What Auto Dealers Need to Know About the FTC Safeguard Rules

Nov 18, 2022

learn what auto dealers need to know about the FTC Safeguard Rules

Customers are an important part of any business, and we are always looking for ways to improve the customer experience by making things better and faster for them. However, in the process, we share a lot of their private information in the exchange of data and documents. This information can get mishandled by the entity itself or by a third party that gets access to the information.

Financial institutions are at the forefront and most vulnerable in customer data mishandling considering the nature of their business and the environment they operate in. So, not surprisingly, the Federal Trade Commission (FTC) has established rules and guidelines that must be complied with when handling customers’ private information.

Understanding the Federal Trade Commission Safeguards Rule

The Federal Trade Commission’s Standards for Safeguarding Customer Information – or simply put as the Safeguards Rule– is a federal mandate protecting the security of consumers. The body ensures that the entities that are protected by the federation also comply with and maintain safeguards in customer information protection. The safeguard rule was first established in 2003 with the same purpose as it is now, but it was amended in 2021 to keep pace with evolving business practices and technology. The revised safeguards provided more comprehensive guidance for business operations while maintaining the flexibility of the original safeguard rule.

The FTC’s latest amendment to the safeguards rule now requires car dealers to come up with a written security plan and implement it so that customers’ personal information is protected. The FTC had set the date for full implementation of the updated rules to December 9, 2022 – with an amended date of enforcement set for June 9, 2023.

With increased cases of cyberattacks and data breaches, this is great for consumers to make sure their personal information is safe. However, it will undoubtedly be a nightmare for car dealerships.

The safeguards rule originally targeted traditional financial institutions and businesses that are in possession of consumer information, such as credit unions, lenders, credit and card companies and traditional banks. However, the new protection impacts payday lenders and auto dealerships. These groups are all now required to develop a written information security plan to guard consumer information.

Auto dealerships are required to plan in advance to protect customer information from any impending risks like unauthorized access, theft, disclosure and destruction of consumer information. The size of their entity, available resources, and type personal data they acquire, as well as the nature of business they operate in, are among the core aspects that auto dealerships must look into as they develop their information security plans.

These efforts by the FTC are prompting businesses to implement plans to protect consumer information. They are all critical in ensuring that consumers have peace of mind that their personal information will remain secure and safe well after the car is purchased by the consumer.

learning what auto dealers need to know about the FTC Safeguard Rules before making a mistake.

What car dealerships now need to know.

Here is what a car dealership needs to know to comply with in the revised FTC rule by June 9, 2023:

Have a specialized individual for your information security program

Security programs are hard to structure and manage, especially in a busy working environment. Appoint someone – internally or externally – with experience in this field. This is a very critical department and any little mishap can mess up your dealership big time. This person should be responsible for ensuring that all the security program protocols are implemented and followed as per the guidelines given by the FTC.

Administer a security risk assessment

It is good practice to conduct an assessment to detect any foreseeable risks. You need to do a thorough review to determine if there are any chances that confidential consumer information can leak. Do regularly-scheduled tests to see if there are ways that unauthorized third parties could access information.

Continuously monitor and test your systems

Systems are good but not all systems are fully secure. Continuous testing should be a part of your new day-to-day at the dealership. Carry out annual vulnerability testing and performance scans on a regular basis to see if your systems could be prone to risks . Then, be proactive to fix them.

Monitor your third-party partners

Make it standard practice for your vendors and service providers to do regular security scans as well if they are inside your business software and systems. Make sure they are up-to-date with the requirements and safeguard measures in place. Be sure you have an agreement where they acknowledge required industry security standards. Clearly outline the repercussions of forfeiting such rules, and keep your vendors in check.

Train your entire staff

Your staff is interfacing with your customer data every day. This means they are a high priority when it comes to getting in-depth training on what it means to them to keep consumer information secure. Data can leak out through the weak points among your employees. Furthermore, untrained staff make a major target for cyber attackers when they get to know it. When your staff is well-trained, they get equipped and can spot a phishing attempt from a distance and take the right course of action.

Have a written incident response plan with you

The future is unpredictable, but we can always plan for it. Always have a thoughtful response and recovery protocols to give a guideline on the next course of action during a security event. Be sure to cover the following in your plan:

  • Detailed role distribution and responsibilities (who is responsible for doing what in your business)
  • The goals and objectives of your plans
  • Channels for documenting and reporting the security event and what the business response activity is
  • Internal activities that were taken in response to the security issue
  • Written notes to explain the aftermath of the event that indicates what happened
  • Response plan to the event

Consequences for a Dealership Breaking the Revised FTC Safeguards Rule

Failing to comply with the FTC safeguards rule risks a fine of up to $46,517 (per incident) for auto dealers. Looking into the amount of customer information that auto dealers handle, it is easy for them to fail to adhere to the compliance guidelines. The fine imposed is significant and can affect the auto dealer’s profit, not to mention the unfavorable ‘press’ that ensues. That’s why getting a plan in place for compliance is critical. In addition to the heavy FTC penalty, they also consider a violation of their safeguard rules as a deceptive and malicious trade practice, which can attract class action lawsuits from customers.

The Federation Trade Commission means business, and they are dedicated to ensuring consumers are fully protected. Ultimately the safeguards rule is meant to benefit both auto dealers and consumers. If a consumer doesn’t have to worry about getting tracked or phished later, it makes them a more confident and happy shopper. Happy shoppers mean more business and more profit for auto dealers. As auto dealers are entrusted with crucial consumer information, so should they also strive to safeguard their information.

Compliance and Peace of Mind with Botdoc

Auto dealers transfer customer information daily, and Botdoc can help them meet the FTC safeguards rule requirements easily, without slowing down employees or causing a headache for customers. That means dealerships can receive drivers licenses, bank account information and more without the use of pins, passwords, logins, accounts, apps, or software to download.

Botdoc is the first ever easy, remote, and secure file transport service that works via text messaging and email with end-to-end encryption. Our API automatically moves data to the appropriate area within the system of record, limiting the touchpoints of data. Botdoc even automatically purges documents after a certain amount of time, decreasing the risk and time spent purging documents manually.

Our solution is always simple to use because the customer experience is everything to us. Get started today by scheduling a demo. Let Botdoc help your dealership comply with the FTC safeguards rule and help you avoid a costly penalty.



Book a Demo