Keep Your Dealership Compliant with the FTC's Safeguards Requirements-- SIGN UP TODAY!
Updated Info: November 15, 2022
FTC Extends Deadline by Six Months for Compliance with Some Changes to Financial Data Security Rule
Financial institutions covered by the Safeguards Rule must comply with certain provisions by June 9, 2023
• Consumer Protection
The Federal Trade Commission today announced it is extending by six months the deadline for companies to comply with some of the changes the agency implemented to strengthen the data security safeguards financial institutions must put in place to protect their customers’ personal information. The deadline for complying with some of the updated requirements of the Safeguards Rule is now June 9, 2023.
The Safeguards Rule requires non-banking financial institutions, such as mortgage brokers, motor vehicle dealers, and payday lenders, to develop, implement, and maintain a comprehensive security program to keep their customers’ information safe.
The Commission is extending the deadline based on reports, including a letter from the Small Business Administration’s Office of Advocacy, that there is a shortage of qualified personnel to implement information security programs and that supply chain issues may lead to delays in obtaining necessary equipment for upgrading security systems. These difficulties were exacerbated by the COVID-19 pandemic. These issues may make it difficult for financial institutions, especially small ones, to come into compliance by the deadline.
The FTC approved changes to the Safeguards Rule in October 2021 that include more specific criteria for what safeguards financial institutions must implement as part of their information security programs. While many provisions of the rule went into effect 30 days after publication of the rule in the Federal Register, other sections of the rule were set to go into effect on December 9, 2022. The provisions of the updated rule specifically affected by the six-month extension include requirements that covered financial institutions:
• designate a qualified individual to oversee their information security program,
• develop a written risk assessment,
• limit and monitor who can access sensitive customer information,
• encrypt all sensitive information,
• train security personnel,
• develop an incident response plan,
• periodically assess the security practices of service providers, and
• implement multi-factor authentication or another method with equivalent protection for any individual accessing customer information.
The Commission vote to extend the deadline was 4-0.The Federal Trade Commission works to promote competition and protect and educate consumers. Learn more about consumer topics at consumer.ftc.gov, or report fraud, scams, and bad business practices at ReportFraud.ftc.gov. Follow the FTC on social media, read consumer alerts and the business blog, and sign up to get the latest FTC news and alerts.
Oregon IADA will host an online Compliance Course for all Oregon Dealers and will be available beginning July 15th, 2022. All Dealers must be compliant June 9, 2023 (or face a fine up to $4,000!) This course is worth 1 credit of Continuing Education.
Auto dealerships collect significant personal information about their customers. This can include names, addresses, phone numbers, social security numbers, and credit and financial information. The Gramm-Leach-Bliley Act Safeguards Rule requires car dealers to protect this consumer information from unauthorized access, fraud, or misuse.
Despite the sensitive nature of customer information that auto dealers must collect, many dealers do not have appropriate protections in place to prevent customer data from theft or misuse. If you’re an automotive executive, you know that in many cases dealerships keep customer files poorly secured both physically and digitally. You may not know that failing to effectively protect customer data could lead to substantial fines and penalties from the federal government.
To comply with the GLB Safeguards rule, auto dealers must implement procedures including,
• Develop, implement and maintain a comprehensive written information security plan
• Ensure that affiliates of the dealership maintain appropriate safeguards
• Designate an employee or employees to coordinate the safeguards
• Identify the risks to customer information in each area of the dealership’s operation
• Evaluate the effectiveness of the current safeguards for controlling these risks
• Design and implement a safeguards program, and regularly monitor and test it
• Select appropriate service providers and contract with them to implement safeguards
These regulations apply to all dealerships, no matter what size or type. In implementing the above regulations, dealers must consider all aspects of their operations, including employee training, information systems, managing system failures, and more.
Special “Thank You” to Texas IADA for teaming up with OIADA!
Go to the Texas Dealer Education Portal through the link below to take the course-- Only $75 for the Qualified Individual and $49 Each for All Other Employees
- Sample policies and agreements are included at no additional charge (Qualified Individual Course Only)
- The course is flexible and on-demand to fit your busy schedule
- Volume Purchase discounts available for members
- All users earn a certificate upon completion
You can also use the QR Codes below to access the course.
Contact OIADA for more information 503-362-6839