Auto dealerships and other small businesses have received a six-month stay on new mandates from the Federal Trade Commission on the agency's new Safeguards Rule, which seeks to bolster customer information security.
Dealers would be wise to use this extra time to ensure that their data house is in proper order when the unanimously granted extension expires June 9.
Instituted in 2021, the updated Safeguards Rule has nine elements that must be found in a dealership's cybersecurity program by the compliance deadline, originally Dec. 9.
Under the new rule, a business must hire or outsource a "qualified individual" to oversee the program and report to leadership; assess risks and minimize them; have a response plan should a breach occur; test or monitor its system; train staff; monitor vendors for information security, and adapt the system to changes at the business or other developments.
The National Automobile Dealers Association and other retail trade groups had sought a one-year extension, citing labor and supply shortages exacerbated by the pandemic. They got six months, and it looks unlikely another stay is in the offing. That is fine, because it shouldn't be needed.
The Safeguards Rule is part of the Gramm-Leach-Bliley Act, which was passed by Congress in 1999 and regulates business customer information practices. While the rule was passed by the FTC last year, its legal basis is now well-established and valued by consumers.