FTC Safeguards Rule

FTC Safeguards Rule

Learn how to comply with the Federal Trade Commission's updated data and information security requirements for dealers.

Important! The deadline for complying with some of the updated requirements of the Safeguards Rule is now June 9, 2023.

FTC Extends Safeguards Rule Compliance Deadline
The Federal Trade Commission on Nov. 15 announced it is extending by six months the deadline for companies to comply with some of the amendments to the FTC’s Safeguards Rule. Earlier this year, NADA submitted comments to the FTC seeking an extension of the deadline. The deadline for complying with some of the updated requirements of the Safeguards Rule is now June 9, 2023.

The provisions of the updated rule specifically affected by the six-month extension include requirements that covered financial institutions:

  • designate a qualified individual to oversee their information security program,

  • develop a written risk assessment,

  • limit and monitor who can access sensitive customer information,

  • encrypt all sensitive information,

  • train security personnel,

  • develop an incident response plan,

  • periodically assess the security practices of service providers, and

  • implement multi-factor authentication or another method with equivalent protection for any individual accessing customer information.

Dealers are encouraged to continue in their efforts to expeditiously comply will all the new requirements of the Rule but should consult with their attorneys, service providers and IT professionals about the potential impact of this deadline extension.

* * *

The FTC issued a complex set of new amendments to its Safeguards Rule, which require dealers to undertake a series of procedural, technical, and contractual steps to protect consumer and other personal data.

The amended Rule’s requirements had an original deadline of Dec. 9, 2022, but the FTC has extended that until June 9, 2023, for some of the updated requirements of the Safeguards Rule.

There is quite a lot that dealers must do to comply with the changes. NADA has a number of member resources to get you started, including a comprehensive Driven Guide for dealers that contains step-by-step instructions for compliance, as well as a series of links, template policies, exhibits, IT guidance and more. For more information about the Safeguards rule, email NADA Legal & Regulatory Affairs or call 800.557.6232.

NADA also has a host of NADA webinars, including:

Several of NADA's Affinity Providers specialize in consumer and personal data protection. For details, email Dan Ruddy or call 800.557.6232.

Numerous workshop recordings, third party webinars and other materials are available at the links below:

Contact

Image
Standards for Technology in Automotive Retail (STAR) logo

 


NADA is a long-time member of Standards for Technology in Automotive Retail (STAR) and supports STAR’s efforts in seeking to increase efficiency through the voluntary adoption of standards and the promotion of competition in the auto retail technology space.

 

As part of their efforts, STAR recently announced a set of uniform risk assessment standards that are intended to assist dealers and vendors alike in complying with certain requirements under the FTC’s Amended Safeguards Rule. Learn more about STAR’s free risk assessment questionnaire.