The Federal Trade Commission (FTC) “Standards for Safeguarding Customer Information” (Safeguards Rule) under Section 501(a) of the Gramm-Leach Bliley Act (GLBA) define compliance requirements to protect consumer information from misuse or a data breach, and ultimately protect customers from identity theft or privacy violations. The Safeguards Rule underwent revisions on Dec. 9, 2021, which expanded many requirements of the original rule, including requiring dealerships to revise their programs and implement new compliance measures. Under the new Revised Safeguards Rule, dealerships must comply with the new requirements by Dec. 9, 2022.
If these new requirements are not met, the FTC can initiate an enforcement action against an auto dealer. Such enforcement might include long-term consent decrees with the company or executives as well as monetary fines over $46,000 per violation. Further legal costs make this a significant issue that needs to be carefully addressed. Dealers need to act now to ensure compliance and avoid such penalties. Baker Tilly is ready to help you achieve compliance with the new FTC Safeguards Rule with our approach tailored to the needs and concerns of dealerships.
The Revised Safeguards Rule requires a number of documented policies and procedures as well as implementation of security processes including the following:
Your journey to compliance should start with a diagnostic assessment to ensure you have a comprehensive roadmap for compliance. Afterward, you may identify the need for additional services to fully comply.
Many service providers may communicate changes and solutions to certain of the mandatory safeguards. However, several of the Safeguards Rule requirements include recurring assessments, training and support that are not covered by all providers. For this reason, it’s imperative you have a comprehensive roadmap to compliance.
It is vital for all auto dealers to ensure their compliance with new Safeguards Rule by Dec. 9, 2022.