The Revised FTC Safeguard Rule Deadline Looms: Establish Your Readiness Plan

Here’s a deadline you need to have on your calendar: December 9, 2022. Not exactly a date that jumps out or one that anyone is used to, but it’s the date the federal government will start enforcing the revised FTC Safeguard Rule.

This revised rule ensures that dealerships are handling customer information, known as PI (personal information) in government circles, in a safe and secure way. Before now, you only had to prove you were taking steps to make information more secure. But this new rule requires certain items to be completed. And anecdotally, we’re finding out that most dealerships aren’t anywhere close to having these items checked off their compliance list.

While the National Automobile Dealers Association (NADA) and other trade groups are lobbying Congress for changes if not outright withdrawal, as of now, the due date stands.

In the meantime, if your dealership doesn’t complete this compliance list by December 9, it can impact who can do business with you in the long run.

Ramifications of Non-Compliance with the FTC Safeguard Rule

Let’s say you’re compliant, and all your vendors are compliant. If that’s the case, your dealership can continue to finance your customers with all your lenders. But if you’re not compliant, and some of your vendors aren’t either, your lenders will be forced by the government to stop doing business with you until you adhere to these new rules from the FTC.
Banks have much more complicated guidelines compared to dealerships and will be consulting a list of businesses that are compliant every time they do business with a dealership—if you’re not on that list, then they can’t and won’t buy your loans.

Nine Defined Elements for Compliance

While there is more to each step and this law than just these nine areas we are highlighting below, it does help you quickly assess areas the law is covering to help you understand its depth and where you might need to strategize your responsiveness:

1. Do you have a qualified individual to implement and supervise your information security program?
2. Risk and inventory assessments: when and to what detail have you taken steps to shore up weaknesses? This area has significant detail and documentation that comes with it.
3.  Establish safeguards to control the risks identified in your risk assessment. This step contains eight areas that identify and help dealerships maintain control over protected information.
4. Regular monitoring and testing protocols.
5. Staff training.
6. Monitoring service providers.
7. Keeping the security program current.
8. Keeping and documenting written incident response plans.
9. Regular reporting to the board of directors or governing body.

Time is Running Out

It takes most dealers more than 30 days, sometimes around 60-90 days, to have everything in place for a compliance review. Given that it is mid-September, time is running short. Much like effective accounting, audit, and fraud protection protocols and documentation, Brady Ware can guide this process.

Reach out to us to ensure your dealership achieves compliance by December 9, 2022.

Questions? Contact Us!