Skip to content

Is Your Dealership Safeguards Compliant?

The Federal Trade Commission has updated the Safeguards Rule to include new requirements to protect customer information. Dealerships must be fully compliant by June 9, 2023. Is your dealership ready?

Schedule Your Compliance Audit
PROTECT YOUR CUSTOMERS FINANCIAL INFORMATION AND MAINTAIN COMPLIANCE

Get a Safeguards Compliance Audit

The new Safeguards Rule requirements go into effect on June 9, 2023. Currently, around 80% of dealerships are not in compliance with the new requirements of the FTC’s Safeguards Rule.

Get your dealership in compliance faster and easier with a Safeguards Compliance Audit from In-Telecom. We have the tools and expertise to make sure you’re compliant by the deadline and prepared to protect your customers’ financial information.

Cybersecurity Planning & Risk Assessments

Maintain FTC Safeguards compliance with regular cybersecurity risk assessments. Ensure your network infrastructure protects your customer information.

Access Control & Penetration Testing

Maintain control of your facilities with updated access control procedures and systems. Routinely examine and assess who has access to sensitive customer data.

Multi-Factor Authentication

Maintain a log of users and improve security with multi-factor authentication for anyone accessing customer data.

How Does the New Safeguards Rule Impact Your Dealership?

The FTC’s Safeguards Rule is the standard all dealerships must follow for protecting customer information. While the rule has been in effect since 2003, the FTC has recently updated their requirements for handling consumer information, especially financial records.

For dealerships, many of the requirements became effective on January 10, 2022. While the rest of the requirements must be implemented by June 9, 2023.

What Does the New Safeguards Rule Require Dealerships to Do?

The FTC has set specific rules in place to maintain a dealership’s information security program and includes specific requirements that all dealerships must follow. 

The information security program must be written and appropriate for the size of your business. The program should meet the following objectives:

  • Ensure the security and confidentiality of customer information
  • Protect against unauthorized access to information that could result in substantial harm or inconvenience to any customer.
  • Protect against anticipated threats or hazards to security or the integrity of that information.

What Should a Dealership Security Program Look Like?

According to the FTC’s Safeguards Rules, there are 9 elements that must be included in your security program.
  1. Designate a Qualified Individual to implement and supervise your company’s information security program
  2. Conduct a risk assessment
  3. Design and implement safeguards to control the risks identified in your risk assessment
    1. Implement and periodically review access controls.
    2. Know what you have and where you have it.
    3. Assess your apps
    4. Implement multi-factor authentication for anyone accessing customer information on your system.
    5. Dispose of customer information securely
    6. Anticipate and evaluate changes to your information system or network
    7. Maintain a log of authorized users’ activity and keep an eye out for unauthorized access.
  4. Regularly monitor and test the effectiveness of your safeguards
  5. Train your staff
  6. Monitor your service providers
  7. Keep your information security program current
  8. Create a written incident response plan
  9. Require your Qualified Individual to report to your Board of Directors.

Ready to Crush Your Business Challenges?

Schedule a quick call with our team to discuss the challenges your business is facing, and how we can help you overcome them!