4 Min ReadOctober 6, 2022

How the FTC’s Amendments to the Safeguards Rule Affects Auto Dealerships

How the FTC’s Amendments to the Safeguards Rule Affects Auto Dealerships

The Federal Trade Commission (FTC) announced a change in the fall of 2021. The Safeguards Rule, which was created to protect customer financial data, would be expanded to include non-financial institutions that conduct financial transactions, including auto dealerships (that contain over 5,000 customer records). By now, almost all dealers are familiar with these requirements of the FTC Safeguards Rule.

So, what does this expansion of the FTC’s Safeguards Rule mean for you? Most importantly, it means you must comply with several new rules to protect consumer information by June 9, 2023.

What is the FTC Safeguards Rule?
The Gramm-Leach-Bliley Act (GBLA) was passed by Congress in 1999, and it introduced the 2002 Safeguards Rule. The Safeguards Rule increased the FTC's regulatory authority and imposed additional obligations on financial institutions, such as the establishment, implementation and maintenance of an information security program to prevent unauthorized access to sensitive consumer information.

In the past, the Safeguards Rule was ambiguous and allowed for compliance flexibility. However, after receiving public feedback and conducting additional research, the FTC issued an updated Safeguards Rule to keep up with technological development, respond to current cybersecurity concerns and create more precise recommendations. There are 16 new rules specifically outlined for dealers that you should sit down with your internal and legal team to review, plan, and implement. One unique requirement will be dealers must ensure their vendors and service providers safeguard the customer information in their care. Dealers need to audit their vendors for compliance.

What Do These Changes Mean For the Auto Industry?
From a practical, and emotional perspective, a trip to an auto dealership is often a big moment in a consumer’s life.

When a customer places their trust in a dealership, they expect the company to not only help them find the ideal car for their needs, but also protect their personally identifiable information (PII). According to the 2021 CDK Global State of Cybersecurity report, 84% of consumers claimed they would not return to a dealership to purchase another vehicle if their data had been hacked.


Similarly, auto dealerships are concerned with the security of financial data. One issue facing the automotive industry is a lack of specific security and privacy rules for all dealerships to follow. The FTC's Safeguards Act modifications affect everything. Previous laws, such as the cybersecurity standards issued by the New York State Department of Financial Services in 2017 and the California Consumer Privacy Act in 2018, provided guidelines for securing consumer information that could only be enforced on a regional basis. The new FTC Safeguards Rule establishes a national standard by defining what constitutes an acceptable information security program.

Are You Prepared?
In CDK Global’s 2022 State of Cybersecurity report, only 47% of the 201 dealerships surveyed said they are well prepared for FTC Safeguards compliance. The same study also revealed that only 35% of the dealers know each component of the rules well. More than half of the dealers surveyed still have work to do to meet the compliance deadline.


Next Steps
The first step is to perform a series of extensive procedural, technical and contractual steps to protect your sensitive consumer data. To help you get started, we've created an in-depth e-book you can download here.


Here are a few tips to help you begin your strategy:

  • Appoint a Dedicated Security Person Within the Dealership
    • Keep accurate documentation
    • Report back to senior leadership
  • Inventory the Network and Security Controls
    • Identify relevant date, personnel, devices, systems and facilitie
    • Ensure access controls are in place
  • Get a Risk Assessment
    • Draft a written risk assessment with specific issues
    • Use the risk assessment as the base for your written security program
  • Ensure Your Paperwork Is Up to Date
    • Review plans for information security, incident response and risk assessment
    • Amend as needed for compliance
  • Implement Required Security Controls
    • Multifactor identification
    • Cybersecurity awareness training
    • Data encryption

Let CDK Global help you understand your IT infrastructure’s effectiveness and identify any gaps in your current environment. Our free network security evaluation can help get you on the right path for FTC compliance.

To take advantage of this free evaluation, visit cdkglobal.com/securityevaluation, reach out to your CDK Sales Representative or call 888.424.6342.

Share This

CDK Global
By CDK Global

Recent Insights

Ease of Purchase Hits New High in February

Ease of Purchase Hits New High in February

Despite hurdles when it comes to affordability, more car buyers said it was easy to complete their purchase in February...
2 Min ReadFeb 27David Thomas
That’s a Wrap. Takeaways From N A D A 2024.

That’s a Wrap: Takeaways From NADA 2024

The camaraderie and partnership that comes with being at NADA were in full effect at this year’s show in Las...
3 Min ReadFeb 19CDK Global
Buyers Take the Wheel for Car Sales in 2024.

Buyers Take the Wheel for Car Sales in 2024

After three years of dramatic post-pandemic market swings, buyers in 2024 are poised to take back the wheel with plenty...
3 Min ReadFeb 13CDK Global
What’s the Key to Win the Automotive Service Wars.

What’s the Key to Win the Automotive Service Wars?

Although 2024 is shaping up to be a buyer’s market, new and used vehicles continue to be painfully expensive for...
3 Min ReadFeb 9David Thomas
Friction Points 2024

CDK Releases the Friction Points 2024 Study

The automotive industry has returned to somewhat of a pre-pandemic state at the end of 2023, but car buyers are...
1 Min ReadFeb 1CDK Global
The Game Changing Value of an Automotive C R M.

The Game-Changing Value of an Automotive CRM

The automotive industry is known for its love of acronyms and buzzwords. Most of the time we see dealers change...
4 Min ReadFeb 1Amber Good
Busting the Top Five Myths About the American Car Dealer.

Busting the Top Five Myths About the American Car Dealer

When you live and breathe the industry you work in, you tend to get a little protective of your colleagues...
5 Min ReadJan 29Barb Edson
Service Shopper 3 point 0 white paper.

What’s Changed in Service Shopper 3.0

Winning over a shopper is difficult for any type of retailer. Securing someone’s business looking to service their car however,...
1 Min ReadJan 12CDK Global
F and I Manager Tips. Hidden Opportunities in the Service Department.

F&I Manager Tips: Hidden Opportunities in the Service Dept

At first glance, the F&I and Service departments may seem worlds apart. Yet, both departments are critical linchpins in connecting...
4 Min ReadJan 12Saundi Crandall
New Cars Easier to Find, Bolstering Buyer Attitudes.

New Cars Easier to Find, Bolstering Buyer Attitudes

Car buyers raced against the clock to secure deals before the end of the year while inventories and incentives were...
2 Min ReadJan 3David Thomas