Read the full publication on the FTC website for more information: FTC Safeguards Rule: What Your Business Needs to Know

What is it?

The Federal Trade Commission's Standards for Safeguarding Customer Information, or the Safeguards Rule, is to ensure that entities covered by the Rule maintain safeguards to protect the security of customer information. The regulation, originally enacted in 2003, was amended by the FTC in late 2021 in order to align with current technology. The revised Safeguards Rule provides more concrete guidence for auto dealerships and reflects core data security principles that all covered companies need to implement.

What am I required to do?

The Revised Safeguards Rule requires any financial institutions, included auto dealerships, to develop, implement, and maintain an information security program with administrative, technical, and physical safeguards designed to protect customer information. The Rule covers information about your own customers and information about custoemrs of other financial institutions that have provided that data to you.

To comply with the Rule, your dealership must:

  1. Designate a qualified individual to implement and supervise yoru company's information security program
  2. Conduct a risk assessment
  3. Design and implement safeguards to control the risks identified through your risk assessment
    1. Implement and periodically review access controls
    2. Know what you have and where you have it
    3. Encrypt customer information on your system and when it's in transit
    4. Assess your apps
    5. Implement multi-factor authentication for anyone accessing customer information on your system
    6. Dispose of customer information securely
    7. Anticipate and evaluate changing to your information system or network
    8. Maintain a log of authorized users' activity and keep an eye out for unauthorized access
  4. Regularly monitor and test the effectiveness of your safeguards
  5. Train your staff
  6. Monitor your service providers
  7. Keep your information security program current
  8. Create a written incident response plan
  9. Require your qualified individual to report to your Board of Directors

When do I need to complete these changes by?

You must complete and comply to all requirements of the Revised Safeguards Rule by December 9, 2022 to avoid the risk of fines or lawsuits. The to-do list is long and complicated, so you need to act fast these next few months before this new rule (and it's consequences) go into effect. However, Compliance Prep is here to make the process easy for you and your dealership. Sign up today for immediate access to live webinars, in-depth courses, expert coaching, and all the crucial information you need to prepare for compliance by December 9.