For those of you who traveled to Dallas for this year’s National Automobile Dealers Association Convention, I hope you are reading this article from the comfort of your own home or office. It was a trek for some of our staff as flights out of Texas were delayed due to inclement weather, but we’re back at full strength to give you a recap of the legal trade winds as we move into 2023. In this article, we discuss the Federal Trade Commission’s (“FTC”) delay of the effective date of the revised Safeguards Rule (“Rule”) and its practical impact on your dealerships. We will then explain why you should not wait to implement data protection and cybersecurity safeguards at your dealership because the FTC will still come after you under another section of the FTC Act that gives them broad authority. Safeguards Rule – Some Requirements Delayed Until June 9, 2023 The FTC gave dealers across the country an early Christmas present when it announced on Nov. 15, 2022, that it is extending the deadline for the Rule by six months. However, it is important to note that this extension only affects some of the requirements and will make them effective on June 9, 2023. Specifically, the provisions that have been extended to June include the following: • Designating a qualified individual to oversee the information security program; • Completing written risk assessments; • Monitoring the access and use of sensitive customer information; • Completing a penetration test & vulnerability scan; • Encrypting systems containing customer information; • Training employees on security awareness; • Conducting Vendor & Service Provider risk assessments; • Implementing MFA on all systems containing customer information; and • Creating and updating a device and systems inventory. A Delay in the Safeguards Rule, But Dealers Should Not Wait By Hao Nguyen, Esq., CLO, ComplyAuto This is the time to press on in reinforcing their data protection and cybersecurity practices. 8 Virginia Auto Dealer
RkJQdWJsaXNoZXIy ODQxMjUw