This article does not provide legal advice, nor should it be construed as legal advice. All dealership professionals and agents must consult their legal counsel on any legal questions, legal matters, or legal requirements.
Of all the challenges the car industry has been presented with this past year, one particularly important issue has become a focus point — the new amendments to the Safeguards Rule. A part of the Gramm-Leach Bliley Act, this rule may affect the responsibilities that all dealerships must remain compliant with. And your partners at Allstate Dealer Services want to make sure you have all the information you need before it goes into effect on December 9, 2022.
The Gramm-Leach Bliley Act was put into law as a response to large financial institutions that were seeking to merge businesses. For the auto industry, it’s had three major and lasting impacts: it defined dealers as non-banking financial institutions, it created the Safeguards Rule — which dictates how dealers must protect consumer’s non-public information — and it established the Privacy Rule that protects the consumers right to know who their information is being shared with, and the right to opt-out.
The Gramm-Leach Bliley Act isn’t new. But the amendments to the Safeguards Rule are. So, even if you’ve been up-to-date with all the requirements in the past, these changes may have a major effect on how you run your business going forward.
But why the change? The amendments increase the standards for keeping consumer data and privacy secure.
The updated Safeguards Rule provides refined security measures and standards, including:
– A definition of what is considered a consumer record as well as a defined set of requirements to protect that information.
– Dealers are now required to provide enhanced oversight to any service providers and vendors that they share consumer information with (including DMS, CRM, product and service providers).
– Dealers with less than a total of 5,000 consumer records do not have to meet the enhanced standards.
Dealers can now use technical tools and resources for digital changes
– The amended Safeguards Rule now includes several elements where technical tools are more important, and sometimes necessary.
Written Information Security Program (WISP) needs to be updated
– The security programs will need a qualified individual to update and maintain WISP.
Dealers are now required to create written documentation and self-report to the FTC
– Security events must be documented and reported to both senior leaders at the dealership and the Federal Trade Commission (FTC).
All personnel must be trained to the new standards
– Security awareness training should be updated to sufficiently address relevant security risks.
Additional oversight should be implemented for protected consumer information
– Any internal system or provider where consumer information is shared, now requires enhanced oversight.
At least 15 elements that may take time and effort to fully implement into your dealership:
As we work towards maximizing profitability in the auto industry, we need to make sure we’re doing it right, and in a way that protects consumers and businesses. And while this may seem like a lot to accomplish, it’s our responsibility to uphold the credibility of the auto industry, and the security of the consumers.
We’ve laid out some helpful steps below:
And the road to compliance begins now! Keep in mind your dealership needs to meet all requirements by December 9, 2022.
As always, Allstate Dealer Services* strives to help keep you informed about important industry changes that impact your dealership. And we’re here to help you succeed. Please contact us with any questions at AllstateDealerServices.com.
*Allstate Dealer Services is a marketing name for Pablo Creek Services, Inc., E.R.J. Insurance Group, Inc. d/b/a American Heritage Insurance Services, and First Colonial Insurance Company; each of these entities is a member of the Allstate family of companies.
Send us a letter
Have an opinion about this story? Click here to submit a Letter to the Editor, and we may publish it in print.
Please enter a valid email address.
Please enter your email address.
Please verify captcha.
Please select at least one newsletter to subscribe.
See more newsletter options at autonews.com/newsletters.
You can unsubscribe at any time through links in these emails. For more information, see our Privacy Policy.
Sign up and get the best of Automotive News delivered straight to your email inbox, free of charge. Choose your news – we will deliver.
Get 24/7 access to in-depth, authoritative coverage of the auto industry from a global team of reporters and editors covering the news that’s vital to your business.
Our mission
The Automotive News mission is to be the primary source of industry news, data and understanding for the industry’s decision-makers interested in North America.
1155 Gratiot Avenue
Detroit, Michigan
48207-2997
(877) 812-1584
Email us
Automotive News
ISSN 0005-1551 (print)
ISSN 1557-7686 (online)
Fixed Ops Journal
ISSN 2576-1064 (print)
ISSN 2576-1072 (online)