safeguards Rule is a regulation under the Gramm-Leach-Bliley Act (GLBA) that requires financial institutions and certain other businesses to have measures in place to protect customers' personal information. This includes the development of a comprehensive information security program that includes administrative, technical, and physical safeguards to protect personal information. The rule applies to any business that holds non-public personal information and is not already subject to similar regulations such as HIPAA or GLBA.
In addition to auto dealers, the following types of companies are mentioned specifically in the new rule:
Fines for non-compliance can be $44,000 per violation PER DAY!
Impact on Auto Dealers
The Safeguards Rule will have a significant impact on auto dealers, as they will be required to implement and maintain a comprehensive information security program to protect their customers' personal information. This includes information such as customers' names, addresses, Social Security numbers, and financial information. Auto dealers will also be required to conduct regular risk assessments, implement security controls, and provide employee training on information security.
There are 17 specific requirements in the updated rule with which companies must comply:
Steps Auto Dealers Need to Take
Auto dealers can take the following steps to comply with the Safeguards Rule:
Conclusion
The FTC Safeguards Rule will have a significant impact on auto dealers starting June 9th, 2023. The rule requires many businesses that have never faced security compliance to have measures in place to protect customers' personal information. Nearly all auto dealers will need to raise their information security game quickly causing unplanned budget expenses and changes to key workflows. Many dealers will find themselves unprepared or under budgeted for these requirements.
The silver lining is that this rule change is compelling companies to do what they probably should be doing already. First-year pain aside, companies that face this challenge head-on with the right partners will build stronger, more resiliant businesses with less risk and, in many cases, competitive advantage. By taking steps now, auto dealers can ensure that they are in compliance with the Safeguards Rule and that their customers' personal information is protected.