In a time where data breaches and cyber threats are on the rise, it is key for automotive dealerships to focus on data security. The Revised FTC Safeguard Rule went into effect on June 9th, 2023, and holds particular importance for the automotive dealer industry. This rule was put in place in 2003 and updated by the FTC in 2021 to align with changing technology and offer clear guidelines on data security. In this article, we’ll explore what dealerships should know and do to protect themselves and their customers in line with the Safeguard Rule.
Understanding the Revised FTC Safeguard Rule:
The FTC Safeguard Rule outlines three key requirements that businesses, including automotive dealerships, must stick to:
-
- Keeping Information Secure: Automotive dealerships must prioritize the security and confidentiality of customer information. This means taking steps to prevent unauthorized access to or disclosure of sensitive data.
-
- Guarding against Expected Threats: Dealerships should proactively protect customer information by setting up safeguards against expected threats or hazards to the security and integrity of the data. This means finding potential weaknesses and taking action to address them.
-
- Preventing Unauthorized Access: Automotive dealerships must take steps to protect customer information from unwanted access that could cause harm or inconvenience to any customer. This includes using access controls, authentication measures, and encryption technologies.
To help automotive dealerships comply with the Revised FTC Safeguard Rule, consider the following practical recommendations:
-
- Secure Document Handling: Safeguard financial information by shredding physical documents that contain customer data. If paper copies are necessary, store them in locked cabinets to prevent unwanted access.
- Regular Security Testing: Conduct quarterly penetration tests at the dealership to identify security weaknesses. This can involve simulated scenarios, such as checking for unlocked computers, ensuring customer data is not left exposed on paperwork, and getting rid of the use of sticky notes with passwords.
- Strengthen Password Security: Encourage employees to use complex passwords or implement a password vault solution. Password vaults, like BitWarden, provide secure storage for passwords and limit access to authorized personnel. Additionally, emphasize the importance of locking computer screens when stepping away to prevent unauthorized access.
- Secure Email Communication: Consider using email exchanges that offer stronger protection, such as Microsoft Outlook 365. These platforms use advanced sorting features and limit the risk of phishing and scam emails. Tell employees to use caution with emails from unknown senders and only open file attachments from trusted sources.
The FTC has identified nine elements that can bolster data security within your dealership and workspace. Check those out at the button below.
Complying with the Revised FTC Safeguard Rule is essential for automotive dealerships to protect themselves and their customers from data breaches and potential harm. By prioritizing data security and using practical measures such as secure document handling, regular security testing, strengthening password security, and securing email communication, dealerships can reduce risks and foster a secure environment. Proactively following these guidelines helps with regulatory compliance and builds trust with customers, who entrust their private information to these businesses. By safeguarding customer data, automotive dealerships can position themselves as responsible stewards of privacy and enhance their reputation in the industry.