If you’re in the retail automotive business, you’re used to dealing with regulations and compliance issues. It’s simply part of doing business. However, sometimes when a new regulation comes down, it’s all too easy to balk at the potential increased cost in both financial and time investment to implement them. Right now, there is a lot of talk about updating the Safeguards Rule, and the potential business impact.
Let’s step back and look at the regulation. As part of the Gramm-Leach-Bliley Act, the Safeguards Rule was designed to protect the security, confidentiality, and integrity of customer information.
16 CFR Part 314 Rule Summary:
The Safeguards Rule requires financial institutions under FTC jurisdiction to have measures in place to keep customer information secure. In addition to developing their own safeguards, companies covered by the Rule are responsible for taking steps to ensure that their affiliates and service providers safeguard customer information in their care.
While it is in the inherent best interest of a dealership and its partners to protect and secure customer data, a new wrinkle was recently added that has many in retail automotive scratching their heads. The April 4th issue of the Federal Register contained an update to the Federal Trade Commission’s Notice of Proposed Rulemaking concerning the Safeguards Rule. This issue included several additional requirements that will impact dealerships. One of the most pervasive is the requirement for a Chief Information Security Officer (CISO), which begs the question – what the heck is a CISO and where do you find one? Continue reading