Categories
Data Security

Yes – Data Compliance Applies to You

One of the biggest misconceptions among powersports dealers is the belief that many state and federal compliance regulations do not apply to them. Nothing could be farther from the truth! In many states, motorcycle dealers are covered under “New Motor Vehicle Dealer” statutes that were written for automotive retail. Eight states have laws that specifically address powersports dealers. Another 17 states have “Franchised Dealer” statutes that define a dealer agreement as a franchise agreement, regardless of what an OEM wants to call it. Dealer-OEM relations may also be covered by multiple laws within a state.

From a federal regulatory standpoint, the Federal Trade Commission has regulations that impact automotive, recreational vehicle, and powersports dealers nationwide. Beginning on June 9, those compliance requirements will expand significantly as the updated Safeguards Rule goes into effect. These stringent requirements relate to information security practices in your dealership. In our current environment of data breaches, security hacks and stolen identities, failure to comply with these requirements could mean expensive fines, lost trust from your customers, lenders, and the community, as well as crippling cybersecurity issues. Let’s break down the details and see what steps you need to take to protect your dealership and your customers.

What is the Safeguards Rule?

Originally enacted in 2003, the FTC amended the Safeguards Rule in 2021 but extended the deadline for compliance to June 9th of this year, giving dealerships more time to incorporate the needed equipment, training and procedures. Specifically, the new requirements include:

Categories
Data Security

What IS a CISO?

Contributing Author:
Maurice Hamilton
Vice President
EFG Companies

If you’re in the powersports business, you’re used to dealing with regulations and compliance issues. It’s simply part of doing business. However, sometimes when a new regulation comes down, it’s all too easy to balk at the potential increased cost in both financial and time investment to implement them. Right now, there is a lot of talk about updating the Safeguards Rule, and the potential business impact.

Let’s step back and look at the regulation. As part of the Gramm-Leach-Bliley Act, the Safeguards Rule was designed to protect the security, confidentiality, and integrity of customer information.

16 CFR Part 314 Rule Summary:

The Safeguards Rule requires financial institutions under FTC jurisdiction to have measures in place to keep customer information secure. In addition to developing their own safeguards, companies covered by the Rule are responsible for taking steps to ensure that their affiliates and service providers safeguard customer information in their care.

While it is in the inherent best interest of a powersports dealership and its partners to protect and secure customer data, a new wrinkle was recently added that has many in retail automotive scratching their heads. The April 4th issue of the Federal Register contained an update to the Federal Trade Commission’s Notice of Proposed Rulemaking concerning the Safeguards Rule. This issue included several additional requirements that will impact dealerships. One of the most pervasive is the requirement for a Chief Information Security Officer (CISO), which begs the question – what the heck is a CISO and where do you find one?

Categories
Data Security

Are You Ready for a Data Breach?

Contributing Author:
Maurice Hamilton
Vice President
EFG Companies

Experian’s Data Breach Resolution Group, a division of the consumer credit reporting company, recently issued their 2019 Data Breach Industry Forecast. While the report was full of important information, it made me wonder if the retail automotive industry is suffering from “Hurricane Syndrome.” You know the scenario. Weeks in advance, the weather pundits issue warnings that a hurricane is coming. Only a few people pay attention. A week before landfall, the cone of probability is posted. Most people continue to go about their business. Two days before landfall, winds are picking up and early rain bands are hitting. Some people might check the pantry and fuel gauge. Then the hurricane hits with full fury, flooding ensues, roofs are blown off, and emergency services are tapped out. In the aftermath, local news reporters interview victims who say, “We didn’t think it would be that bad!” 

It’s been 13 years since the first major data breach impacted a US financial institution. According to the Experian report, the scale of data breaches in 2018 was staggering, with the number of compromised records in the first half of 2018 exceeding those for the entire previous year. Despite major security advancements, cybercriminals and black-hat hackers continue to wreak havoc on businesses. With powersports dealers and lenders utilizing more digital tools to manage the sales process, the risk of a data breach increases exponentially. While the industry must embrace this growing trend, dealers must also break out of their own data security Hurricane Syndrome.