Information Safeguards Rule: Over Twelve Years (Part 1)
- Insure the security and confidentiality of the dealership’s customer information.
- Protect against any anticipated threats or hazards to the security and/or integrity of the dealership’s customer information.
- Protect against unauthorized access to or use of the dealership’s customer information that could result in substantial harm or inconvenience to any customer.
The Safeguards Rule requires dealers to “develop, implement and maintain a comprehensive information security program that contains administrative, technical, and physical safeguards that are appropriate to your size and complexity, the nature and scope of your activities and the sensitivity of any customer information at issue.” Customer information includes personally identifiable data collected by dealers in connection with finance, lease or insurance contracts, unless the information is publicly available.
To meet the requirements for compliance, your business must:
- Appoint an employee to coordinate your dealership’s information safeguard plan.
- Identify foreseeable risks that could lead to a breach of customer security, and assess the existing safeguards to determine if they are sufficient to control the risks.
- Develop safeguards to mitigate the identified risks and regularly monitor their effectiveness.
- Ensure that the service providers your dealership works with also take reasonable measures to maintain customer security and oversee the effectiveness of those measures.
- Adjust programs if necessary, based on the results of monitoring the effectiveness of your program.
But it doesn’t just stop with meeting compliance standards. Best practices must be employed to ensure your dealership is continually meeting the requirements of the information Safeguards Rule.
Louis Young T (732) 572 3900 [email protected] |
Ask Our Experts
To ensure compliance with U.S. Treasury rules, unless expressly stated otherwise, any U.S. tax advice contained in this communication is not intended or written to be used, and cannot be used, by the recipient for the purpose of avoiding penalties that may be imposed under the Internal Revenue Code.