One topic that is on the minds of automotive dealers across the country is the revised FTC Safeguards Rule. In 2021, 850,000 cases of cyber-attacks were reported to the FBI and those attacks caused financial devastation totaling upwards of $6.9 billion dollars*. To help prevent cyberattacks and to mitigate damages for the consumer, the FTC has updated their Safeguards Rule and implementation begins on December 9. The multipart, new requirements set forth in the updated Safeguards Rule will take time to properly implement in the dealership. Here is a brief overview of the revisions to the updated FTC Safeguards Rule.
Third-Party Administrators
FTC Safeguards Rule
FTC Safeguards Rule
The Gramm-Leach-Billey Act ("GLBA") (1999) requires the protection of consumer data. The Safeguards Rule ("Rule") has been in place since 2003, it included requirements that dealers "safeguards" consumer data.
Changes to the Safeguards Rule are in response to the growing incidence and severity of cyberattacks.
Dealership Compliance
The revised FTC Safeguards Rule has taken compliance to the next level by laying out certain tasks that the dealership must undertake to implement an information security program. Within the Safeguards Rule there are three parts, administrative, physical, and technical, that cover various regulations and practices that dealers must implement by December 9. In addition, this new rule asks dealers to verify that their service providers are maintaining safeguards that align with the dealership’s own information security program to appropriately protect customer data.
Fail to Comply
Dealerships that fail to comply with the revised requirements of the FTC Safeguards Rule could face hefty monetary fines and class action lawsuits. Dealers could also be subject to headaches in securing customer funding as banks may choose to not paper from non-compliant dealerships.
Protecting the Dealership
To help dealers navigate the updated rule, NADA has developed a comprehensive guide as well as several webinars for dealers on how to comply with the revised FTC Safeguards Rule. To access additional resources* on the FTC Safeguards Rule visit nada.org.
*Additional resources available through NADA are for NADA members only.