4 Min ReadOctober 6, 2022

How the FTC’s Amendments to the Safeguards Rule Affects Auto Dealerships

How the FTC’s Amendments to the Safeguards Rule Affects Auto Dealerships

The Federal Trade Commission (FTC) announced a change in the fall of 2021. The Safeguards Rule, which was created to protect customer financial data, would be expanded to include non-financial institutions that conduct financial transactions, including auto dealerships (that contain over 5,000 customer records). By now, almost all dealers are familiar with these requirements of the FTC Safeguards Rule.

So, what does this expansion of the FTC’s Safeguards Rule mean for you? Most importantly, it means you must comply with several new rules to protect consumer information by June 9, 2023.

What is the FTC Safeguards Rule?
The Gramm-Leach-Bliley Act (GBLA) was passed by Congress in 1999, and it introduced the 2002 Safeguards Rule. The Safeguards Rule increased the FTC's regulatory authority and imposed additional obligations on financial institutions, such as the establishment, implementation and maintenance of an information security program to prevent unauthorized access to sensitive consumer information.

In the past, the Safeguards Rule was ambiguous and allowed for compliance flexibility. However, after receiving public feedback and conducting additional research, the FTC issued an updated Safeguards Rule to keep up with technological development, respond to current cybersecurity concerns and create more precise recommendations. There are 16 new rules specifically outlined for dealers that you should sit down with your internal and legal team to review, plan, and implement. One unique requirement will be dealers must ensure their vendors and service providers safeguard the customer information in their care. Dealers need to audit their vendors for compliance.

What Do These Changes Mean For the Auto Industry?
From a practical, and emotional perspective, a trip to an auto dealership is often a big moment in a consumer’s life.

When a customer places their trust in a dealership, they expect the company to not only help them find the ideal car for their needs, but also protect their personally identifiable information (PII). According to the 2021 CDK Global State of Cybersecurity report, 84% of consumers claimed they would not return to a dealership to purchase another vehicle if their data had been hacked.

stat

Similarly, auto dealerships are concerned with the security of financial data. One issue facing the automotive industry is a lack of specific security and privacy rules for all dealerships to follow. The FTC's Safeguards Act modifications affect everything. Previous laws, such as the cybersecurity standards issued by the New York State Department of Financial Services in 2017 and the California Consumer Privacy Act in 2018, provided guidelines for securing consumer information that could only be enforced on a regional basis. The new FTC Safeguards Rule establishes a national standard by defining what constitutes an acceptable information security program.

Are You Prepared?
In CDK Global’s 2022 State of Cybersecurity report, only 47% of the 201 dealerships surveyed said they are well prepared for FTC Safeguards compliance. The same study also revealed that only 35% of the dealers know each component of the rules well. More than half of the dealers surveyed still have work to do to meet the compliance deadline.

stat

Next Steps
The first step is to perform a series of extensive procedural, technical and contractual steps to protect your sensitive consumer data. To help you get started, we've created an in-depth e-book you can download here.

DOWNLOAD HERE

Here are a few tips to help you begin your strategy:

  • Appoint a Dedicated Security Person Within the Dealership
    • Keep accurate documentation
    • Report back to senior leadership
  • Inventory the Network and Security Controls
    • Identify relevant date, personnel, devices, systems and facilitie
    • Ensure access controls are in place
  • Get a Risk Assessment
    • Draft a written risk assessment with specific issues
    • Use the risk assessment as the base for your written security program
  • Ensure Your Paperwork Is Up to Date
    • Review plans for information security, incident response and risk assessment
    • Amend as needed for compliance
  • Implement Required Security Controls
    • Multifactor identification
    • Cybersecurity awareness training
    • Data encryption

Let CDK Global help you understand your IT infrastructure’s effectiveness and identify any gaps in your current environment. Our free network security evaluation can help get you on the right path for FTC compliance.

To take advantage of this free evaluation, visit cdkglobal.com/securityevaluation, reach out to your CDK Sales Representative or call 888.424.6342.

Share This

CDK Global
By CDK Global
Staff

Recent Insights

How Dealership Tech Training Improves Vehicle Delivery Experience and Customer Satisfaction.

How Dealership Tech Training Improves Vehicle Delivery Experience and Customer Satisfaction

Vehicle delivery isn't the end of the purchase process; it's the beginning of ownership, and it's essential that this journey...
4 Min ReadAug 26CDK Global
Are Dealers Moving to Where the Car Sales Are?

Are Dealers Moving to Where the Car Sales Are?

As we approach the midpoint of the 2020s, the U.S. auto retail landscape looks markedly different from just five years...
3 Min ReadAug 21CDK Global
Consultants Help Dealers Identify Improvements  to Increase Efficiency and Profit

Consultants Help Dealers Identify Improvements to Increase Efficiency and Profit

There is no denying the significant investment car dealers make with the software that runs their stores. But most dealerships...
4 Min ReadAug 19CDK Global
Leasing’s New Life as Monthly Payments Get Squeezed.

Leasing's New Life as Monthly Payments Get Squeezed

Leasing isn’t new. But as the market tightens and sale prices and MSRPs begin to rise there is renewed interest...
3 Min ReadAug 14CDK Global
C D K Research Uncovers the Truth About E V Ownership in 2025.

CDK Research Uncovers the Truth About EV Ownership in 2025

Electric vehicles have been a hot topic in the industry for nearly a decade. Today, the end of EV incentives...
2 Min ReadAug 7CDK Global
Four Requirements for Modern Dealer Appraisal Software in 2025.

4 Requirements for Modern Dealer Appraisal Software in 2025

Appraisals are an essential step in dealership processes. Even in today’s market where many dealers are offering top dollar for...
4 Min ReadAug 5CDK Global
Car Buying Process Rebounds in July

Car-Buying Process Rebounds in July

June saw the biggest drop and lowest score in the history of our Ease of Purchase scorecard. Luckily, there was...
3 Min ReadAug 4David Thomas
Three Ways Dealers Use Automotive Inventory Management Software.

3 Ways Dealers Use Automotive Inventory Management Software

Not too long ago, CDK conducted an informal survey of dealerships to see what inventory concerns plague them most. Some...
4 Min ReadJul 30CDK Global
How COVID 19 Strategies Can Help Dealers Pivot in 2025.

How COVID-19 Strategies Can Help Dealers Pivot in 2025

If the word of the year in 2020 was unprecedented, the word of 2025 may very well be tariff. Tariffs...
3 Min ReadJul 28CDK Global
The Evolving Role of the E V Salesperson in 2025.

The Evolving Role of the EV Salesperson in 2025

According to CDK data, vehicle satisfaction declined as electric vehicle buyers shifted from innovators and early adopters to the early...
4 Min ReadJul 23CDK Global