The FTC and You: New FTC Compliance Rules Begin This Year
Updated FTC Safeguard Rules: Know Its Impact On Your Dealership
The Federal Trade Commission (FTC) has been in the news the past few months with high-priced fines, including a record-setting $10 million fine and another $1.5 million fine, aimed at dealerships.
If compliance isn’t on your dashboard, it should be. Here’s why.
A rule passed in October 2021 is rearing its ugly head in the summer of 2022. Known as the Safeguards Rule of the Gramm-Leach-Bliley Act, it impacts dealerships due to its burdensome security requirements.
Geared toward protecting consumer data, it takes effect December 9, 2022, though the list of requirements may seem daunting.
What are the new requirements?
These new requirements are meant to strengthen data security efforts at dealerships in relation to customer data.
The annual costs of compliance can be substantial. According to a study by the National Automobile Dealers Association (NADA), on average dealers may incur upwards of $276,000 in costs each year.
Here’s an overview of the requirements for motor vehicles dealers due for the December deadline, including:
Provide a written risk assessment. You must look at all access points to computers, file rooms, etc. on a yearly basis.
Appoint one qualified individual to oversee the effectiveness of the plan, employee training, and services from external providers.
Encrypt customer data with multifactor authentication.
Test and monitor computer systems biannually.
Oversee and monitor service providers before and after onboarding.
Provide periodic reports to boards of directors and governing bodies, no less than annually.
Plan for secure disposal of customer information, e.g., credit reports
Document a safeguarding plan, such as encryption, secure development practices, multi-factor authentication, and information disposal procedures (among others).
“Customers want their information secure when the visit a dealership. For the dealer, they want to be in compliance,” Thomas G. Wolf, CPA Director Brady Ware & Company. “You don’t want to be the one holding the bag when the FTC comes in for an audit.”
“One perk,” he added, “Dealers can use it as a potential selling feature that they are compliant and take customer information security seriously.”
Be In The Know
If you haven’t started the process yet, start planning now and consult vendors to find the best fit.
