• Stop being a LURKER - join our dealer community and get involved. Sign up and start a conversation.

A Dealer Guide to the FTC Safeguards Rule - Download PDF

Dan Sayer

Boss
Staff member
Dec 4, 2009
476
518
Awards
7
First Name
Dan
If you're the type of person who studies the morning of a final and gets an "A", then you'll probably be fine. If you need to study weeks in advance to get a "C", then it's time to panic. Either way, if you haven't started you need to start NOW to make sure you and your vendor partners are all buttoned up before the Safeguards rule goes into effect this December. There are a number of resources out there, including the NADA. Here is a simple guide, long but simple, to follow on your path to avoiding potential headaches and fines. Our auto group, through a team wiser than I, started this journey months ago.

Here is the link to the guide
View: https://drive.google.com/file/d/1YI52pPD1BHzoowgFv1mBzoNf1YJZZ9Bs/view?usp=sharing

If you're with the NADA, and I'm not supposed to share this document, sorry.
 
@Dan Sayer

Thanks for sharing this guide even if you weren't supposed to share it. Did you and Anderson hire an outside firm to assist with implementing everything? It's seems like quite an intensive undertaking for the average dealership, although it definitely needs to be addressed immediately. I saw the NADA guide recommends a handful of companies dealers can contact to help with compliance. Just wondering if you are using one of those companies or doing this in-house with a skilled IT team?
 
@Dan Sayer

Thanks for sharing this guide even if you weren't supposed to share it. Did you and Anderson hire an outside firm to assist with implementing everything? It's seems like quite an intensive undertaking for the average dealership, although it definitely needs to be addressed immediately. I saw the NADA guide recommends a handful of companies dealers can contact to help with compliance. Just wondering if you are using one of those companies or doing this in-house with a skilled IT team?
In house team. I hired a former pharmaceutical warehouse manager to take pictures (he was a semi-professional photographer on the side) to perfect our merchandising process in 2010 and he has since moved away from and has been utilized in the group to do all the strict process and compliance tasks (OSHA, Safety Training, Contract review, F&I Compliance, etc). He and our IT Director and CFO along with a couple of others have been working on this all year for all 12 of our retail points. We are lucky to have him and the team.
 
I am not endorsing this company, but will say that I sat through a Zoom Meeting with their legal counsel last week.


I was very impressed to say the least. They are on top of the vendor side, and seem to have a very deep understanding of these new FTC Guidelines. They have process templates built into their system, and all of the other cool stuff that we would expect someone to have.

It may well be worth looking into for anyone that can justify the fees.
 
  • Like
Reactions: JessicaRobertson
I am not endorsing this company, but will say that I sat through a Zoom Meeting with their legal counsel last week.


I was very impressed to say the least. They are on top of the vendor side, and seem to have a very deep understanding of these new FTC Guidelines. They have process templates built into their system, and all of the other cool stuff that we would expect someone to have.

It may well be worth looking into for anyone that can justify the fees.
That's who we are utilizing, as well.
 
  • Like
Reactions: Tallcool1
I know that everyone is probably tired of talking about this. I apologize in advance.

Because I like to get things done well in advance of any deadline, I am now finishing up my written Information Security Program manual. :banghead: According to the regulation, the data we are protecting is anything "Non Public". They go on to say something along the lines of Public Information that has been obtained through a channel that is not a Public channel should be protected as well.

The only concern that I have left is the ADF/XML incoming lead data. I understand that most of the 3rd Party vendors are likely going to move to API. Has anyone had any contact with the bigger 3rd Party Marketplaces such as Car Gurus, True Car, Cars . Com, etc. regarding actual timelines as to when (or if) they actually intend to change?

Another issue I struggle with is the timeline for when the data is considered to be mine. I feel like In Transit data from Car Gurus to my CRM is actually Car Gurus data...not mine. I don't even know that data exists until it hits my Email Parse.

What have others done with their written manuals as it relates to these issues?
 
We are a small used 100+ independent trying to wrap our brains around this. We're not prepared to marry a "security compliance" vendor at this time so we are doing what we can to understand and try to comply on our own. If anyone other independent has any documentation advice or ideas on how we, as a small dealer, can comply on our own it would be much appreciated. Thank you!