In today’s regulatory environment, adhering to the FTC Safeguards Rule and its annual reporting requirements is essential for businesses committed to protecting customer information. This annual review is key to demonstrating a firm’s dedication to compliance and cybersecurity, ensuring that sensitive data remains secure against evolving threats. With the submission deadline coming around the corner, it’s time for dealers to gather their data.

Safeguards Rule: Securing Customer Data

The Safeguards Rule provides a framework for financial institutions to protect customer information by requiring them to have measures in place to ensure the security and confidentiality of customer records and information.

The Safeguards Rule applies broadly, covering all financial institutions that collect customer information, thereby ensuring that a wide range of entities, from banks to credit providers, to auto dealers adhere to stringent data protection standards.

Key Revisions to the FTC Safeguards Rule

Effective June 9, 2023

The Federal Trade Commission (FTC) has implemented key revisions to the Safeguards Rule, which is crucial for ensuring the protection of consumers’ personal information within financial institutions. These revisions aim to strengthen the security and confidentiality of customer information, compelling businesses to adapt to more rigorous standards. Notably, the changes include:

• Strengthened security and confidentiality requirements for customer information.
• Introduction of specific criteria for effective information security programs.
• Requirement for financial institutions to designate a qualified individual to oversee their information security program.
• Development of a written incident response plan is now mandatory.
• Regular testing and monitoring of the effectiveness of safeguards are required.
• Expanded definition of financial institutions to include a broader range of businesses.

These revisions reflect the FTC’s commitment to consumer privacy and security in the digital financial landscape.

Penalties for Safeguards Violations are Steep

Violations of the CARS Rule constitute unfair and deceptive acts and practices under Section 5 of the FTC ACT, and the FTC can impose penalties of $50,120 per violation.

Your Reputation is Everything

CDK Global has released its third annual State of Dealership Cybersecurity report, highlighting that cyber attacks have affected dealerships in various operational and financial ways.

• 69% of dealerships reported experiencing downtime.
  As a consequence, these dealerships had to purchase new hardware or software.
• 31% of dealerships noted they suffered damage to their reputation due to these issues.

So, data safeguards are crucial not only from a regulatory standpoint but also for consumer trust. A lack of trust in your dealership’s information security practices can lead to significant problems, including losing repeat customers.

Annual Reporting for Enhanced Information Security: Navigating the Safeguards Rule

First report due no later than June 8, 2024

The Safeguards Rule mandates financial institutions to submit an annual report focusing on the comprehensive assessment and effectiveness of their information security program. The report must detail:

• Administrative, technical, and physical safeguards for protecting customer information.
• Summary of significant risk assessments conducted throughout the year.
• Rationale behind the selected safeguards.
• Evaluation of the effectiveness of these safeguards in addressing identified risks.
• Documentation of any security events or breaches, including the institution’s response and preventative measures for future incidents.

This serves as a tool for management oversight and regulatory compliance. And, it also ensures institutions implement and continually improve robust security measures in response to evolving threats.

Strengthening Trust with Robust Safeguards Reporting

The annual report requirements under the Safeguards Rule represent a critical framework for dealers to not only ensure the security and confidentiality of customer information but also to reflect on and refine their cybersecurity measures.

By meticulously documenting their safeguards, assessing their effectiveness, and transparently reporting security events, dealers can better protect themselves against emerging threats and maintain their trustworthy reputation with their customers.

This ongoing process of evaluation and improvement is essential in the dynamic landscape of information security, where the cost of complacency can be high.

Complete Safeguards Compliance with KPA

KPA provides dealers with comprehensive compliance solutions and expert guidance to help them meet Safeguards Rule requirements efficiently, ensuring customer information is protected through robust security measures and policies.

Talk to our compliance experts to learn more about Privacy and Safeguards solutions for your dealership.