The deadline to comply with the revised FTC safeguards rule is fast approaching. The FTC gave financial institutions (including dealerships) until December 9, 2022, to comply with its requirements to undertake a series of procedural, technical, and contractual steps to protect consumer and other personal data.
Many of the amendments will require significant investments from dealers who must now adopt new information security measures. The changes adopted by the FTC to the Safeguards Rule include more specific criteria for what safeguards financial institutions must implement as part of their information security program. They include:
A. Designate a Qualified Individual to implement and supervise your information security program.
B. Conduct a risk assessment.
C. Design and implement safeguards to control the risks identified. Including:
- Implement and periodically review access controls.
- Know what you have and where you have it.
- Encrypt customer information on your system and when it’s in transit.
- Assess your apps.
- Implement multi-factor authentication for anyone accessing customer information on your system.
- Dispose of customer information securely.
- Anticipate and evaluate changes to your information system or network.
- Maintain a log of authorized users’ activity and keep an eye out for unauthorized access.
- Regularly monitor and test the effectiveness of your safeguards.
D. Train your staff.
E. Monitor your service providers.
F. Keep your information security program current.
G. Create a written incident response plan.
H. Require your Qualified Individual to report to your Board of Directors.
Few dealerships can comply with the new revised rules without outside assistance. NJ CAR has partnered with ComplyAuto to provide a one-stop shop for our members to comply with the revised rule. More information about ComplyAuto can be found here: https://complyauto.com/
More information about the FTC Revised Safeguards rule can be found here: https://www.ftc.gov/business-guidance/resources/ftc-safeguards-rule-what-your-business-needs-know
If Dealers have questions about this topic or any other questions, they can contact Greyson P. Hannigan, NJ CAR’s Director of Legal & Regulatory Affairs at (609) 883-5056 – ext. 340 or via email at email@example.com.