10 KENTUCKY AUTO DEALER The Federal Trade Commission’s Amended Safeguards Rule has been the subject of multiple articles, webcasts, seminars and more, and with good reason. The amendments to the Safeguards Rule pose significant hurdles for dealers, and the deadline for compliance — Dec. 9, 2022 — will be here before you know it. While most dealers have begun taking the necessary steps to be fully compliant on time, a reminder of the appropriate steps is in order for everyone. While this is not a comprehensive discussion of the Amended Safeguards, it should assist you in evaluating your progress toward full compliance. Step One: Designate a Qualified Individual Your “Qualified Individual” will be the primary point of contact for oversight and implementation of your information security program. While the Qualified Individual is not required to have any specific information technology education or training, they should be a senior member of your staff and should be knowledgeable about your current information security measures. You are permitted to designate a contractor to serve as your Qualified Individual, but that will not shield your business from ultimate responsibility if your compliance is deficient or if there is a security incident. Step 2: Assess Your Risk Under the Amended Safeguards, Risk Assessments must be conducted “periodically,” which is not defined therein but is generally interpreted to mean at least annually if not more frequently. A Risk Assessment is a written document that evaluates security risks to customer information maintained by your dealership and measures the adequacy of your current safeguards. Ultimately, your security program will be based upon the vulnerabilities identified through the Risk Assessment. Step 3: Implement Mandatory Safeguards The mandatory safeguards required by the FTC can be daunting and include: controlling internal and external access to customer data; establishing an inventory of all locations, physical or electronic, of customer data; using encryption to protect data; THE AMENDED FTC SAFEGUARDS: By Sarah Bishop, KADA Legal Counsel, Stoll Keenon Ogden, PLLC MOVING TOWARD COMPLIANCE
RkJQdWJsaXNoZXIy ODQxMjUw