The cybersecurity and privacy demands on car dealers are growing at a rapid rate. Car dealers – many of whom process large amounts of sensitive PII – are now required to adopt certain mandatory cybersecurity and privacy safeguards to ensure the protection of client data. In October of 2021, the FTC implemented the new requirements, along with stricter penalties for noncompliance, to the tune of $11,000 in fines per day per incident. A summary of the new requirements is as follows:
The new ruling creates the requirement for both a fiscal and time investment in order to meet compliance. Car dealers may choose to leverage a third party to assist in alleviating this pressure, or bring expertise in-house; the latter being the more costly option.