Safeguards Rule Playbook leads dealers to compliance

The Federal Trade Commission in November extended the deadline for all the provisions of the Safeguards rule to take effect until June 9. But now is the time to make sure you are ready before the deadline to avoid costly penalties.

NIADA has worked with ComplyNet to create the Independent Dealer’s FTC Safeguards Rule Playbook to provide a guide to help you get everything in order.

In the auto industry, the FTC Safeguards Rule applies, without limitation, to every dealership, lender, finance company and finance and insurance provider that is directly or indirectly involved in financed consumer transactions, which includes buy here pay here and lease here pay here transactions.

At a high level, the FTC Safeguards Rule establishes standards designed to help protect consumer information that is entrusted to businesses and individuals when the consumer seeks or obtains a financial product or service, such as providing information to a licensed motor vehicle dealer when seeking financing for buying or leasing a motor vehicle. The updated Safeguards Rule The updated FTC Safeguards Rule is designed to enhance security processes and procedures to protect customer information. The new rules will alter how business is conducted and require additional security expenditures.

The updated rules approved in October 2021 require financial institutions to designate an individual to oversee their security program, develop a written risk assessment, limit and monitor who can assess customer information, encrypt information, train security personnel, develop a response plan, assess security practices of service providers and implement multi-factor authentication for any individual accessing customer information.

Penalties can range up to $46,517 per violation.

Penalties can range up to $46,517 per violation.

It is important to note that the Safeguards Rule requires ongoing activities, and is designed to ensure that both the business and the business executives can be held accountable for lax security efforts.

The playbook includes a 10-step approach to compliance.

It starts with establishing a Safeguards team, including IT/MSP vendors, qualified individuals at the dealership and specialists to perform risk assessments, employee trainings and develop plans and policies.

Part two is conducting a written risk assessment and then using it to create a written information security program.

Then employees should undergo mandatory job- and role-specific training.

Phishing is part of the training, and it should be backed up with a phishing penetration test. More than 90 percent of all hacking starts with phishing.

More than 90 percent of all hacking starts with phishing.

Vendor assessments and agreements need to be scrutinized. Service providers should be required by contract to implement and maintain safeguards for customer information.

Access controls must continually be reviewed. It starts with granted limited access and monitoring activity.

Penetration testing of your technology is encouraged along with a continuous monitoring security system.

A written incident response plan is also needed. An annual report should also be prepared on the risks assessments, testing results and proposed changes.

The playbook can be purchased online at NIADA membership includes a complimentary copy of the playbook.

Previous Post

Adjustment expected in used car market in 2023

Next Post

Market opens year with mixed trends

Related Posts