Some key auto industry technology companies are actively helping dealers meet a June 9 deadline for the revised federal Safeguards Rule governing consumer information security.
After gaining a six-month reprieve in November, auto dealerships and other financial institutions are working hard to meet the new Federal Trade Commission cybersecurity mandates. Companies including CDK Global, Helion Technologies, Reynolds and Reynolds Co. and ComplyAuto told Automotive News they have long provided everyday IT and cybersecurity offerings such as firewall and virus protection that will help dealerships comply. Some also have injected more involved services such as virtual chief information security officers, cybersecurity risk planning and threat testing.
"We are the one-stop for all things privacy and cybersecurity, and that was our pitch even before the [revised] Safeguards Rule," said Chris Cleveland, co-founder and CEO of dealership compliance startup ComplyAuto in Utah.
Initially passed in 2021, the updated Safeguards Rule mandates a dealership's cybersecurity program have certain elements in time for the compliance deadline. They include hiring or outsourcing a "qualified individual" to oversee cybersecurity and report to company leadership; assessing risks and acting to minimize them; and putting an incident response plan in place for potential breaches.