Guest commentary: Five key benefits of the Safeguards Rule for dealerships

Auto dealerships are irresistible targets for cybercriminals.

The amount of consumer data collected, processed and stored within dealer management systems — Social Security numbers, addresses, credit scores and financing information — is a jackpot for bad actors and identity thieves. The FTC reported 70,000-plus cases of identity theft related to auto loans and leases in 2021 alone.

The Safeguards Rule, which takes effect on June 9, is a set of information security requirements designed to protect consumer data from unauthorized access, use, disclosure, destruction or loss. Any financial institution under FTC jurisdiction that’s not covered by the Gramm-Leach-Bliley Act must comply — including auto dealerships.

The Safeguards Rule left many dealerships scrambling to understand requirements and implement security measures. But instead of seeing the rules as more regulatory hoops to jump through, dealerships should view these requirements as both a short- and long-term benefit to their business and customers.

While it would be easy to view the Safeguards Rule as check-the-box tasks, compliance offers dealerships compelling benefits: A robust security and privacy program will positively impact nearly every aspect of the business, from building customer trust to streamlining operations and reducing risk.

Auto dealerships are assaulted by an average of 153 viruses and 84 malicious spam emails every day. Too many dealerships lack the proper checks and balances that accompany a formal security and privacy program. As attacks increase in volume, complexity and severity, dealerships must strive for greater maturity in their security and privacy programs.

The Safeguards Rule offers valuable guidance for adopting security and privacy best practices, including formal risk and change management, incident response planning and access monitoring. A mature security and privacy posture will help dealerships reduce financial, legal, regulatory and reputational risk.

Lowering organizational risk and establishing sound security and privacy processes improve operational efficiency across the dealership. Compliance activities keep management aware of critical risks, identify redundancies across software and procedures and ensure staff are properly trained to protect sensitive information.

The Safeguards Rule mandates that organizations implement measures to store, process and dispose of consumer data securely. With more effective and efficient data management processes in place, dealerships will see improved data quality and more informed decision-making across their business.

The auto retail model continues to evolve and dealerships must capitalize on consumers’ desire to move more of the purchasing process online. Online financing approvals, vehicle appraisals and purchase offers will all be made more secure with proper security and privacy controls. By adopting the Safeguards Rule, dealerships can take significant steps to streamline the buying process and improve the customer sales experience as more of it inevitably shifts online.

Adhering to the Safeguards Rule allows dealerships to implement industry-standard security and privacy processes in ways that are demonstrable to customers. Security awareness training is one example as 73 percent of consumers feel more comfortable working with dealership staff who display security training certifications on their desks. Dealerships that can prove they have customers’ best interests at heart stand to gain a competitive advantage, earn customer trust and inspire repeat purchases.

Consultants cost $200 to $300 an hour yet fail to offer a long-term solution. Consultants may offer expertise in the initial stages, but it’s still up to dealerships to put policies and processes into practice, validate they’re working and keep them updated for ongoing compliance.

The Safeguards Rule provides dealerships with a specific security and privacy framework without over-reliance on consultants, including information asset management, access controls and secure data disposal — all of which can easily be managed in a compliance automation tool so dealerships can focus on their core business.

Implemented correctly, compliance with the Safeguards Rule can unlock rapid growth across multiple fronts: customer acquisition and loyalty, internal scalability and market differentiation. Forward-thinking dealerships that seize this opportunity stand to reap the full rewards of a strong data security and privacy posture.