FTC Announces Data Security Rules For Dealers

The FTC's Safeguards Rule has updated dealer guidelines for protecting customer data from breaches and cyberattacks. The new rule sets specific criteria, formal employee training, and third-party audit requirements to ensure a dealer and its vendors follow the guidelines. 

Specifics? Many dealers will find they are already in compliance. The 2003 Gramm-Leach-Bliley Act designated dealers as financial institutions due to customer financing agreements. 

All dealers will be required to: 

• Perform a proper audit of internal and vendor systems
• Appoint a qualified individual to oversee information security 
• Implement encryption and two-factor authentication systems
• Perform regular intrusion-detection tests
• Train all employees on the new measures.

‍