The Federal Trade Commission recently announced a newly updated rule that strengthens the information security safeguards that automotive dealers are required to put in place to protect their customers’ financial information. In recent years, widespread paper-based documents, other data information breaches, and cyberattacks have significantly harmed consumers, including monetary loss, identity theft, and other forms of financial distress. The FTC’s updated Safeguards Rule requires motor vehicle dealers to develop, implement, and maintain a comprehensive security system to keep their customers historic and current paper-based document information safe.
The updates adopted by the Commission to the Safeguards Rule detail common-sense steps that motor vehicle dealers must implement to protect consumer information from cyberattacks and other threats.
The changes adopted include more specific criteria for what safeguards dealers must implement as part of their information security program. These include using compliant document scanning services, limiting who can access consumer data information, and using encryption to secure the data. Under the updated Safeguards Rule, motor vehicle dealers must also explain their information-sharing practices, specifically the administrative, technical, and physical safeguards they use to access, collect, distribute, process, protect, store, use, transmit, dispose of, or otherwise handle customers’ secure paper documents and other personal information. In addition, dealers will be required to designate a single qualified individual to oversee their secure document scanning services and data information security program and report periodically to an organization’s board of directors or senior officer in charge of information security.
NJ CAR has partnered with AutoTrieve to provide our dealership members with compliant document scanning services. AutoTrieve collects, scans, and protects historic and current paper-based customer information collected by dealerships from a breach and cyber theft while simultaneously helping dealers mitigate the risk of excessive fines from the FTC.