Source Point MSP

Deadline Extended for Dealerships to Comply with the Revised Safeguards Rule

On November 15, 2022, the FTC revised the deadline for compliance with the Safeguard Rule, citing personnel shortages and supply chain issues. Entities covered by this rule now have until June 9, 2023, to ensure compliance.

On November 15, 2022, the Federal Trade Commission (FTC) has extended its deadline to June 9, 2023 for any company that collects Personally Identifying Financial Information (PIFI) to comply with the revised “Standards for Safeguarding Customer Information” (Safeguards Rule) under the Gramm-Leach-Bliley Act (GLBA). The Safeguards Rule is intended to strengthen data security to help protect your customers’ financial data. Originally, the deadline to comply was December 9, 2022.

The Federal Trade Commission (FTC) has established several primary objectives for dealerships regarding information security. Here are eight essential elements that should be included in an information security program to best address these objectives:

  1. Risk Assessment: Conduct a comprehensive risk assessment to identify potential risks and vulnerabilities that could compromise the confidentiality, integrity, and availability of your dealership’s data.
  2. Written Information Security Program (WISP): Develop and implement a WISP that outlines your dealership’s policies and procedures for safeguarding sensitive information.
  3. Data Classification: Classify the data that your dealership collects, processes, and stores according to its level of sensitivity and criticality.
  4. Access Controls: Implement access controls that restrict access to sensitive data to authorized personnel only, and enforce strong authentication measures such as two-factor authentication.
  5. Incident Response Plan: Establish an incident response plan that outlines the procedures your dealership will follow in the event of a security breach, including incident investigation, containment, and remediation.
  6. Employee Training and Awareness: Provide regular training and awareness programs to employees to ensure that they understand their roles and responsibilities in safeguarding sensitive information.
  7. Third-Party Risk Management: Develop and implement policies and procedures for managing the risks associated with third-party service providers that have access to your dealership’s data.
  8. Continuous Monitoring and Improvement: Continuously monitor and assess the effectiveness of your dealership’s information security program, and make improvements as necessary to ensure that it remains current and effective.

By including these eight elements in your dealership’s information security program, you can help ensure that you are addressing the primary objectives established by the FTC and protecting your dealership’s sensitive information from potential security breaches.

Together, we can alleviate your stress as you navigate the strictest security measures the industry has experienced. Contact us today to learn more about our Managed Detection And Response service.


Leave a Comment