FTC Safeguards & What to do: Auto Dealerships
The FTC Safeguards Rule is a set of regulations created in 2021 that requires financial institutions to develop and implement a comprehensive information security program. The newest update to this set of regulations took effect on June 9th, 2023. This rule is taking affect with all non-banking financial institutions like auto dealerships.
What do I need to do as a dealer?
You will be required to create a program with a set of policies, procedures and guidelines that you will use to protect your customer's information. This includes responding to security incidents, setting up security awareness training and risk management.
You will be required to implement and review access controls on your customer's information. An example of this would be securing something with a key, access card or passcode only accessible by those that need access.
In order to protect things you need to know what you have and where it is at. You must know where the information is and who has access to it. Any security risks need to be addressed.
All data while in place or in motion must be encrypted digitally. It is very important that nobody has access that shouldn't access.
If you have created a custom program that stores customer's personal information it must be secured according to the FTC Safeguards Rule.
You must implement MFA to access your systems that contain any form of customer data.
You must implement a policy that requires you to purge all customer information that is not required to be kept after 2 years.
You must predict changes in your equipment, technology and staff and make sure the proper changes are made to protect customer information.
You must put monitors in place that continuously monitor your systems and log all access. This includes a list of all logins and access attempts and prevent access to personal information of customers from happening.