No one is safe from cyberattacks, including automotive dealerships. To protect consumers, the Federal Trade Commission (FTC) created the Safeguards Rule, which requires financial institutions, including automotive dealers, to comply with specific security guidelines.
FTC Safeguards Rule
The FTC’s Safeguards Rule went into effect in 2003 under the federal Gramm-Leach-Bliley Act (GLBA). The rule classifies auto dealers as financial institutions and addresses how dealers must protect consumer information. Now, due to recent high-profile data breaches, the FTC has made amendments to the Safeguards Rule, further complicating matters for auto dealers.
The new amendments state that auto dealerships must implement a written information security program, including risk assessment, system access controls, authentication and encryption, and mechanisms to ensure effective employee training and oversight of service providers. They must also appoint a qualified individual to the security program who will ensure that all vendors also meet the requirements of the rule.
Helping You Maintain Compliance
Of course, implementing changes for compliance always comes at a cost. The National Automobile Dealers Association (NADA) reports that upfront and annual recurring costs for auto dealerships hiring a Chief Information Security Officer (CISO) and implementing the required measures can cost nearly $280K. For larger dealerships or groups, the expense can be even greater.
At SCA, we don’t think you should have to spend that much to maintain compliance. With our Centurion ESO Program, we become your CISO and report to your company’s Board of Directors as required – and we do this for less than half that published cost.
Reach out to us to schedule a consultation and learn more about our Centurion ESO Program and other advisory services. We will help elevate your security and demonstrate your compliance so that your organization can grow and thrive.
Click below to download our FREE guide to FTC Safeguard Rules and auto dealerships!