How can automotive dealerships ensure they meet the new compliance requirements outlined by the updated Federal Trade Commission (FTC) Safeguards Rule by the December 8, 2022, deadline?
The Federal Trade Commission (FTC) announced several updates to the Safeguards Rule this past October with the intent of combatting cyber-attacks and safeguarding consumer information. Citing the widespread data breaches impacting consumers, the FTC updates aim to better protect consumers from breaches and cyberattacks that lead to identity theft and financial loss.
What must an automotive dealership’s information security program include?
The nine required elements of an information security program are outlined in Section 314.4 of the Safeguards Rule:
Designate a “qualified individual” to implement and supervise your company’s information security program.
Conduct a risk assessment to determine foreseeable risks and threats.
Design and implement safeguards to control identified risks from risk assessments.
Regularly monitor and test the effectiveness of safeguards.
Train staff by providing security awareness training and regular refreshers.
Monitor service providers with the appropriate safeguards (third-party risk management).
Keep information security programs current.
Create a written incident response plan that meets specific Safeguards Rule requirements.
Require the “qualified individual” to report to the Board of Directors or governing body.
Are any other institutions or businesses impacted by the FTC Safeguards Rule?
While the focus of this piece is on automotive dealerships, the updated FTC Safeguards Rule also applies to non-banking financial institutions, such as mortgage brokers, and payday lenders.
How can Schneider Downs help automotive dealerships' information security programs meet the updated FTC Safeguards Rule?
The myriad of information security program requirements under the updated FTC Safeguards Rule has put a huge burden on automotive dealers who do not have the internal resources to meet the outlined security information requirements.
The Schneider Downs cybersecurity team and automotive industry group work together to provide the industry knowledge and technical talent to help automotive dealers meet the FTC Safeguards Rule’s December 9, 2022 deadline.
If you have any questions about your information security program or the FTC Safeguards Rule, please reach out to me directly at [email protected].
The Schneider Downs cybersecurity practice consists of experts offering a comprehensive set of information technology security services, including penetration testing, intrusion prevention/detection review, ransomware security, vulnerability assessments and a robust digital forensics and incident response team. In addition, our Digital Forensics and Incident Response teams are available 24x7x365 at 1-800-993-8937 if you suspect or are experiencing a network incident of any kind.
You’ve heard our thoughts… We’d like to hear yours
The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at [email protected].
Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.