Pub 4 2023 Issue1

Matt White | 304-633-5467 matt@carsignment.com J.C. Spearry | 216.213.0242 JC@Carsignment.com Is your online inventory retail ready? We build dealers an online inventory presence that attracts & engages buyers at lightning speed! Call 304-633-5467 for a FREE digital marketing audit! www.carsignment.com Full service automotive digital marketing agency since 2005 businesses, as many of them never wanted to test its authority over regulating cybersecurity. It was not until 2012 when a private company that had been the victim of a cyber-attack three times moved to dismiss the FTC’s lawsuit, stating that it had no authority, rather than enter into a settlement. Going all the way up to the Third Circuit, the court affirmed that the FTC does in fact have the authority to regulate cybersecurity based on factors I won’t bore you with here. Since then, there have been no direct challenges to the FTC’s authority over a business’s cybersecurity practices under this broad Section 5 and the FTC continues to use it repeatedly and effectively: • Consent order with an education technology provider for alleged poor data security practices that exposed sensitive information about millions of customers and employees. Specifically, it did not require employees to use MFA, stored information insecurely, and failed to provide adequate security training to employees. — January 2023 • Consent order with an online alcohol marketplace (and its CEO, personally) over allegations that its security failures led to a data breach, exposing the personal information of approximately 2.5M consumers. Specifically, it did not require employees to use MFA, did not limit employees’ access to personal data, failed to monitor security threats, and stored information insecurely. — January 2023 • Consent order with an online customized merchandise platform that failed to implement reasonable security measures and failed to adequately respond to several security breaches. Specifically, it stored SSNs and passwords in readable text, did not require employees to use MFA, retained data longer than was reasonably necessary, and covered up major data breaches. — June 2022 With the Safeguards Rule and the looming Motor Vehicle Trade Regulation Rule that the NADA is actively opposing, we believe that automotive retail is squarely in the sights of the new FTC commissioners. It is imperative that dealers continue in their efforts to expeditiously comply with all the new requirements of the Rule to achieve full compliance by the new deadline. If you’re feeling behind or overwhelmed, we’re here to help. Send us a message at info@complyauto.com or visit our website at www.complyauto.com to learn more about our “one-stop-shop” solution for the Safeguards Rule and our Compliance Guarantee. This article should be used as a compliance aid only and though its accuracy has been made a priority, it is not a substitute for professional legal advice. Each dealer should rely on their own expertise when using it. wvcar.com 14

RkJQdWJsaXNoZXIy ODQxMjUw