Automotive Dealerships and the FTC Safeguards Rule Deadline: Is Your Information Security Program Compliant?

How can automotive dealerships ensure they meet the new compliance requirements outlined by the updated Federal Trade Commission (FTC) Safeguards Rule by the December 8, 2022, deadline?

The Federal Trade Commission (FTC) announced several updates to the Safeguards Rule this past October with the intent of combatting cyber-attacks and safeguarding consumer information. Citing the widespread data breaches impacting consumers, the FTC updates aim to better protect consumers from breaches and cyberattacks that lead to identity theft and financial loss.

What must an automotive dealership’s information security program include?

The nine required elements of an information security program are outlined in Section 314.4 of the Safeguards Rule:

  1. Designate a “qualified individual” to implement and supervise your company’s information security program.
  2. Conduct a risk assessment to determine foreseeable risks and threats.
  3. Design and implement safeguards to control identified risks from risk assessments.
  4. Regularly monitor and test the effectiveness of safeguards.
  5. Train staff by providing security awareness training and regular refreshers.
  6. Monitor service providers with the appropriate safeguards (third-party risk management).
  7. Keep information security programs current.
  8. Create a written incident response plan that meets specific Safeguards Rule requirements.
  9. Require the “qualified individual” to report to the Board of Directors or governing body.

The complete listings, requirements and details are available to view at and a PDF version of our guide is available here

Are any other institutions or businesses impacted by the FTC Safeguards Rule?

While the focus of this piece is on automotive dealerships, the updated FTC Safeguards Rule also applies to non-banking financial institutions, such as mortgage brokers, and payday lenders.

How can Schneider Downs help automotive dealerships' information security programs meet the updated FTC Safeguards Rule?

The myriad of information security program requirements under the updated FTC Safeguards Rule has put a huge burden on automotive dealers who do not have the internal resources to meet the outlined security information requirements.

The Schneider Downs cybersecurity team and automotive industry group work together to provide the industry knowledge and technical talent to help automotive dealers meet the FTC Safeguards Rule’s December 9, 2022 deadline.

If you have any questions about your information security program or the FTC Safeguards Rule, please reach out to me directly at [email protected].

Related Links

About Schneider Downs Cybersecurity

The Schneider Downs cybersecurity practice consists of experts offering a comprehensive set of information technology security services, including penetration testing, intrusion prevention/detection review, ransomware security, vulnerability assessments and a robust digital forensics and incident response team. In addition, our Digital Forensics and Incident Response teams are available 24x7x365 at 1-800-993-8937 if you suspect or are experiencing a network incident of any kind.

To learn more, visit our dedicated Cybersecurity page or contact the team at [email protected]

Want to be in the know? Subscribe to our bi-weekly newsletter, Focus on Cybersecurity, at

You’ve heard our thoughts… We’d like to hear yours

The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at [email protected].

Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.

© 2022 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

our thoughts on
Bring Extra Water to Put Out That EV Fire
EVs Are Zero Emissions? Not!
Buyer Beware: Five Common Holiday Scams of 2022
Automobile, Tax BY Steven Barber
The FTC Safeguards Rules Are Extended to June 9, 2023
New Phishing Scam Targets Verified Twitter Accounts
Cybersecurity Awareness Month is Over… Now What?
Register to receive our weekly newsletter with our most recent columns and insights.
Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.

Ask us
contact us

This site uses cookies to ensure that we give you the best user experience. Cookies assist in navigation, analyzing traffic and in our marketing efforts as described in our Privacy Policy.