Security Market Opportunity: Automotive Dealerships

Talk To Your Customers About Compliance with the Gramm Leach Bliley Act

It’s no secret that auto dealerships are subject to compliance with the Gramm Leach Bliley Act (“GLBA”), especially since they frequently handle customer financing matters. However, the Federal Trade Commission (“FTC”) made amendments to the Safeguards Rule in early 2022 that those in the industry need to know. 

The amendments go into effect on December 9, 2022. Information security teams within any organization required to be compliant with GLBA would be wise to quickly get up to speed and ready to implement updated policies and procedures if they haven’t already. Doing so will ensure solid and consistent compliance.

A Brief GLBA Refresher

Enacted in 1999, GLBA was established as a protective measure to update and modernize the financial industry moving into the 21st century. It requires financial institutions, such as banks, mortgage lenders and non-financial companies that provide financial lending services, to provide customers with clear and accurate information-sharing practices. Ultimately, it allows consumers to opt-out of any interaction if they do not want their sensitive personally identifiable information (“PII”) shared.

What is the Safeguards Rule?

The FTC’s GLBA Safeguards Rule (the rule) took effect in 2003 to protect non-public consumer information collected, stored and used by financial institutions for purposes such as lending and financing. It instructs organizations to implement physical, technical and administrative protections to protect against phishing schemes, email spoofing, cyber-attacks and other cybersecurity risks. 

This rule applies to all industries that feature a financial component, such as those that offer in-house lending and financial counseling, which includes automotive dealerships. Essentially, the Safeguards Rule provides automotive consumers with all the information the auto dealership collects about them and how it will be collected, used and stored. 

Considering the heavy reliance on technology and the ongoing risk-laden cyber landscape, the FTC regularly updates this rule for consumer protection. In January of 2022, the FTC released Safeguards Rule amendments requiring financial institutions to review, revise, and reinforce measures to protect and secure consumers’ PII to ensure data privacy.

Why Are the GLBA Safeguards Rule Updates and Compliance Vital to Auto Dealerships?

The financial industry is a primary target of cybercriminals. Consider the number of cyber attacks targeting the banking sector rose by 238 percent in the first half of 2020 alone, according to VMware. Add to that the financial implications of security violations continues to escalate. IBM and the Ponemon Institute reported that the typical cost of a data breach in the financial sector was $5.72 million in 2021. 

Auto dealerships are just as vulnerable to cyber threats as any other industry. Since auto dealerships also offer loans or serve as intermediaries between customers and banks, their customers need to share sensitive PII for background checks and loan approvals. 

Therefore, auto dealers need to remain compliant with the Safeguards Rule for their customers’ protection and their business’s reputation. 

Along with protecting customers’ PII and the auto dealership’s reputation, it’s crucial to ensure GLBA compliance with the Safeguards Rule to avoid stiff penalties for executives and employees, which include a fine of up to $100,000 per violation. The business’s officers and directors might individually incur penalties up to $10,000 and even suffer imprisonment.

What Can Auto Dealerships Do to Ensure Compliance with the Safeguards Rule?

The most important aspect of the rule is that it is not as flexible as it once was regarding data security. It is critical for all involved to understand that the Safeguards Rule mandates that all financial institutions, including auto dealerships, need to satisfy a substantial list of requirements, regardless of their size, systems and data they maintain. 

Following are five tips that you can flag in your conversations with customers and prospects, to demonstrate your expertise on the topic.

1. Assign a designated coordinator

This IT professional will be able to implement and review the system and controls to ensure everything is in place for securing data.

2. Obtain a risk assessment

A detailed risk assessment will help auto dealerships identify and mitigate any risks that would leave them vulnerable to non-compliance and threats to customers’ PII.

3. Develop and implement Logical Controls

Based on the findings in the risk assessment, the auto dealership must have Logical Controls in place to respond appropriately to those findings. The most common Logical Control used in this capacity is a Managed Detection & Response (MDR) service, providing quick and effective multi-signal visibility, threat containment and total response to any cyber attacks on the auto dealership’s behalf.

4. Appropriate controls with the organization’s vendors

Auto dealership clients must work with vendors to work out appropriate contracts, certifications, and future vendor audits, ensuring that they will report any data or systems breach they suffer to the client as soon as they discover issues.

5. Ongoing process for reviewing and updating security controls

Cybersecurity and data threats are not static or predictable, so it’s vital that IT teams stay on top of reviewing and updating security controls internally and when working with outside vendors.

The GLBA Deadline Opportunity

It’s true. The last 18 months have been busy for auto dealers. Worldwide car sales grew to around 66.7 million automobiles in 2021, up from around 63.8 million units in 2020.

Busy auto dealers can easily miss news about important updates and deadlines like those for the GLBA and Safeguards Rule. This critical update can serve as an opportunity for you to inform or remind them about the GLBA deadline. But more importantly, this moment in time affords you the opportunity to also pitch in to help ensure that they have everything covered and are in compliance. 

You don’t have to do it alone. You have access to a number of security suppliers that can help auto dealership leaders by providing cyber risk assessments, a virtual chief information security officer (vCISO), Managed Detection and Response (MDR), incident response, security awareness training for staff, and other services.

Need help? Reach out to our Solutions Engineering Team or contact your BDM.

Blogs, Announcements, & Press

Quick Links

ScanSource

Intelisys University

MyIntelisys

Privacy Policy

California Consumer Privacy Statement

Get In Touch

Phone: 800.615.8330
Email: intel_info@scansource.com

Press Inquiries:
Natalyn Klump
Public Relations Manager
natalyn.klump@scansource.com
864.286.4420

Facebook Youtube Linkedin Instagram

Ken Mills

President

Ken Mills serves as President of Intelisys and is committed to driving growth for Intelisys and our partners. As a distinguished technology executive with over two decades of experience, Ken has previously held leadership roles at EPIC iO, Dell Technologies and Cisco, and served as a fellow with the U.S. Department of State. His strategic mindset has been an integral part of launching innovative products and solutions in the fields of AI, IoT, and 5G. Ken is driven by his curiosity and passion for groundbreaking technology and complex problems, and constantly explores new frontiers in the world of technology.

Monica Lutes

Manager, People & Culture, ScanSource, Inc. and Intelisys

As Manager, People & Culture, Monica has worked closely with Intelisys employees and leaders since 2018 and has worked with ScanSource companies since 2016. A Human Resources professional with 11 years of experience encompassing all areas of HR, especially employee relations, recruiting, compliance, and training, Monica approaches her role as Manager, People & Culture from a consultative perspective. Her goal is to provide advice and guidance to leaders so they can focus on growing the best teams for the business while also supporting employees’ goals.

Ansley Hoke

SVP Marketing, ScanSource, Inc. and Intelisys

Ansley Hoke is the Senior Vice President of Marketing at ScanSource, Inc., a role she has held since 2019, and extended her leadership to include Intelisys in 2023. She joined the company in 2001, serving in merchandising leadership roles for ScanSource POS and Barcode, including acting Vice President of Merchandising and then later VP of Merchandising for ScanSource Catalyst and overall VP of ScanSource Catalyst. She oversaw sales, supplier relations, and services. Known for her pivotal role in creating effective marketing strategies, Ansley has been integral in driving demand, enhancing partner programs, and significantly contributing to the company’s revenue growth and channel relationships.

Mike Baur

CEO of ScanSource, Inc. and Interim President of Intelisys

Mike Baur serves as Chairman and Chief Executive Officer at ScanSource. Mike has served as the Company’s President or CEO since its inception, as a director since December 1995, and as Chairman of the Board since February 2019. Mike has developed a deep institutional knowledge and perspective regarding ScanSource’s strengths, challenges and opportunities. He has more than 30 years of experience in the IT industry, having served in various leadership and senior management roles in the technology and distribution industries before joining ScanSource. Mike brings strong leadership, entrepreneurial, business building and development skills and experience to the Board.

Stephanie Bouras

Regional Vice President, Southeast

Driven by a partner-first philosophy and a passion for innovation, Bouras embodies a leadership style that’s both compassionate and data-driven. As the Regional Vice President, Southeast, at Intelisys, she’s leveraged her extensive marketing and sales experience to propel her team to new heights. A firm believer in aligning herself with her partners, she sees herself as a collaborator and an integral part of their business. This perspective has allowed her to forge deep connections and drive success. A Florida native, Stephanie’s attention to detail and unwavering commitment to her partners have been key factors in her success.

Michael Raspanti

Regional Vice President, Northeast

Michael joined Intelisys in June of 2020, as a long-time channel veteran. He is responsible for leading the Northeast Region, helping continue the tremendous momentum in one of our strongest markets while also recruiting new up and coming partners that will be the growth engine of our future success.

Kristy Thomas

Vice President, Partner Experience and Enablement

Thomas is responsible for Sales Partner enablement and education for all our technology segments, including CX, managed security, mobility, and connectivity. With over 20 years of executive background in telephony, UCaaS, CCaaS and Cloud services, Kristy enables her customers to think broader and deeper as she guides them through their decision journey. Some of the biggest deals in the channel have become a reality thanks to the expertise and humble excellence Kristy brings to her client’s projects.