Still Not Ready for This Year’s Safeguards Rule? Here’s What to Know

Alarming Number of Dealers Are Still Not Ready for This Year’s Safeguards Rule — Here’s What to Know

The ruling oversees how financial institutions protect consumer data, and dealerships must implement changes to protect their consumer data.

The Federal Trade Commission’s (FTC) Safeguards Rule kicks into effect this year, and while some parts have already become official, other areas of the legislation have been extended to June. The law requires stricter information security programs for consumers, meaning U.S. auto dealership executives have a heavy task of strengthening their information systems security.

The ruling oversees how financial institutions protect consumer data, and dealerships must implement changes to protect their own consumer data, but they also must have a formal training program for their employees and third-party audits in place to ensure their entire list of vendors are also following these guidelines.

Even though parts of the rule have been extended to June, a recent poll raised alarms in illustrating just how many dealers have yet to become compliant in many areas. On a recent dealer-focused webinar, 36% said they are just getting started with their compliance plans, 26% said they are halfway there, and 25% said they are nearly done.

This is definitely concerning since several key components of the ruling have already gone into effect:

Some Parts of the Rule Are Already in Effect

Dealers must now show they are in compliance with risk assessments, information security programs, and establishing capable service providers and contractually obligate service providers. They must also be able to regularly test or otherwise monitor the effectiveness of the safeguards’ key controls, systems, and procedures, including those to detect actual and attempted attacks on, or intrusions into, information systems. Lastly, they must be able to periodically perform additional risk assessments and adjust the ISP accordingly.

The items that were delayed until June 9 include designating qualified individuals, written risk assessments, and designing and implementing various administrative, technical, and physical safeguards, including various physical and technical access controls, multi-factor authentication, encryption, activity logging, and change management procedures.

What’s more, dealers also had until June 9 to complete a continuous monitoring of their information systems, mandatory security awareness training, periodic assessments of service providers, incident response plans, and an annual status reporting functionality.

The webinar poll also showed that 44% of dealers have not provided the mandatory security awareness training to their employees, and 73% have not conducted simulated phishing attacks on their employees.

What’s Key In Becoming Compliant

It will be important for dealers to designate individuals within the dealership who are trained in taking ownership of these new regulations and to ensure everyone is ready. Any educational curriculum must be designed so that each employee is trained in all facets of the new regulation with full comprehension of each component.  

Aside from education and training of new programs, the way dealers and any employees handle consumer data and privacy information will be paramount to compliance. Dealers would be wise to take inventory of every possible way they receive consumer data and information, from the beginning of the process with advertising and marketing insights that enters the top of the funnel, all of the search-engine and social media data they receive through promotions and interactions, website information and insights, and certainly consumer information through the service lane. Modern retailing has opened an abundance of new opportunities for dealers to reach new customers, but it also represents so many new opportunities to collect consumer data that now needs to be scrutinized under the new regulations.

The new Safeguards Rule will ultimately help dealers better protect their customers’ valuable data and information — a practice that better manages the risks associated with today’s internet-heavy focus on customer interaction and transaction. There are significant challenges and hurdles in the near term for dealers and their vendor partners. However, with the right guidance and expert counsel, dealers and their partners can achieve this critical compliance and train each employee on the new rules in place so that they can provide their customers with the trust they need to do business in this era of modern retailing.

There is no way around being compliant, and dealers must realize there is also no grey area. There still remains a large number of dealers who are not fully compliant, and the time is now to partner with trusted experts who can help finalize all plans.

Ken Hill is managing director for 700Credit, the automotive industry’s leading provider of credit reports, compliance and soft pull products. For more information, visit

You May Also Like

How to Boost Appointment Conversions with Positive First Impressions

It’s crucial to equip your staff with effective phone handling strategies that can make a lasting impression and persuade callers to choose your dealership.

Your dealership only has seven seconds to make a positive first impression with potential buyers. Oftentimes, a first impression is made before your leads walk through your doors. Prospective buyers typically invest a significant amount of time conducting research and reaching out to different stores to determine where they’d like to purchase their vehicle. Therefore, it becomes crucial to equip your staff with effective phone handling strategies that can make a lasting impression and persuade callers to choose your dealership. By implementing these proven strategies, you can help your dealership stand out against the competition and greatly enhance customer experience.

Why Data Security Must Be a Priority in Today’s Automotive Retail Market

Dealers who gain a better understanding of data security and how data relates to industry trends will ultimately find themselves in a better position to achieve long-term goals.

The Digital Dilemma: How to Rethink Sales and Delivery to Drive a Successful Car Buying Future

By taking the right steps, traditional car dealers can still compete, win and flourish, even as digital sales become more prolific.

Revolutionizing Auto Service: How Digital Tools Are Transforming the Auto Dealership Landscape

Remote diagnostics, over-the-air updates, faster service appointments and less vehicle downtime all represent the emerging reality of remote automotive services.

147,348 Reasons Why Customer Experience & Dealership Loyalty Matter – The Power of a Point

That’s the annual average revenue increase a dealership can expect to realize by raising its customer satisfaction score by a single point.

Other Posts

In a Fickle Market, How Do We Continue Winning Customers for Life?

It is imperative to ask the right questions to find out what motivates your customers. Getting to know the customer means getting to know their needs and that benefits everyone. 

Before You Make a Video…

Here are a few tips for creating value proposition, service special or test-drive videos. With a little planning you can quickly produce high-quality videos for your dealership.

taking video of car with phone
How AI is Improving Customer Engagement Rates in Automotive

Why is AI the perfect strategic partner for dealerships? What methods does AI use and why does it integrate so well into dealerships?

artificial intelligence for dealerships
A 4-Step Plan to Reduce Declines Using Data

Auto dealers can sit back and wait for payment declines to mount, or they can use a data-driven approach to identify at-risk payers and implement interventions before things get beyond repair.