To any motorbike, automotive, or RV dealership in the United States, June 9, 2023, was not just a day on the calendar. It was likely highlighted in red to mark the day on which all things changed.
In accordance with the FTC Safeguards Rule, auto dealers must comply with new guidelines. Updated set of rules to help in improving their effectiveness in safeguarding the personal data of their customers from cyberattacks.
This article is a “dealer guide” to the FTC Safeguards Rule to assist you in the following:
Find out who is covered under the new regulations.
What steps can be taken to ensure compliance?
What does this mean for car dealerships;
How you can improve your lead generation for automotive campaigns through LeadsBridge.
What is the FTC Safeguards Rule?
The Federal Trade Commission’s Standards for Safeguarding the Privacy of Customers The Safeguards Rule, for short, is a set of rules that requires financial institutions to create and implement a comprehensive data security plan.
The goal of the Safeguards Rule is to ensure the security, confidentiality, and integrity of the customer’s Personally Identifiable Information (PII) from cyberattacks, identity theft, and other types of fraud.
What kinds of businesses are covered in the Safeguards Rule?
The Safeguards Rule applies to all financial institutions under the jurisdiction of the FTC and isn’t under the authority of an enforcement regulator as per Section 505 under the Gramm-Leach-Bliley Act.
A company is categorized as”a ” financial institution” when it is engaged in an act that is “financial in nature” or is “incidental to such financial activities.”
In section 314.2(h) of the regulation, Here are some examples of entities classified as financial institutions in the Safeguards Rule:
In light of the fact that leasing or buying cars is among the largest financial transactions that consumers make (aside from purchasing a home), the FTC Safeguards Rule involves auto dealers, too.
The reasons why you must comply with the latest FTC rules for car dealerships
The primary reason that the FTC rules for auto dealers must be taken seriously from now on is this particular number: $50,125. That’s the maximum amount per transaction that the FTC could fine you.
Think about the amount of PII (current as well as past) both you and your employees have on your computer or phones, as well as your business systems. This includes driver’s licenses, IDs, insurance cards, or any other form of document with the name of a client, along with further details regarding them.
It could be hundreds or even thousands. Then, take this number and divide it with $50,125. If you consider it is the case that each of these PII items is regarded as one incident and is, therefore, an enormous amount of money the owner of a dealership would be required to pay.
FTC rules on auto dealerships: How can they do?
A new FTC Safeguards Rule requires dealerships to establish an Information Security Program that includes a set of rules and procedures they must follow so as to safeguard their customers’ data from unauthorized access and data security breaches.
In accordance with the FTC automotive dealerships’ cybersecurity rules, ” customer information” is “any record containing nonpublic personal information about a customer of a financial institution, whether in paper, electronic, or other form, that is handled or maintained by or on behalf of you or your affiliates.” In essence, it provides information about your customers as well as data about customers from other financial institutions who have provided the information to you in any other form.
The information security plan you have in place should be documented and designed with consideration of the dimensions as well as the complexity of your company, the nature, and scale of your business, as well as the importance of the data you manage. To find out the specifics of this for your company, it is recommended to talk to your legal professional.
It is essential to implement and regularly examine access controls. This means you must decide who has access to customer information and the ways they are able to access it. For instance, your company might require employees to log into the system using a specific password and user ID or even electronic keys. After access control is in place, ensure that you review them on a regular basis.
Maintain an inventory
Be aware of the information you hold and where it is. It is essential to be mindful of the company’s information infrastructure. Keep a regular review of your data and note the places it’s stored, collected, or sent. Keep a detailed inventory of all the platforms, systems, devices, and people.
Encrypt data during transport and in rest
Encryption is the process of changing data that is understandable into an unintelligible format. In this way, anyone who doesn’t possess the right key will not be in a position to gain access to the data. Of all the FTC regulations for dealerships, the most likely one that most car dealers aren’t ready to meet is the all-inclusive encryption requirements to protect all information that is in transit or at rest on internal and external networks.
Each piece associated with PII that is transferred electronically between the consumer and the dealer is required to be encrypted. At the same time, in the process, which means that, from now on, to ensure that the dealership is FTC-certified, the sales employees are no longer allowed to transmit PII through unencrypted text or via email. In addition, using services to disguise your IP will further guarantee your privacy and security online.
Auto dealers must use alternative solutions, such as such as secure email service. They could also ask their customers to give the details through a phone call or directly through a website.
Review your customized applications.
If your company has created custom software that stores data, allows access to, or transfers customers’ information, make sure they comply with FTC requirements for dealerships in the automotive industry.
It is mandatory to use the Multi-Factor Authentication (MFA) to gain access to your company’s applications and the data of your customers. Alongside usernames or passwords, MFA adds a layer of security, having users supply a different authentication method that could be a one-time password or biometric information – when logging in.
Securely dispose of customer data.
You are allowed to keep certain documents for no more than two years following the most recent usage of it. Then, you’re required to use secure methods to remove it.
Examine and anticipate any changes to your systems of information
If you’re thinking of altering the information system you use – that could include new equipment, technology software, updates, or changes to your personnel – you should consider how this can impact the security of customer information and then take steps to ensure that you comply with the latest FTC automobile trade regulations rule.
Keep a log of access.
It is mandatory to set up an audit system that can keep track of authorized users’ access to have access to data of customers and to monitor any unauthorized access.
It is important to note it is important to note that these guidelines aren’t complete. The best method to make sure that you comply is to ensure that your compliance and legal teams review the full scope of the new FTC regulations.
Automate the lead generation process for your dealership through LeadsBridge integrations.
In addition to the complications of the FTC automobile dealership regulations, auto dealers must come up with solutions to make the lead generation processes simpler and quicker.
Fortunately, LeadsBridge offers several specific industry-specific integrations to allow auto dealers to communicate lead information across their marketing platform in a secure, automated, and real-time.
The method of operation is quite simple: to connect your martech stack to LeadsBridge’s integrations. Whenever someone fills out an application (either via an advertising platform or on your site), the lead will be sent to your CRM or email marketing software, autoresponder, or any other marketing tool in real time.