By 
0
0
To any motorbike, automotive, RV, or power sports dealership across the nation, June 9, 2023, was not just a day on the calendar. It was most likely identified in red to mark the day on which the world changed.
In accordance with the FTC Safeguards Rule, Auto dealers currently must adhere to the updated set of rules to help in more effectively safeguarding the personal data of their customers from cyber-attacks.
This article is a “dealer guide” to the FTC Safeguards Rule to aid you in the following ways:
What is the FTC Safeguards Rule?
The Federal Trade Commission’s Standards for Safeguarding Customer Information The Safeguards Rule, for short, is a set of rules that requires financial institutions to create and implement a complete information security plan.
The goal of the Safeguards Rule is to ensure the security, confidentiality, and integrity of the customer’s Personally Identifiable Information (PII) from cyberattacks, identity theft, and other types of fraud.
What types of businesses fall within the Safeguards Rule?
The Safeguards Rule applies to all financial institutions subject to the FTC’s authority and isn’t under the control of an enforcement regulator as per paragraph 505 in the Gramm-Leach-Bliley Act.
A company can be classified as a ” financial institution” by engaging in a business that is “financial in nature” or is “incidental to such financial activities.”
According to section 314.2(h) of the regulation, Here are some examples of entities considered to be financial institutions in the Safeguards Rule:
In light of the fact that leasing or buying cars is among the largest financial transactions that consumers make (aside from the purchase of a home), the FTC Safeguards Rule involves auto dealers, too.
What are the reasons you should be following the brand new FTC rules for dealerships of cars?
The most important reason why FTC rules for auto dealers must be taken seriously from now on is this figure: $50,125. That’s the maximum amount per transaction that the FTC could fine you.
Think about the number of items of PII (current and previous) both you and your employees are carrying around on your computers or phones, as well as your business systems. This includes driver’s licenses, IDs, insurance cards, and any other document with the name of a client, along with further details regarding them.
It could be hundreds or even thousands. Take the number, and then multiply by 50,125. If you consider it is the case that each of these PII items counts as one incident, which is an enormous amount of money that a dealer owner would be required to cover.
FTC rules on auto dealerships: How can they do?
A new FTC Safeguards Rule requires dealerships to establish an info security plan that includes a set of rules and procedures they must follow so as to safeguard their customers’ data from unauthorized access and data security breaches.
As per the FTC security regulations for car dealerships, ” customer information” is “any record containing nonpublic personal information about a customer of a financial institution, whether in paper, electronic, or other form, that is handled or maintained by or on behalf of you or your affiliates.” It is basic information regarding your customers as well as details about customers from other financial institutions who have disclosed that data to you.
Your security program for information must be documented and designed with consideration of the magnitude and scope of the company, the nature and scale of your business, and the security of the data you manage. To find out the specifics of this to your company, it is recommended to discuss this with your legal professional.
Install access controls
It would be best if you implemented and regularly checked access control controls. This means you must decide who has access to customer information and the ways they are able to access it. For instance, your business may require employees to sign into the system using a specific username and password or even a keycard system that is electronic. When access security is set, ensure that you review them on a regular basis.
Maintain an inventory
Find out what data you have and where you store it. It is essential to understand the details of the information system in your business. Make a routine check of the data in your system, and note the locations where it is collected, stored, or transferred. Maintain an accurate record of all devices, strategies, platforms, and personnel.
Secure information during transport and in the rest
Encryption is the process of changing data that is understandable into an unintelligible format. So that anyone who doesn’t have the appropriate key will not be permitted to access the information. Of all the FTC rules for car dealerships that apply to car dealerships, this is one that many dealers aren’t ready for the all-to-one encryption requirements in all data on the move and rest on internal and external networks.
Every piece associated with PII that is transferred electronically between the customer and the retailer must be encrypted during transit. This means that, as of today, in order to become FTC conforming, the sales personnel are no longer capable of transmitting PII through unencrypted text or via email. In addition, using a service to conceal your IP will further guarantee your privacy and security online.
Auto dealers must look for alternative solutions such as such as encryption of email. They could also instruct their customers to supply the details by phone or directly on a site.
Check out your personalized applications
If your company has created custom software that stores data, allows access to, or transfers customers’ information, make sure they comply with FTC requirements for compliance for auto dealerships.
Implement MFA
It is required to implement multi-factor Authentication (MFA) to gain access to your company’s applications and customer data. Alongside usernames as well as passwords, MFA adds a layer of security by making users provide a different authentication method, which could be a one-time password or biometric identifiers – during login.
Securely dispose of customer data
You are allowed to keep certain records for a maximum of two years after the last usage of it. Then, you’ll be required to secure the paper and eliminate it.
Be aware of and assess the impact of changes to your information systems
If you’re considering making changes to or upgrading your systems for information – this could include new equipment, technologies, software, updates, or changes to your personnel – you must consider how this can impact the security of customer information and then take steps to ensure that you comply with the latest FTC Motor vehicle trading regulations rule.
