It is important to protect customers’ private information. Automobile dealerships understand that, as does the Federal Trade Commission (FTC). As part of that understanding, car dealers have been required to comply with the Standards for Safeguarding Customer Information (“Safeguards Rule”) since 3003. The rule requires dealerships to safeguard non-public personal information (NPI) such as Social Security numbers, which are often used to run credit checks.
At present, the FTC is considering amending the Safeguards Rule that will add even more burdensome requirements for dealers, regardless of dealer size and location. Among these requirements would be that dealers appoint a Chief Information Security Officer responsible for an annual assessment report and audit of data security, plus requirements for additional data encryption, two-factor authentication on internal computers, and “penetration testing” and detecting “vulnerability requirements” in the data systems.
If all of that sounds like it might be overwhelming for the neighborhood mom-and-pop auto dealership, that’s essentially one of the points raised by the president of the National Association of Dealer Counsel (NADC), Johnnie Brown. In his comments submitted to the FTC on the proposed rules, Mr. Brown notes that the heightened requirements are vague in many instances and apply equally to small dealerships in rural locations and major franchise operations. He also comments that while the goals of the proposed rules may be “lofty,” the existing rules are more fair and flexible enough to accommodate dealers of all sizes and in all geographic places.
In short, a neighborhood dealer in Beckley, West Virginia is going to have a lot more difficulty finding (and funding) someone qualified to handle the numerous reports, audits, tests and upgrades required by this change than a major dealership chain in Silicon Valley would. And even the big dealers would need more time to implement the proposed changes.
Mr. Brown and the other attorneys of Pullin, Fowler, Flanagan, Brown & Poe, PLLC provide litigation and compliance counsel to auto dealerships in West Virginia, Ohio and Kentucky. And when he’s not directly assisting clients, he is, as the president of the NADC, defending dealers’ rights against burdensome regulations. To schedule a consultation regarding litigation or compliance, call 304-344-0100 or contact us online.