- Designate a qualified person to oversee their information security program,
- Develop a written risk assessment,
- Limit and monitor who can access sensitive customer information,
- Encrypt all sensitive information,
- Train security personnel,
- Develop an incident response plan,
- Periodically assess the security practices of service providers, and
- Implement multi-factor authentication or another method with equivalent protection for anyone accessing customer information.
The Federal Trade Commission has announced it is extending, by six months, the deadline for companies to comply with some of the amendments to the FTC’s Safeguards Rule. The deadline for complying with some of the updated requirements of the Safeguards Rule is now June 9, 2023.
The FTC issued a complex set of new amendments to its Safeguards Rule, which require dealers to undertake a series of procedural, technical, and contractual steps to protect consumer and other personal data. The provisions of the updated rule specifically affected by the six-month extension include requirements that covered financial institutions:
There is quite a lot that dealers must do to comply with the changes. Dealers are encouraged to continue in their efforts to expeditiously comply will all the new requirements of the Rule but should consult with their attorneys, service providers and IT professionals about the potential impact of this deadline extension.
For technical assistance, FADA recommends ComplyAuto. Its compliance solution specifically designed for dealerships has been endorsed by more than 30 statewide dealer associations.