The landscape of security threats is ever-changing, necessitating the adaptation of more comprehensive security policies. In the face of this reality, the Federal Trade Commission (FTC) has extended its Safeguards Rule, originally developed for financial institutions, to include automotive dealerships. This rule is designed to maintain safeguards that protect the security of customer information, making businesses more resilient to cybersecurity incidents.
The revised Safeguards Rule applies to all customer information in your possession, whether it pertains to individuals with whom you have a customer relationship or to the customers of other financial institutions that have provided information to you. This change expands the types of businesses now required to follow this rule, including auto dealerships with over 5,000 customer records. Importantly, this includes all records, not just transaction ones.
The FTC has set a deadline of June 9th, 2023, for all dealers to meet the following requirements if they have over 5,000 customer records:
No industry is safe from cyber attacks. Small, medium, and large companies alike are targeted for phishing, ransomware, or other cyber-attacks that put personal information at risk. The consequences of such breaches can range from identity theft and document tampering to misappropriation of data.
If your auto dealership suffers a security incident, you may be subject to an audit by the FTC for compliance. Non-compliance could result in fines. Furthermore, your cybersecurity insurance provider may also conduct an audit. If they find you are not compliant with the new Safeguards Rule, they may not cover the incident.
While the June 9th, 2023 deadline may seem far away, now is the time to start implementing these critical security regulations. Here are some steps to consider:
The FTC’s new Safeguards Rule aims to protect the security of customer information and increase resilience to cybersecurity incidents. The rule's extension to car dealerships is indicative of the increasing importance of cybersecurity across all industries.
With the June 9th, 2023 deadline quickly approaching, it’s vital to understand the requirements of the FTC Safeguards Rule and take the necessary steps to ensure compliance. By doing so, you are not only protecting your business from potential cybersecurity incidents and compliance issues but also securing the trust and confidence of your customers. It's a win-win situation - improving your business's security posture while enhancing the customer experience.
Remember, cybersecurity is not a one-off project but a continuous journey. The environment is dynamic, and threats are continually evolving. Therefore, it is essential to regularly review and update your Information Security Plan and stay informed about the latest cybersecurity trends and best practices.
Stay safe and stay compliant. Your customers are counting on you.