As the automotive industry continues to evolve, new federal regulations are being introduced to ensure the safety and security of consumer and other personal data. One such regulation is the Safeguards Rule issued by the Federal Trade Commission (FTC), which requires car dealerships in the United States to undertake a series of procedural, technical, and contractual steps to protect this sensitive information.
The amended Rule’s requirements must all be completed by June 9, 2023. This means that dealerships have less than six months to prepare and implement the necessary changes to ensure compliance by the deadline. With so much to do and so little time, now is the time for dealerships to act in order to avoid any penalties or fines.
To help dealerships understand and comply with the new regulations, the FTC recently issued a guidance publication, FTC Safeguards Rule: What Your Business Needs to Know, which provides further insight into the requirements. The FTC summarizes the requirements as follows:
- Designate a Qualified Individual to implement and supervise your information security program.
- Conduct a risk assessment.
- Design and implement safeguards to control the risks identified, including access controls, knowing what data you have and where it is stored, encryption, app assessments, multi-factor authentication, secure disposal of data, anticipating and evaluating changes to your information system or network, and monitoring and testing the effectiveness of your safeguards.
- Train your staff.
- Monitor your service providers.
- Keep your information security program current.
- Create a written incident response plan.
- Require your Qualified Individual to report to your Board of Directors.
It’s important to note that each dealership should seek their own legal counsel and make their own independent business decisions to ensure compliance.
To assist in compliance, NADA’s Driven Guide to the Amended Safeguards Rule is a helpful resource, which contains step-by-step guidance on how to comply with the Rule, as well as downloadable templates and other critical information to aid dealership compliance. NADA also has a series of webinars, workshops, and more to help dealers with these complex new requirements. Members can access these resources at nada.org/nada/issues/data-and-privacy.
COMNEXIA is a company that specializes in helping car dealerships comply with the new federal regulations, including the Safeguards Rule. They have a team of experts with a deep understanding of the automotive industry and the specific challenges that dealerships face in terms of data security.
COMNEXIA has helped many dealerships prepare for these new regulations by conducting risk assessments, implementing safeguards, and providing training and support to staff. They also offer a range of services to help dealerships comply with the new regulations, including information security program design, incident response planning, and compliance monitoring.
If your dealership is struggling to prepare for the new federal regulations, COMNEXIA can help. They understand the unique challenges that dealerships face and can provide the support and guidance you need to ensure compliance by the June 9, 2023 deadline. Contact COMNEXIA today to learn more about how they can help your dealership comply with the new federal regulations and protect consumer and other personal data.
by Mike Wilson – President/CEO