<img src="https://ws.zoominfo.com/pixel/PMY3ZvbpZt27ywWwZSBB" width="1" height="1" style="display: none;">

Production Print & Finishing

Maximize your business potential and open new revenue possibilities with start-to-finish production print and wide format solutions from EO Johnson and Standard Dynamics finishing solutions.

Business Copiers & Printers

You demand multifunction copiers that are easy to use and cost-efficient. With thorough training and prompt service response, you’ll find EO Johnson’s copiers are as dependable as you are.

locknet-dark

Locknet® Managed IT

Locknet® Managed IT offers security, network defense, backup and managed services to help businesses in Wisconsin, Minnesota, and Iowa develop successful technology strategies, whether you’re small to medium sized, regulated, non-regulated, or have little to no IT staff.

Digital Transformation Consulting

Our solutions help you with a specific document need or work together for a powerful combination to increase efficiency and productivity.

Support

With more than 85 technicians throughout our service areas of Wisconsin, Minnesota, and Northern Iowa, we have someone close by to help. The average response time for a technician to arrive at your site is under 4 hours. 

Customer Portal 
Remote Support Portal
decreased_demands_icon
Place a Service Call

For Copier and Printer Service
844.342.5365

For Production Print and Finishing
844.236.7567

EO Johnson Locknet® Managed IT Services
877.408.1656

Software Solutions
844.304.8791

Fill Out a Service Form

FTC Safeguard Rules: Car Dealerships and Customer Information

3 min read

hero_angles

What you need to know to be compliant

Another day. Another data breach. More than 4,100 publicly disclosed data breaches occurred in 2021 with approximately 22 billion records being exposed. When the final numbers come in for 2022, it is expected to match or exceed that amount by as much as 5%. Government and regulatory agencies are taking a closer look at how businesses protect personally identifiable information.

In 2022, The Federal Trade Commission announced an updated rule that strengthened the data security safeguards that financial institutions are required to put in place to protect their customers’ financial information. The FTC’s updated Safeguards Rule requires non-banking financial institutions, such as mortgage brokers, vehicle dealerships, and payday lenders to develop, implement, and maintain a comprehensive security system to keep their customers’ information safe. The rule was effective January 10, 2022, and compliance was required by December 9, 2022.

The Final Rule of the Safeguards Rule provides financial institutions the flexibility to design an information security program appropriate to the size and complexity of the organization, the scope of activities, and the sensitivity of customer information. But it also adds requirements designed to improve the accountability of a financial institution’s information security program.

What does this mean for U.S. car dealerships?

One of the largest industries impacted is auto dealerships. Any auto dealership that handles sensitive customer financial information will be required to comply with the newly updated FTC Safeguard Rules.

Here is a breakdown of what these additional security safeguards will require for auto dealerships:

  • Dedicating a Qualified Individual. U.S. Auto Dealerships will need to dedicate a qualified individual to develop, oversee, monitor, and enforce the dealership’s information security program. This person can be an external firm or internal staff who is either already capable or can be trained appropriately to perform this role.
  • Reporting by Qualified Individual. This person must report in writing, at least annually, to the dealership’s board of directors or governing body. The reporting must include the status of the dealership’s internet security program, compliance with the FTC Safeguard Rules, events related to information systems security, and implementation of the dealership’s entire information security program.

The qualified individual will need to either outsource or oversee the following Safeguard Rule requirements:

  • IT Risk Assessments. They must identify reasonably foreseeable internal and external risks to security, confidentiality, and integrity of customer information that could result in the unauthorized disclosure, misuse, alteration, destruction, or compromise of customer information. The qualified individual must then design and implement a program to control the risks. Adjustments must be made based on the results of testing and monitoring.
  • Annual Network Security Assessment. The qualified individual must test to detect actual or attempted intrusions into the information systems along with vulnerability scans every six months. Dealerships are allowed to opt out of the annual network security assessment if they utilize continuous monitoring through Managed Detection and Response (MDR) or a Security Operations Center (SOC) where continuous systems security monitoring is performed 24/7/365 in real time.
  • End-User Security Assessments. All employees are required to properly carry out the information security program with security training and testing of end users along with additional training for employees who fail assessments.
  • Vendor and Third-Party Safeguards. Dealerships must ensure all vendors or third parties who have access to customer information also maintain safeguards in line with the dealership’s information security policy. They also must maintain a formal incident response policy that is tested on an annual basis through a tabletop exercise.

What if your dealership doesn’t have a qualified individual?

Identifying a qualified individual is a requirement, and the role carries a lot of responsibility under the new FTC Safeguards. They should be overseeing and formally documenting customer information safeguards throughout the year and reporting them annually. If this feels like more than your team is equipped to handle, the team at Locknet® Managed IT, an EO Johnson Company, can help. Our IT and cybersecurity experts can provide remote monitoring, managed detection, and response, security awareness training, vulnerability assessments, and assist with tabletop exercises. With FTC Safeguard requirements starting in December of 2022, now is the time to reach out for assistance and ensure you are complying in 2023.

angle_down_right
click_Icon

angle_up_middle

No Comments Yet

Let us know what you think