Pub. 12 2022 Issue 2

JULIE CARDOSI Law Office of Julie A. Cardosi, P.C. Counselor’s Corner As auto dealers have likely been made aware through recent news sources, such as Automotive News, and various other automotive industry trade publications, last fall the federal Trade Commission (“FTC”) finalized its amendments to the 2001 Safeguards Rule under the Gramm–Leach–Bliley Act (“GLB”). These rule changes followed a prolonged regulatory process that sought to strengthen security for consumer financial information in the wake of the increased incidence of data breaches. By way of background, the Safeguards Rule was enacted to implement the GLB. Auto dealerships, considered “financial institutions” under the GLB due to the offering of credit transactions, have always been subject to the Safeguards Rule and required to assess the risk to the security and privacy of consumer financial information, maintain a program to secure that data, regularly monitor and update that program, and designate who is responsible for the program. The amended Rule contains several major changes and new requirements and specific criteria that auto dealers must satisfy. Dealers and financial institutions and their vendors are urged to prepare now and begin implementing the changes called for by the amended Rule well in advance of the December 9, 2022 deadline. The updated Rule requires dealerships to address specific areas in their security program risk assessment and produce a written report of the assessment. It further requires that each safeguard Dealership Compliance with Updated Federal Safeguards Rule Required by December 9, 2022 – Don’t Wait to Get Your Information Security Program House in Order 12

RkJQdWJsaXNoZXIy MTU2Mjk4Mw==