Guest commentary: Auto dealers, you can’t afford to ignore revised FTC Safeguards Rule

According to a dealer-focused webinar poll cited by AutoSuccess, 36 percent of respondents said they’re just getting started with their Safeguards Rule compliance plans, and only 25 percent were close to done.

If you’re not yet compliant, you’re not alone. That said, the Federal Trade Commission can enforce steep fines of up to $100,000 per violation now that the June 9 deadline has passed; it’s critical to put in place your compliance plan now.

Here’s why auto dealers should care, and what steps to take to get compliant.

The revised FTC Safeguards Rule put an emphasis on data protection and robust security measures.

To comply, dealerships must strengthen access controls and implement multifactor authentication on accounts with access to customer financial data.

A key part of the Safeguards Rule requirements is a data security program with identity and access management support.

Since nearly all dealerships store customer financial information, the Safeguards Rule applies. Although there is an exception for dealerships with 5,000 or fewer customer records, industry leaders such as the National Automobile Dealers Association believe “few, if any, dealers will be able to take advantage of this exception.”

Failure to comply puts your dealership at risk of lawsuits in the event of a data breach. This means that on top of FTC penalties, the financial impact of a data breach can span hundreds of thousands to millions of dollars.