While the Safeguards Rule originally became law in 2003 to set standards for reasonable safeguards to protect customer information, it saw very little enforcement in part due to the flimsy language used that instructed dealerships to implement reasonable safeguards without specifying any requirements thereby leaving room for interpretation.
The 2022 amendments to the Gramm-Leach-Bliley Act now require dealerships to develop, implement, and maintain an information security program with administrative, technical, and physical safeguards designed to protect customer information. The Safeguards Rule also identifies nine elements that your company’s information security program must include.
Now, Dealers are obligated to oversee their service providers more closely. This includes putting out questionnaires, soliciting data and making judgements about their vendors’ safeguards programs. If they aren’t up to snuff, dealers will have to make the call to terminate those service providers.
If the Dealer can’t meet the safeguards rules they may not be able to do business with their banks. We’re already seeing banks put contract addenda to their lender agreements requiring dealers by contracts to comply with the safeguards rule and if the dealers don’t they will not be able to sell their commercial papers as of December 9, 2022.
4 Reasons to Comply with FTC Safeguards Rule:
1) Self-Interest
Protecting your customers data also protects your own data from malicious attacks. How many units can you sell if a ransomware attack throws you out of your computer network?
2) FTC has Enforcement Authority of Dealerships
While the odds of regulators knocking on your door prior to a data breach occurring is slim, the odds of a class action lawsuit being filed against you post-breach is a sure thing.
3) FTC has Defined the Failure to Follow the Rule as a Deceptive Trade PracticeThis exposes your dealership to payment of punitive damages and attorney fees.
4) Banks Won’t Accept the Commercial Paper of Non-Compliant StoresIf you can’t sell your commercial paper your dealership is going out of business.
As a leading integrator focused on modernizing the automotive retail experience, Motive Retail can help lower the risk of a data breach with MIX, a multi-system integration network that leverages a catalog of commonly used industry APIs known as MIX APIs to securely share data between systems. MIX also provides users with a strong API authorization process using the Activate tool to ensure that data is only shared with who you want when you want using the API you want.
Leave a Comment