8 KENTUCKY AUTO DEALER The Kentucky Automobile Dealers Association (KADA) is continually looking for ways to protect its dealer members, and we are proud to be working with ComplyAuto, whose goal is to help Kentucky dealerships comply with the Gramm-Leach-Bliley Act (GLBA). Although the Federal Trade Commission recently extended the deadline to comply with certain provisions of the Amended Safeguards Rule to June 9, 2023, it is still imperative that dealerships are preparing for these new requirements. Dealers need to be compliant with the updated Federal Safeguards Rule as soon as possible, given that the law went into effect Jan. 10, 2022. Compliance with these federal regulations will not be an overnight solution, and the penalties associated with not complying are extremely expensive (up to $46,517 per violation, to be exact). Dealers are urged to begin immediately if they want to put themselves in a position to succeed in the ever-changing legal landscape. With over 60 years of dealer experience, ComplyAuto’s dealer-focused suite of tools is helping over 1,000 dealerships across the country achieve state and federal compliance in an efficient and cost-effective way. What is the revised Safeguards Rule under the Gramm-Leach-Bliley Act? On October 27, 2021, the Federal Trade Commission (FTC) announced the revision of the GLBA’s Safeguards Rule (“Rule”) for the first time since the Rule was issued in 2002. In its announcement, the FTC specifically names “automobile dealerships” as non-banking financial institutions that fall under the purview of these new revisions. The Rule requires dealers to implement operational changes regarding their data protection and cybersecurity measures, such as creating, updating, and implementing a written information security program (“ISP”) to protect consumer financial information as well as to conduct periodic risk assessments to make sure the organization is abiding by strict protocols to protect this information. Dealers must act immediately to meet compliance with the new rules or otherwise face stiff penalties of up to $46,517 per violation. For GLBA Compliance KADA PARTNERS WITH COMPLYAUTO What does the revised Safeguards Rule require? Here is a short list of requirements that impact dealerships the most: 1. Submit a periodic written report to the dealership’s board of directors or senior officers on compliance with these new requirements and the overall status and results of the Information Security Program. 2. Implement a written Incident Response Plan in case of a data breach. 3. Perform periodic written risk assessments within the organization that adhere to certain requirements. This will be discussed at length below. 4. Encrypt all data in transit over external networks and at rest. 5. Require Multi-Factor Authentication (MFA), such as an SMS/text verification code, for all
RkJQdWJsaXNoZXIy ODQxMjUw