Pub. 4 2023 Issue 1

Here are some considerations for meeting the new requirements: 1. Designate a program manager to lead your dealership’s information security program. 2. Conduct periodic risk assessments. 3. Create a written information security program for safeguarding consumer information. 4. Monitor the vulnerability of your information systems. 5. Implement data safeguard policies and procedures for your staff. 6. Assess and document in writing that your service providers and third-party vendors have adequate security controls. 7. Have a written response plan in case of data breaches or consumer data exposure. 8. Establish ways to detect actual or attempted attacks or intrusions. 9. Produce annual reports from the program manager on your dealership’s information security program. While dealerships work with their legal counsels on their program, it will be useful to examine how their compliance technology can help at various steps along the way, from data security to reporting to long-term secure storage. Avoiding Common Compliance Missteps Recent dealer community polls have indicated two key areas where many dealerships are not aware of their compliance obligations: • Using knowledge-based authentication, like asking out-of-wallet questions, helps verify the identity of buyers that have failed red flags. True. Out-of-wallet questions include facts specific to a buyer that they wouldn’t be able to answer just by looking in their wallet. Correct responses help verify the buyer’s identity. • Your dealership only needs to run OFAC on cash deals. False. You should run an OFAC check on every deal to ensure that the buyer can legally purchase from you. Preparing for 2023 As you review your compliance program and plan ahead for 2023, examine your compliance, data security, and storage functions to make sure they align. Start the year off right by: • Preparing your compliance program manager for their additional duties under the FTC Safeguard Rule starting in June 2023 • Ensuring that ID verification processes are in place for every deal • Checking your dealership’s compliance responsibilities with your legal counsel and ensuring it is applied consistently across all deals The contents of this article are not meant as legal advice, and we do not purport to provide any legal or regulatory analysis. Consult with your attorney or any legal, regulatory, or compliance questions you may have. …it’s worth examining how those upcoming new requirements can be a solid framework for building policies and procedures to help your dealership bolster its compliance program. vada.com 13

RkJQdWJsaXNoZXIy ODQxMjUw