Why Comply with the Revised Safeguards Rule?
The original rule became law in 2003 and saw very little enforcement in the years since. Many dealers essentially ignored it with little consequence.
But that's why the rule was revised.
The squishy requirement of "reasonable safeguards appropriate to your operations" became mandatory and thus easier to enforce. A good reason to comply.
Malicious Attacks
But there is also enlightened self-interest. Protecting your customer's data also protects your own from malicious attacks.
How many units can you sell if a ransomware attack froze you out of your computer network?
Regulatory Enforcement
The FTC has enforcement authority over dealerships, but let's face it, the odds of regulators knocking on your door before a data breach occurs is remote. But the odds of a class-action lawsuit being filed against you post-breach is a stone-cold lock.
The FTC has defined failure to follow the Rule as a deceptive trade practice. That creates exposure to punitive damages and attorney's fees—a strong incentive to follow the rule.
Banks May Not Buy Your Paper
Finally, we've already seen banks saying they won't buy the paper of non-complying stores. And if you can't sell your paper you're going out of business. And that's why you need to comply with the revised Safeguards Rule.