Enjoying what you’re reading? Sign up now.


The FTC Safeguards Rule Amendments + You + Reynolds… What You Need to Know

Digital padlock
Article Highlights:

  • Cyberattacks increased by 15.1% from last year.
  • New Safeguards Rule amendment goes into effect 6/9/23... are you prepared?

Update: The FTC announced an extension of six months to the amendments of the Safeguards Rule. The amendments will not take effect until June 9, 2023. For more information about the extension, click here.

Cybersecurity attacks have been on a steady incline each year, increasing by 15.1% from 2021 to 2022. There seems to be no end in sight, and each new attack is becoming more and more sophisticated. You may be looking into your dealership showroom thinking, “that will never happen to me!” But the truth is, the automotive industry is a prime target. There have been several cyberattacks and threats on OEMs and dealerships over the last few years.

And the impact isn’t just a bad day at the office or an angry customer comment. It’s legal fees and fines due to improper security practices. It’s hours, days, or maybe even weeks out of operation, like it was for Honda after their 2020 ransomware attack. Or it could be $250,000 in expenses to replace all your computers and network infrastructure, as was the case for a dealership group in Florida. There are real financial consequences to a cyberattack.

The FTC Safeguards Rule & Amendments

Enter the FTC Safeguards Rule initially released in 2003 as part of the Gramm-Leach-Bliley Act (GLBA). The rule lays out specific ways financial institutions should protect customer information. You might be thinking, “Financial institutions… I’m a dealership???” Yes, this does apply to dealerships. Under the rule, a financial institution is any business that offers consumers financial products or services like loans, financial or investment advice, or insurance.

With the continuous evolution of cyberattacks, there have been recent amendments to the rule. These include items such as:

  • Having a qualified person in charge of the dealerships’ information security program
  • Encrypting data at rest and in transit
  • Implementing, documenting, and reviewing who has access to what data
  • Requiring multi-factor authentication when accessing customer information
  • Providing staff training on information security
  • Disposing of consumer data in a secure fashion
  • Ongoing monitoring and testing of the effectiveness of your security program

These are just a few of the amendments. For more information, click here.

What can you do?

These amendments have a direct impact on your business, and you’re required to have a plan in place to meet these amendments by June 9, 2023. So what can you do today?

  1. Dust off the information security plan you created in 2003 when the Safeguards Rule was first released. Review it thoroughly to ensure it includes all of the components in the rule and the amendments. If something is missing, address it as soon as you can.
  2. Talk to your vendor partners to understand what policies they have in place to help you meet these amendments by the deadline.

How is Reynolds helping?

Reynolds is committed to helping our dealer partners meet the requirements laid out in these amendments. We’ve always taken data and cyber security seriously so we already have many of these requirements built into our system. For example, you’re already able to implement and review access controls for all applications, monitor and document who is accessing which data, and securely dispose of customer information. Also, the data is encrypted both at rest and in transit.

In addition, we are in the process of rolling out several new features, including multi-factor authentication, security training courses, and enhancements to our Interface Dashboard for monitoring user and third-party access.

For more information on any of these items, please contact your Reynolds account manager.

Looking Ahead

The amendments to the Safeguards Rule have established a deadline for implementing many security measures for your business.  This, coupled with the fact that cyberattacks continue to grow and evolve each year, make now the time to take action. Make sure you are working with your software vendors to meet these requirements and have a comprehensive and flexible plan for both your IT infrastructure and cybersecurity protection. When you can’t do all this on your own, enlist the services of a trusted partner to help do the heavy lifting.

Share this Article

Vice President of Data Strategy

Will started his career at Reynolds in 2000, and he has held various positions from website support specialist to business development management, and multiple roles on our Data Services team. As Vice President of Data Strategy, Will understands that data will power the foreseeable future, and he continues to provide a clear and concise data strategy for the company. As Chief Privacy Officer, he helps Reynolds be effective stewards of that data and helps Reynolds earn and maintain our dealers’ trust and the trust of their consumers.

Related Articles:

How to Avoid the Nasty Consequences of Bad Password Management

Keeping your passwords strong and secure is key to locking down your dealership’s digital assets. Thankfully, there are steps you and your dealership can take

Dark storm clouds and lightning over an empty field

Is your dealership prepared for storm season?

Storm season brings expected and unexpected disasters. Dealerships need to have a plan in place to help them recover if Mother Nature attacks. According to

Who is your cyber nemesis?

It seems like every week there’s a new foe to your cybersecurity. In 2023, over 72 percent of businesses worldwide were affected by ransomware attacks.

What an Effective Cyber Team Looks Like

Having an effective cyber team in place makes all the difference in whether your dealership falls victim to a cyberattack, but what does this kind