Ever since the Federal Trade Commission (FTC) passed the Safeguards Rule, customer information security has been a hot topic over the past several years for auto dealerships. The FTC mandates that auto dealerships have a formal, written, and revisable program specifying the steps taken to protect customer’s personal information and prevent unauthorized use of such information. The three objectives needed in a Customer Information Security Program are:
- Secure and insure the confidentiality of customer information.
- Defend against anticipated threats to the security of our customer information.
- Shield against unauthorized access to, or use of, our customer information.
What are the liabilities an auto dealership faces if no Customer Information Security Program exists or it isn’t implemented and/or communicated fully throughout the organization? A prominent auto dealership in Colorado learned the hard way, due to two fraud investigations within a few months regarding fraud and forgery of contracts.
Without a defined Customer Information Security Program, no risk assessment was completed to protect the customers’ information. It’s not just up to the dealership owner to be ethical, but all employees working for the dealership. Had there been a specific program in place regarding 1) Employee Training; 2) Information processing, storage, transmission and disposal; and 3) Detection, prevention and reaction to an attack of information systems, this dealership might not be in the predicament they are in and have a permanent black mark on their Colorado Dealer Board record.
More information on the Safeguards Rule for auto dealerships can be found at http://www.niada.com/PDFs/Publications/Safeguards%20Rule.pdf. HotlinkHR clients have access to a complete compliance program for Red Flags Rules and Customer Information Security included within their subscription.
You need to be a member of DealerELITE.net to add comments!
Join DealerELITE.net