Part 2 of Self Reporting dives into the 30-day deadline for event notification, exceptions for law enforcement, encryption mandates, legal risks for non-compliance, and privacy policy importance.

Explore the FTC's new self-reporting mandate in 'Self Reporting [Part 1]', covering updated rules, notification events, and the impact on dealerships.

One of the Rule’s requirements that was postponed is the duty to oversee your service providers. Dealers needed the extra time to comply because this is one duty you can't control.

As you recall, the original enforcement date for the revised Safeguards Rule was December 9th, 2022. By the time you're watching this that day has passed. Fortunately, on November 15th, the FTC postponed enforcement of the revised rule.

What do you do in the aftermath of a “security event” – anything that results in unauthorized access to or misuse of an IT system and its contents?

The Safeguards Rule requires you to oversee your service providers. In this episode Jim discusses this requirement and its four subparts.

The greatest threat to customer data security is located between the monitor and the chair – in other words, your own employees.

Regular testing and evaluation of your Information Security Program is a must. Of all the safeguards the Rule mandates, this one may do the most to actually protect customer data – if it’s done right.

Here are the last of the mandatory categories of Safeguards under the revised Rule...

Let's continue with the list of mandatory safeguards...

A Risk Assessment should tell you what needs to be done. Implementing Safeguards is the doing. Some Safeguards are mandatory. The ones I consider most important include...

Once a QI has been designated, that person’s first task should be to conduct a Risk Assessment. A Risk Assessment is an evaluation of the internal and external risks to the security and integrity of data on a network.

One of the revised Safeguards Rule's requirements is that a dealership designates a Qualified Individual. What does that mean and who should it be?

Why Comply with the Revised Safeguards Rule? The original rule became law in 2003 and saw very little enforcement in the years since. Many dealers essentially ignored it with little consequence. But that's why the rule was revised.