The deadline to comply with the Federal Trade Commission’s Safeguards Rule is here.
Financial institutions, including auto dealers, must have systems in place to comply with the new rule by June 9, 2023.
According to the FTC, the Safeguards Rule requires non-banking financial institutions, such as mortgage brokers, motor vehicle dealers, and payday lenders, to develop, implement, and maintain a comprehensive security program to keep their customers’ information safe.
The updated rules approved in October 2021 require financial institutions to designate a “qualified individual” to oversee their security program, develop a written risk assessment, limit and monitor who can assess customer information, encrypt information, train security personnel, develop a response plan, assess security practices of service providers and implement multi-factor authentication for any individual accessing customer information.
Penalties can range up to $46,517 per violation.
NIADA understands the impact this rule can have on independent auto dealers and has focused a substantial portion of its annual Convention and Expo, June 19 to 22 at the Wynn in Las Vegas, to make sure dealers have the information they need to be in compliance.
NIADA will be hosting sessions with members of the Federal Trade Commission (FTC), Consumer Finance Protection Bureau (CFPB) and Internal Revenue Service (IRS).
Dan Dwyer, an attorney in the Division of Financial Practices at the Federal Trade Commission will hold two sessions, 2:15 p.m. Wednesday, June 21, and 10 a.m. Thursday, June 22. Dwyer, who has worked on a variety of consumer credit and financial services issues, including debt collection, mortgage advertising and automobile sales and financing, will be available to address questions on the Safeguards Rule and other rules affecting the independent auto industry.
“I attend education conferences all over the country, and one thing that sets the NIADA Convention apart is having critical federal agencies present, presenting and answering questions. This is the only place one can hear directly from the FTC, CFPB and IRS, and interact with them.”
Scott Allen, NIADA President
“I attend education conferences all over the country, and one thing that sets the NIADA Convention apart is having critical federal agencies present, presenting and answering questions,” said NIADA President Scott Allen. “This is the only place one can hear directly from the FTC, CFPB and IRS, and interact with them.”
NIADA continues to offer a playbook, helping dealers get resources and training in place.
It starts with establishing a Safeguards team, including IT/MSP vendors, a “Qualified Individual” at the dealership and specialists to perform risk assessments, employee trainings and develop plans and policies.
Part two is conducting a written risk assessment and then using it to create a written information security program.
Then employees should undergo mandatory job- and role-specific training.
Phishing is part of the training, and it should be backed up with a phishing penetration test, as studies show 91 percent of all hacking starts with phishing.
Vendor assessments and agreements need to be scrutinized. Service providers should be required by contract to implement and maintain safeguards for customer information.
Access controls must continually be reviewed. It starts with granting limited access and monitoring activity.
Penetration testing of your technology is encouraged along with a continuous monitoring security system.
A written incident response plan is also needed. An annual report should also be prepared on the risks assessments, testing results and proposed changes.
There are two quick, easy and affordable courses available, one for Qualified Individuals and one for all other employees, which cover information required to know for meeting the FTC’s requirements for the Safeguards and Privacy Rules of the Gramm-Leach-Bliley Act.
After getting your plan in place, you will have a chance to hear from and speak with a representative of the FTC about the rule and regulation at the NIADA Accelerate 2023 Convention and Expo. This is an opportunity dealers shouldn’t miss.
Register now at niada.com/convention.
