top of page

New Safeguards Rule Notification Requirement Now in Effect for Car Dealerships

Attention car dealerships: If your business handles sensitive customer information, it's crucial to understand the new requirements under the FTC’s Gramm-Leach Bliley Safeguards Rule. As of May 13, 2024, an amendment mandates reporting certain data breaches and security events to the FTC. Here's what you need to know to stay compliant and protect your customers.


Thumbnail image showing a secure digital lock symbol over a background of various car dealership documents and symbols related to the automotive retail industry, representing data protection and compliance with the FTC Safeguards Rule. The design is professional and clean, with a blue color scheme evoking trust and security.

Understanding the Safeguards Rule:


The Safeguards Rule is designed to ensure businesses protect the security and confidentiality of nonpublic personal information. The FTC has updated this rule to keep pace with technological advancements and current security challenges. For car dealerships, this means new obligations to report data breaches affecting customer information.


Who Needs to Comply?


Car dealerships fall under the category of financial institutions subject to the FTC’s jurisdiction. This broad definition includes any business handling customer financing details, loan applications, or other personal financial information. Your dealership is likely covered if you deal with this type of data.


New Safeguards Rule Notification Requirements:


As of Monday, May 13, 2024 car dealerships must comply with the Safeguards Rule notification requirement. Dealers must report to the FTC within 30 days of discovering a security breach affecting 500 or more consumers. A breach is defined as unauthorized access to unencrypted customer information, or when an unauthorized person obtains the encryption key. Read more about the notification requirements going into effect here.


How to Report:


The FTC has made the reporting process straightforward. Use their new online form, which clearly outlines the information required:

  • Name of the affected dealership

  • Contact person details

  • Start and end dates of the breach

  • Number of consumers affected

  • Types of information involved

  • Summary of the breach event

  • Law enforcement delay requests (if applicable)


Access the form here.


Ensuring Compliance:


While the Safeguards Rule is essential, it’s not a substitute for other federal and state regulations. Make sure your dealership meets all relevant legal obligations to protect consumer information effectively. Regularly review your data protection policies and update them as needed to stay compliant and secure.


Staying ahead of regulatory changes is critical for car dealerships. By understanding and complying with these rules, you can help ensure your dealership's continued success.



bottom of page