Dealership Relief | The Federal Trade Commission Extends Safeguards Rule Deadline to June 9, 2023
The Federal Trade Commission (FTC) has extended the deadline for compliance with a rule designed to keep customer data safe. On November 15, 2022, the FTC announced they’ll be extending the Federal Safeguards Rule six months from December 9, 2022, to June 9, 2023. The Safeguards Rule requires non-banking financial institutions, such as mortgage brokers, motor vehicle dealers, and payday lenders to develop, implement, and maintain a comprehensive security program to keep their customers’ information secure.
Why the extension?
The Commission unanimously voted to extend the deadline based on reports sent to them stating there is a shortage of qualified personnel in place to help in implementing the information security programs. There has also been the ongoing risk, amplified due to the pandemic, that supply chain issues may lead to delays in obtaining necessary equipment for upgrading security systems. These issues have caused difficulties for many dealerships, especially smaller dealers, to come into compliance by the original December 9, 2022, deadline.
A quick refresher on the Safeguards Rule
As a refresher, these new Safeguard Rules came into play starting back in October 2021, when the FTC approved changes to include more specific criteria for what safeguards financial institutions must implement as part of their information security programs. Some of the less complex provisions went into effect 30 days after the publication, but the major sections of the rule (listed below) were originally slated to go into effect December 9, 2022. The provisions of the updated rule specifically affected by the six-month extension include requirements that covered financial institutions:
- designate a qualified individual to oversee their information security program;
- develop a written risk assessment;
- limit and monitor who can access sensitive customer information;
- encrypt all sensitive information;
- train security personnel;
- develop an incident response plan;
- periodically assess the security practices of service providers; and
- implement multi-factor authentication or another method with equivalent protection for any individual accessing customer information.
What dealers should do now
Dealers are encouraged to continue in their efforts to comply will all the new requirements of the Rule, but should consult with their attorneys, service providers, and IT professionals about the potential impact of this deadline extension. This six-month extension will be a welcomed relief for many dealerships, providing more time to implement the information systems to adequately cover the regulations set forth by the new Safeguards Rule.
Read more about the FTC Safeguards Rule.
Talk to an auto dealership pro
Have a question about the Safeguards Rule, or another issue affecting your dealership you’d like to discuss? Contact us to connect with one of our top automobile dealership tax and audit pros for a free consultation.