Skip to main content

FTC Safeguards Rule & What Your Automotive Dealership Should Know

managed IT Services | Cyber Security

What are the FTC Safeguard rules for automotive dealerships? When do you need to have your dealership compliant with these new rules? Why do automotive dealerships require security compliance? In this article we are going to help you get all of these questions answered. 


As an Office Technology Provider, we ensure businesses comply with all IT industry standards. For this reason, we want to ensure that we educate businesses to ensure they are equipped with the information they need to ensure they are set up for success. In this article, we will explain what the Federal Trade Commission(FTC) is and what your dealership needs to do to comply. 


What is the Federal Trade Commission (FTC)? 

The Federal Trade Commission enforces antitrust and consumer protection laws. Its mission is to prevent fraudulent, deceptive, and unfair business practices. They also provide information that helps consumers stop and avoid scams and fraud. The Safeguard rule was first issued in 2002 and took effect on May 23, 2003. 


As the landscape of security threats continues to change, requirements for more in-depth security policies must adapt. For this reason, the FTC has recently revised Safeguards Rule, which expands many requirements of the original 2003 rule. 


What is the Safeguards Rule? 

The Safeguards Rule ensures that entities covered by the Rule maintain safeguards to protect the security of customer information. The FTC made changes to the Safeguard Rule in 2021 to ensure it is at pace with current technology. The Safeguard Rule gives businesses concrete guidelines to follow to keep their customer information safe from cyber security incidents.  


The revised Safeguards Rule applies to all customer information that is in your possession, whether the information pertains to individuals with whom you have a customer relationship or to the customers of other financial institutions that have provided information to you. 


What are the updated FTC Safeguards Rule for automotive dealers?

These requirements are expected to be met by December 9, 2022. All dealers must satisfy this list of requirements regardless of their size, systems, or information they maintain. 

1. Designate a Qualified Individual to Oversee, Implement, and Enforce your Information Security Program

2. Conduct Risk Assessments on Information Security and Existing Safeguards

3. Implement Mandatory Safeguards to Control Risks

  • Access Controls 
  • Systems Inventory 
  • Encryption
  • Secure Development Practices
  • Multli-Factor Authentication (MFA)
  • Disposal Procedures
  • Change Management Procedures
  • Monitoring and Logging of Authorized User Activity

4. Regularly Test or Audit the Effectiveness of Your Safeguards’ Key Controls, Systems, and Procedures

5. Implement Policies and Procedures for Personnel to Implement Your Information Security Program

6. Oversee Service Providers

7. Draft Your Incident Response Plan

8. Prepare an Annual Report to the Board or Equivalent 

Why is the Safeguards Rule Important for Automotive Dealerships to Follow?


No matter what industry you're in, you're not safe from the current cyber threats. As long as your business has any access to personnel information, then you are a target. Data breaches are in the news almost every day. Small, medium, and large companies are targeted for phishing, ransomware, or other cyber-attacks that put personal information at risk of exposure. 


This can cause lead to identity theft, document tampering, or misappropriation of data. This is a devastating situation for your customers and could also put your dealership at risk of losing current or potential clients. 

Need Help Implementing the FTC Safeguards Rule? 

This can seem like an overwhelming task. If you wondering how and who can help you implement these security requirements before December 9th, then you're in the right place. Usherwood Office Technology works with various industries to manage all aspects of their IT and security. We can ensure that your dealership is fully in compliance with all FTC standards. 


Don’t wait around to get the Safeguards Rule requirements in place just in time for December 9th, 2022. The earlier you implement these critical security regulations, the safer your dealership will be from experiencing a traumatic cyber attack. 


If you are interested in learning more about Usherwoods Managed IT Services & Support, click here.