Implementing IT security measures to protect the data privacy of businesses and customers can be a daunting proposition for automobile dealerships, particularly smaller stores. The increased demand on resources and staff can be enough to make owners and managers balk at the effort and cost.
The Gramm-Leach-Bliley Act was originally put in place by the Federal Trade Commission to ensure that banks and other financial institutions would have technology and procedures to protect their customers' financial data from cyberattacks and breaches. The FTC then extended this safeguards rule to nonbank financial institutions including automobile dealerships. The new rule took effect on Jan. 10, 2022, and the FTC gave dealers one year to update processes and comply.
Fortunately, dealerships can take steps to establish or improve their IT and cybersecurity programs, both to meet new regulations and to support their businesses. These steps include developing a security strategy, implementing new procedures and working with staff to make sure new policies are understood and functional. Key to both compliance with the act and overall IT security is planning combined with clear, practical and strategic policies for preventing and addressing cyberthreats and other issues.