4 Min ReadOctober 6, 2022

How the FTC’s Amendments to the Safeguards Rule Affects Auto Dealerships

How the FTC’s Amendments to the Safeguards Rule Affects Auto Dealerships

The Federal Trade Commission (FTC) announced a change in the fall of 2021. The Safeguards Rule, which was created to protect customer financial data, would be expanded to include non-financial institutions that conduct financial transactions, including auto dealerships (that contain over 5,000 customer records). By now, almost all dealers are familiar with these requirements of the FTC Safeguards Rule.

So, what does this expansion of the FTC’s Safeguards Rule mean for you? Most importantly, it means you must comply with several new rules to protect consumer information by June 9, 2023.

What is the FTC Safeguards Rule?
The Gramm-Leach-Bliley Act (GBLA) was passed by Congress in 1999, and it introduced the 2002 Safeguards Rule. The Safeguards Rule increased the FTC's regulatory authority and imposed additional obligations on financial institutions, such as the establishment, implementation and maintenance of an information security program to prevent unauthorized access to sensitive consumer information.

In the past, the Safeguards Rule was ambiguous and allowed for compliance flexibility. However, after receiving public feedback and conducting additional research, the FTC issued an updated Safeguards Rule to keep up with technological development, respond to current cybersecurity concerns and create more precise recommendations. There are 16 new rules specifically outlined for dealers that you should sit down with your internal and legal team to review, plan, and implement. One unique requirement will be dealers must ensure their vendors and service providers safeguard the customer information in their care. Dealers need to audit their vendors for compliance.

What Do These Changes Mean For the Auto Industry?
From a practical, and emotional perspective, a trip to an auto dealership is often a big moment in a consumer’s life.

When a customer places their trust in a dealership, they expect the company to not only help them find the ideal car for their needs, but also protect their personally identifiable information (PII). According to the 2021 CDK Global State of Cybersecurity report, 84% of consumers claimed they would not return to a dealership to purchase another vehicle if their data had been hacked.

stat

Similarly, auto dealerships are concerned with the security of financial data. One issue facing the automotive industry is a lack of specific security and privacy rules for all dealerships to follow. The FTC's Safeguards Act modifications affect everything. Previous laws, such as the cybersecurity standards issued by the New York State Department of Financial Services in 2017 and the California Consumer Privacy Act in 2018, provided guidelines for securing consumer information that could only be enforced on a regional basis. The new FTC Safeguards Rule establishes a national standard by defining what constitutes an acceptable information security program.

Are You Prepared?
In CDK Global’s 2022 State of Cybersecurity report, only 47% of the 201 dealerships surveyed said they are well prepared for FTC Safeguards compliance. The same study also revealed that only 35% of the dealers know each component of the rules well. More than half of the dealers surveyed still have work to do to meet the compliance deadline.

stat

Next Steps
The first step is to perform a series of extensive procedural, technical and contractual steps to protect your sensitive consumer data. To help you get started, we've created an in-depth e-book you can download here.

DOWNLOAD HERE

Here are a few tips to help you begin your strategy:

  • Appoint a Dedicated Security Person Within the Dealership
    • Keep accurate documentation
    • Report back to senior leadership
  • Inventory the Network and Security Controls
    • Identify relevant date, personnel, devices, systems and facilitie
    • Ensure access controls are in place
  • Get a Risk Assessment
    • Draft a written risk assessment with specific issues
    • Use the risk assessment as the base for your written security program
  • Ensure Your Paperwork Is Up to Date
    • Review plans for information security, incident response and risk assessment
    • Amend as needed for compliance
  • Implement Required Security Controls
    • Multifactor identification
    • Cybersecurity awareness training
    • Data encryption

Let CDK Global help you understand your IT infrastructure’s effectiveness and identify any gaps in your current environment. Our free network security evaluation can help get you on the right path for FTC compliance.

To take advantage of this free evaluation, visit cdkglobal.com/securityevaluation, reach out to your CDK Sales Representative or call 888.424.6342.

Share This

CDK Global
By CDK Global
Staff

Recent Insights

A I and Vehicle Research. The Disadvantages of A I Informed Car Shoppers.

AI and Vehicle Research: The Disadvantages of AI-Informed Car Shoppers

Car shoppers are increasingly turning to AI to guide their research across financing, timing and vehicle selection. Salesforce data shows that...
4 Min ReadOct 8CDK Global
Hectic EV Rush Doesn't Hurt Buying Experience

Hectic EV Rush Doesn't Hurt Buying Experience

September saw a rush of buyers trying to snap up EVs before federal incentives expired, but the frenetic pace at...
2 Min ReadOct 1David Thomas
Twenty Twenty Five C D K Dealership Workplace Study.

Where Dealership Employees Stand During Uncertain Times

The automotive industry is often defined by inventory, margins and market shifts, but the real engine driving dealership success is...
1 Min ReadSep 24CDK Global
Three Ways Community Dealers Stand Apart.

3 Ways Community Dealers Stand Apart

The automotive retail industry is as diverse as any other in the United States. There are large, publicly traded operators...
3 Min ReadSep 23CDK Global
Unlocking Efficiency. Common Questions About the C D K Fundamentals Suite.

Unlocking Efficiency: Common Questions About the CDK Fundamentals Suite

In this ArticleWhat’s the CDK Fundamentals Suite? What’s Included in the Fundamentals Suite?How’s It Different From the CDK Foundations Suite?How Does...
3 Min ReadSep 22CDK Global
Driving and Moving you Forward, Smoothly. C D K’s Approach to Continuous Innovation.

Driving Forward, Smoothly: CDK’s Approach to Continuous Innovation

For over 50 years, CDK’s proven, reliable Dealer Management System has been the trusted backbone of dealership operations across North...
3 Min ReadSep 19CDK Global
2025 F and I Shopper Study.

New Report Shows Shifts in F&I Trust

The F&I process remains a critical touchpoint in the car-buying journey. It’s one that can either enhance the customer experience...
1 Min ReadSep 17CDK Global
Dealership Customer Satisfaction Formula. What Car Shoppers Value the Most.

Dealership Customer Satisfaction Formula: What Car Shoppers Value the Most

CDK conducts several annual research studies to better understand the state of automotive dealerships from the perspectives of Sales, Service,...
3 Min ReadSep 16CDK Global
Four Ways Data Is Reshaping Dealership Inventory Strategy.

4 Ways Data Is Reshaping Dealership Inventory Strategy

Today’s fast-moving automotive marketplace is shaped by seasonal fluctuations, evolving electrification policies, changing tax laws, and often fickle consumer preferences....
3 Min ReadSep 16CDK Global
Converting Used Car Buyers to New.

Converting Used Car Buyers to New

It happens every day: A customer shows up on your lot with a saved listing for a specific pre-owned vehicle....
4 Min ReadSep 4CDK Global