Still Not Ready for This Year’s Safeguards Rule? Here’s What to Know

Alarming Number of Dealers Are Still Not Ready for This Year’s Safeguards Rule — Here’s What to Know

The ruling oversees how financial institutions protect consumer data, and dealerships must implement changes to protect their consumer data.

The Federal Trade Commission’s (FTC) Safeguards Rule kicks into effect this year, and while some parts have already become official, other areas of the legislation have been extended to June. The law requires stricter information security programs for consumers, meaning U.S. auto dealership executives have a heavy task of strengthening their information systems security.

The ruling oversees how financial institutions protect consumer data, and dealerships must implement changes to protect their own consumer data, but they also must have a formal training program for their employees and third-party audits in place to ensure their entire list of vendors are also following these guidelines.

Even though parts of the rule have been extended to June, a recent poll raised alarms in illustrating just how many dealers have yet to become compliant in many areas. On a recent dealer-focused webinar, 36% said they are just getting started with their compliance plans, 26% said they are halfway there, and 25% said they are nearly done.

This is definitely concerning since several key components of the ruling have already gone into effect:

Some Parts of the Rule Are Already in Effect

Dealers must now show they are in compliance with risk assessments, information security programs, and establishing capable service providers and contractually obligate service providers. They must also be able to regularly test or otherwise monitor the effectiveness of the safeguards’ key controls, systems, and procedures, including those to detect actual and attempted attacks on, or intrusions into, information systems. Lastly, they must be able to periodically perform additional risk assessments and adjust the ISP accordingly.

The items that were delayed until June 9 include designating qualified individuals, written risk assessments, and designing and implementing various administrative, technical, and physical safeguards, including various physical and technical access controls, multi-factor authentication, encryption, activity logging, and change management procedures.

What’s more, dealers also had until June 9 to complete a continuous monitoring of their information systems, mandatory security awareness training, periodic assessments of service providers, incident response plans, and an annual status reporting functionality.

The webinar poll also showed that 44% of dealers have not provided the mandatory security awareness training to their employees, and 73% have not conducted simulated phishing attacks on their employees.

What’s Key In Becoming Compliant

It will be important for dealers to designate individuals within the dealership who are trained in taking ownership of these new regulations and to ensure everyone is ready. Any educational curriculum must be designed so that each employee is trained in all facets of the new regulation with full comprehension of each component.  

Aside from education and training of new programs, the way dealers and any employees handle consumer data and privacy information will be paramount to compliance. Dealers would be wise to take inventory of every possible way they receive consumer data and information, from the beginning of the process with advertising and marketing insights that enters the top of the funnel, all of the search-engine and social media data they receive through promotions and interactions, website information and insights, and certainly consumer information through the service lane. Modern retailing has opened an abundance of new opportunities for dealers to reach new customers, but it also represents so many new opportunities to collect consumer data that now needs to be scrutinized under the new regulations.

The new Safeguards Rule will ultimately help dealers better protect their customers’ valuable data and information — a practice that better manages the risks associated with today’s internet-heavy focus on customer interaction and transaction. There are significant challenges and hurdles in the near term for dealers and their vendor partners. However, with the right guidance and expert counsel, dealers and their partners can achieve this critical compliance and train each employee on the new rules in place so that they can provide their customers with the trust they need to do business in this era of modern retailing.

There is no way around being compliant, and dealers must realize there is also no grey area. There still remains a large number of dealers who are not fully compliant, and the time is now to partner with trusted experts who can help finalize all plans.


Ken Hill is managing director for 700Credit, the automotive industry’s leading provider of credit reports, compliance and soft pull products. For more information, visit www.700credit.com.

You May Also Like

Accelerating Auto Dealership Efficiency: 7 VoIP Trends for 2024

With these advancements, there’s a prime opportunity for dealers to harness technology for heightened productivity and efficiency.

By Jim Gustke, vice president of marketing at Ooma

In the dynamic realm of auto dealer operations, the importance of Voice over Internet Protocol (VoIP) technology cannot be overstated. As we venture into 2024, seven key VoIP trends are poised to revolutionize the way auto dealers communicate, collaborate and, ultimately, succeed.

How to Choose a Digital Marketing Agency: 7 Signs of a Bad Agency

Here’s a complete guide to identifying the red flags that signal a digital marketing agency might not be the right fit for your business.

Digital marketing agency
Paving the Way for Self-Discipline

Self-discipline is like a muscle, where the more we use it, the stronger it becomes. By being smart about how we use it, we can develop this key attribute and get the best return for our energy.

Paving the Way for Self-Discipline
How Auto Retailers Are Leveraging Advanced Connected Vehicle Data for Optimized Lot Management Solutions

Advanced technologies based on intuitive real-time data seamlessly integrate with the software platforms to receive real-time connected vehicle data from equipped and eligible vehicles to simplify lot management for accurate and remote inventory management, that leads to a contactless and seamless experience for fleet and auto retailers.

How Auto Retailers Are Leveraging Advanced Connected Vehicle Data for Optimized Lot Management Solutions
Back to the Future: Hybrids Offer Alternative to Electric Vehicles

A collaborative effort could not only revitalize consumer interest in hybrids but also position auto dealers as advocates for a greener future.

Hybrids Offer Alternative to Electric Vehicles

Other Posts

5 Ways Data Has Changed the Work Truck Industry

Embracing the power of data can be the difference between success and struggle for dealerships.

Happiness for Free

Many people today are lacking a sense of purpose and direction. Learn how you can use these powerful keys to unlock a more fulfilling life.

article based on Remora webinar Money for Nothing, Happiness for Free
Getting to Our Ultimate ‘Why?’

Understanding our core reasons will drive our efforts to success.

sail boat - freedom
How AI is Enhancing Vehicle Inspections for Car Buying, Selling and Transportation

AI offers three distinct advantages for vehicle inspections that can significantly increase efficiency and bolster confidence for the industry.

AI vehicle inspection, artificial intelligence