Welcome to ITS! Learn more about our strategic partnership with Digital Seattle!

Kharmela Mindanao

By: Kharmela Mindanao on February 13th, 2024

Print/Save as PDF

Auto Dealerships are Required to Report Data Breaches to the FTC


On October 27, 2023, the FTC amended the Safeguards rule – now, non-banking institutions are required to report specific data breaches and other security events to the agency.  

But what does this really mean for your auto dealership?

As a managed security services provider (MSSP) specializing in the unique cybersecurity needs of the auto dealership industry, we leverage our two decades of experience to navigate the complex regulatory environment. Our dedicated team understands the intricacies of the FTC Safeguards Rule and its impact on your business, ensuring you receive the most relevant and effective strategies for compliance and data protection. So in this article, we’ll break down: 

By the end of this article, you’ll know exactly what you need to change to keep up with shifting government regulations.  

What is the Recent FTC Amendment? 

Businessman discussing FTC Safeguards Rule compliance strategies

The FTC implemented recent changes to the FTC Safeguards Rule, primarily expanding on the required security measures and the covered institutions. 

However, the most recent amendment in October 2023 requires financial institutions to report data breaches starting May 13, 2024 – specifically, “unauthorized acquisition of unencrypted customer information, involving at least 500 customers.” Auto dealerships, under the previous amendments, are considered financial institutions. 

List of What to Include in Reporting a Breach

When reporting the breach, you will need to include: 

  • The name and contact information of the reporting financial institution 
  • A description of the types of information that were involved   
  • The date or date range of the event 
  • The number of consumers affected or potentially affected 
  • A general description of the event 

If applicable, you’ll also need to: 

  • Clarify whether any law enforcement official informed you that notifying the public will “impede a criminal investigation or cause damage to national security.”   
  • Provide the contact details of the reporting officer.   

In addition, you’ll need to notify the FTC about the breach no later than 30 days via the FTC website 

This report comes on top of all the other changes dealerships need to make.   

Schedule a Meeting

What Changes Do Dealerships Need to Make? 

Dealerships will need to comply with the FTC Safeguards Rule, which includes – but is not limited to – having the following:  

Overall, your dealership might have to do a complete overhaul of your IT security or keep changes to a minimum.  

Need Help with FTC Safeguards Rule Compliance? 

Car dealership consultants discussing FTC Safeguards Rule changes

Regardless of how many changes you need to make, no one wants to make mistakes when complying with government regulations. It's better to do it right than to do it quickly yet overlook something.  

As an MSP with experience providing compliance services, we know how crucial it is to follow government guidelines. Contact our IT specialists for a one-on-one meeting, and let us help you through the process.   

However, if you want to learn more about the FTC Safeguards Rule for dealerships, check out the following resources: 

Schedule a Meeting