How The FTC Safeguards Rule Affects Car Dealerships
In October 2021, the Federal Trade Commission (FTC) implemented new safeguard rules that automotive dealerships would need to comply with in order to remain in business. Initially, these new requirements had a 14-month deadline and were to be met by December 9, 2022. That deadline has been extended by another six months, and businesses now have until June 9, 2023 to comply with the new safeguard rule changes. (FTC)
These rules specifically target non-banking financial institutions and in this article, we’re going to look at how they affect car dealerships. First, though, let’s look at the FTC and the Safeguards rule.
What is the Federal Trade Commission or FTC?
The FTC, formed in 1914, is an independent agency of the US government that enforces antitrust laws in the name of protecting consumers. They fight against all sorts of unfair business practices and educate consumers on scams and other forms of fraud. Their goal is to make sure businesses play fair and don’t take advantage of the consumer.
What is the Safeguards Rule?
The Safeguards Rule originally went into effect almost two decades ago, in May 2003. The rule requires that businesses implement comprehensive security programs in an effort to protect consumer information. (FTC)
As the business landscape changes and technology continues to evolve, safeguards must evolve with it to ensure consumer data remains safe and secure, hence the changes to the rule made in 2021. The new rules cast a wider net over what data needs to be protected from potential leaks.
What Does the New Rule Require?
The changes made to the Safeguards Rule keep the overall goal of the rule intact while implementing more specific criteria as to what data needs to be protected and how to go about it. Some of these provisions, the ones easiest to implement, went into effect no more than a month after the new rule was published. For other provisions, however, the FTC gave businesses a 14-month deadline to comply. This is the deadline that’s been extended, and now car dealerships have until June 9. 2023 to meet certain requirements:
- Appoint a qualified individual to establish and maintain an information security program
- Implement mandatory safeguards such as multi-factor authentication, disposal procedures, and secure development practices
- Encrypt any and all sensitive information
- Limit who can access sensitive information and log all authorized and unauthorized activity
- Develop an incident response plan for when and if a security breach occurs
- Conduct regular assessments of security practices, especially those involving key systems
- Adequately train employees on the policies and procedures for your Information Security Program
Why Did the FTC Extend the Deadline?
The FTC added another six months to the original deadline for two primary reasons, both dealing with shortages. First, numerous reports informed the FTC that there is a serious lack of qualified individuals to run the security programs required by the Safeguards rule. Secondly, due to the widespread supply chain issues caused by the COVID-19 pandemic, there’s a shortage of the equipment required to upgrade security systems to meet the new criteria. Multiple organizations cited these reasons when requesting a deadline extension from the FTC.
These shortages make it extremely difficult for cooperating dealerships to comply with the new rules, especially smaller dealerships that don’t have the resources to keep up with rising costs. These new rules affect all non-banking financial institutions, both big and small, and it’s no secret that smaller companies are struggling right now. (FTC)
It’s All About Cyber Crime
While there are multiple factors that went into these changes, the common threat behind most of them are of the cyber variety. Massive data breaches seem to happen on a regular basis, and considering that most modern companies store a lot of data online, they’re all potential targets. These attacks can lead to identity theft, missing funds, document tampering, and more, all of which are devastating to both consumers and businesses alike.