With FTC Deadline Past, Auto Dealers Must Act or Face Data Security Compliance Penalties

Courtesy of Greg Pfleider, Accelerate2Compliance

With the Federal Trade Commission’s June 9th deadline requiring more stringent data security practices now passed, it’s more urgent than ever that auto dealers act to ensure compliance.

Customer data is central to every dealership, and with so much sensitive customer information being managed day-to-day, data privacy and security are critical. The amended FTC Safeguards Rule requires dealers undertake a series of procedural, technical, and contractual steps to protect consumer and other personal data.

FTC Safeguards Rule Requirements

Implementation of such a program is no small feat. Information security compliance is complicated and, unless correctly executed, can become a major hassle for dealerships.

Collecting and analyzing data from customers is essential to dealership operations. However, many dealers are simply not prepared to meet the requirements or are not fully aware of the steps needed to comply with the amended Safeguards Rule.

The amended FTC Safeguards rule requires dealers take the following steps:

• Designate a qualified individual to oversee their information security program
• Develop a written information security program
• Limit and monitor who can access sensitive customer information
• Encrypt all sensitive information
• Train all personnel that have access to private information
• Develop an incident response plan
• Periodically assess the security practices of service providers (i.e. vendors)
• Implement multi-factor authentication or another method with equivalent protection for any individual accessing customer information

With the June 9^th deadline now passed, dealerships that do not meet the FTC Safeguards Rule requirements and whose data is compromised could face substantial fines and experience loss of customers, serious brand degradation and more. Additionally, dealers not complying with FTC rules may face expensive and cumbersome regulatory actions, including Consent Orders that can last for years.

What Should Auto Dealerships Do Now?

1. Begin by thoroughly reviewing the FTC publication for additional details. There are also several resources available through industry organization, such as NADA,RVDA and your state associations, that work to simplify the complex guidelines. Respective organizations can help detangle compliance requirements.
2. Time is of the essence. Dealerships are encouraged to immediately begin taking the required steps to prevent potential breaches. Depending where the dealership is on information security compliance journey, it could take months to achieve all FTC requirements.
3. Many dealers simply don’t have the infrastructure to address the amended guidelines on their own. Furthermore, a lot of dealers worry they won’t comply because they don’t understand the complex regulations. Reaching out to an organization that provides information security solutions can make the process easier for dealerships.

Accelerate2Compliance (A2C), a Minnesota-based organization, can help you with just that. They offer solutions that help make compliance quick and easy. The A2C platform provides templates tailored for documenting and implementing written policies and procedures surrounding the collection, storage, and communication of consumer private data.

Dealers interested in learning more about complying with the FTC Safeguards Rule can visit https://a2cautos.com/ or contact A2C at sales@Accelerate2Compliance.com or 844-637-5511.