The Safeguards Rule was established in 2003 by the Federal Trade Commission (FTC) and required financial institutions, including dealers, to develop and implement a comprehensive written information security program. The security program obligation under the Rule required financial institutions and dealers to explain how they planned to protect customer information, so it does not fall into the hands of an identity thief. As Paul Metrey explains in this video, the hallmark of the Rule was that it allowed flexibility to implement the Rule's minimum requirements from an organization size and data complexity standpoint.
However, the Rule was amended in 2021 requiring all organizations subject to the Rule to further adopt a series of technological minimums regardless of size or circumstance. Metrey explains the challenges with the amended Rule in the video and provides an overview of steps dealers should take to ensure they are in compliance by the December 9, 2022 deadline.
For more stories like this, bookmark www.NADAheadlines.org as a favorite in the browser of your choice and subscribe to our newsletter here: