“There is quite a lot that dealers must do between now and December, and the time for dealers to act is now in order to ensure compliance by the deadline.” – NADA
Barcom Has Your Back
The revised FTC Safeguards Rule has many dealerships across the country scrambling to meeting compliance by the June 9th deadline. Dealers who fail to meet compliance may face penalties of up to $43,792 per violation.
The Barcom Technology Solutions team have provided extensive cybersecurity and IT services to dealerships across the country, with compliance being a large part of our focus.
If you would like to schedule a private consultation reach out to Ava Mattei.
(210) 870-1948
What does the revised Safeguards Rule require?
Barcom has gone through every page to find the rules that will impact dealers the most
- Submit a periodic written report to the dealership’s board of director or senior officer on compliance with these new requirements and overall status and results of the Information Security Program (ISP).
- Implement a written “Incident Response Plan”.
- Perform periodic written risk assessments that adhere to certain requirements.
- Encrypt all data in transit over external networks and at rest.
- Require Multi-Factor Authentication (MFA), such as an SMS/text verification code, for all systems containing customer nonpublic personal information (NPI).
- Implement a data retention policy and dispose of customer information within two years after the end of a customer relationship, unless doing so conflicts with state or federal law.
- Adopt procedures for IT “change management”.
- Appoint a single “Qualified Individual” to oversee the dealership’s ISP.
- Monitor and log the activity of authorized users and detect unauthorized use or access of customer information.
- Implement a system or software for continuous monitoring of cybersecurity threats, including annual penetration tests and bi-annual vulnerability tests.
- Perform “security awareness” training for all employees.
- Periodically assess service providers for their adequacy of physical and technical safeguards.
For a full description of the Safeguards Rule, we have included the FTC Website for your convenience.