On Nov. 15, 2022, the Federal Trade Commission announced it is extending by six months the deadline for companies to comply with some of the amendments to the FTC’s Safeguards Rule. Earlier this year, NADA submitted comments to the FTC seeking an extension of the deadline. The deadline for complying with some of the updated requirements of the Safeguards Rule is now June 9, 2023.
The provisions of the updated rule specifically affected by the six-month extension include requirements that covered financial institutions:
designate a qualified individual to oversee their information security program,
develop a written risk assessment,
limit and monitor who can access sensitive customer information,
encrypt all sensitive information,
train security personnel,
develop an incident response plan,
periodically assess the security practices of service providers, and
implement multi-factor authentication or another method with equivalent protection for any individual accessing customer information.
Dealers are encouraged to continue in their efforts to expeditiously comply with all the new requirements of the Rule but should consult with their attorneys, service providers and IT professionals about the potential impact of this deadline extension.
* * *
The FTC issued a complex set of new amendments to its Safeguards Rule, which require dealers to undertake a series of procedural, technical, and contractual steps to protect consumer and other personal data.
The amended Rule’s requirements had an original deadline of Dec. 9, 2022, but the FTC has extended that until June 9, 2023, for some of the updated requirements of the Safeguards Rule.
There is quite a lot that dealers must do to comply with the changes. NADA has a number of member resources to get you started, including a comprehensive Driven Guide for dealers that contains step-by-step instructions for compliance, as well as a series of links, template policies, exhibits, IT guidance and more.
For more information about the Safeguards rule see NADA's Amended Final Safeguards Rule Preliminary FAQs here, email NADA Legal & Regulatory Affairs, or call 800.557.6232.
The NHADA also has a webinar available on-demand that covers this matter.