Data Security

Safeguarding Your Data

The Federal Trade Commission (FTC) Safeguards Rule goes into effect June 9, 2023. Did that date sneak up on you? Will your dealership be compliant, or is your team still trying to figure out what IT upgrades are needed to secure private customer data? Let’s breakdown the Safeguards Rule, see how it impacts your dealership and outline steps to consider while working on this compliance initiative. If you’d like another source of information to share with your team, check out EFG’s latest F&I Talk Outside the Box podcast.

Originally enacted in 2003, the FTC amended the Safeguards rule in 2021, but extended the deadline for compliance to June 9th of this year, giving dealerships more time to incorporate the needed equipment and procedures. Specifically, the new requirements include:

  • Designate a qualified individual to oversee your information security program.
  • Develop a written risk assessment.
  • Limit and monitor who can access sensitive customer information.
  • Encrypt all sensitive information.
  • Implement ongoing security personnel training.
  • Develop an incident response plan.
  • Perform periodic assessments of service provider security practices.
  • Implement multi-factor authentication, or another method with equivalent protection, for any individual accessing customer information.

That’s a lot to absorb! Let’s focus on the key component of data security.


Take Action Now!

The retail automotive industry is buzzing about the Federal Trade Commission’s recent proposed changes to regulations impacting federal advertising laws and prohibitions on unfair and deceptive dealership practices. The 37-page document outlines six key areas the agency would like to address:

  • Full up-front pricing, costs and finance disclosures
  • Sales process disclosures
  • Add-on product benefits
  • Bait & switch
  • Surprise junk fees
  • Record retention

The public commentary period closes on September 12, at which time the agency will evaluate the responses and make a final ruling. Industry associations – including NADA – requested an extension to the 60-day review period proposal, which the FTC declined.

EFG Companies

What a New CFPB Director Means for Auto Dealers

On September 30, the U.S. Senate confirmed a new Director of the Consumer Financial Protection Bureau (CFPB). Rohit Chopra, formerly with the Federal Trade Commission, brings an enforcement mindset to his new role.

Chopra, 39, will serve a five-year term at the helm of the Bureau. He has a long history with the organization, which was created in the aftermath of the financial crisis of 2007 to 2008. He worked closely with Senator Elizabeth Warren on establishing the Bureau, then joined it in 2011 to investigate industry abuses in the student lending market.

His appointment comes at an interesting time for automotive dealers and lenders. As FTC Commissioner, Chopra actively pursued auto dealers perceived of implementing discriminatory practices. He also was a vocal proponent for more protections for consumers, specifically regarding auto lending abuses of all minority demographics and military families.