10 KENTUCKY AUTO DEALER For more information on ComplyAuto products and services, or to learn more about its transparent pricing, please visit complyauto.com or email them at info@complyauto.com. Disclaimer: Nothing in this article is intended to be legal advice. Please consult with competent legal counsel if you have questions regarding this article, the Gramm-Leach-Bliley Act, or the federal Safeguards Rule. Continued from page 9 First, dealers should contractually require the service providers (i.e., any person or entity that receives, maintains, processes, or otherwise is permitted to access customer information through its provision of services directly to a financial institution) they work with to implement and maintain appropriate safeguards including encrypting the information they process for the dealers. Second, dealers must periodically assess these measures that their service providers have purported to put in place. To accomplish this, dealers should consider requiring vendors to complete a risk assessment questionnaire to ensure the vendor confirms to applicable industry standards regarding physical and technical safeguards. For example, any vendor with access to nonpublic personal information should confirm that they support MFA login and encryption of data at rest and in transit. Incident Response Plan New in the Rule, these required plans must outline goals and address internal processes for responding to security events, define clear roles and responsibilities of parties involved, prescribe internal and external communications and information sharing, identify weaknesses in information systems and how to remediate, document and report security events and related response activities, and evaluate and revise the incident response plan as necessary following the security event. It needs only to establish a system that outlines the dealers’ response if such incidents should occur. If you feel overwhelmed by the content and potential time and expense that abiding by these new revisions may require, you’re not alone. In 2019, the National Automobile Dealers Association (NADA) suggested that fulfilling these new rules would cost dealerships an average of $277,000 per year. Introducing: ComplyAuto ComplyAuto is the most trusted privacy software tool for dealers representing over 1,000 dealerships and some of the largest groups in the United States. Partnered with NADA as their first Affinity Provider in compliance, ComplyAuto can not only help dealerships at a fraction of this cost, it can get dealerships compliant with these new rules in a matter of days, not months. Here is a short summary of what ComplyAuto’s suite of tools can accomplish. 1. Privacy Rights Management This software serves as an all-in-one privacy solution for dealers. It offers an efficient data mapping tool and vendor management system that identifies how consumers’ personal information is captured and which vendors have access. 2. Federal Safeguards Rule Compliance This is the first dealership software to operationalize and automate the complexities of the FTC Safeguards Rule. It creates information security programs unique to each dealership with a user-friendly tool that updates all required documents in real-time. It also allows dealers to perform and document required physical and technical risk assessments and efficiently collect data processing agreements from service providers using its proprietary built-in eSign feature. 3. Advanced Cybersecurity Suite This solution reinforces data protection and cybersecurity protocols through completely remote vulnerability assessments and penetration testing (VAPT) software. With online security training, it integrates dealership-specific phishing simulation software into your data protection processes.
RkJQdWJsaXNoZXIy ODQxMjUw