In 2021, the FTC amended the Safeguard Rule. You are expected to be compliant with the updated requirements by December of 2022. I have spent many hours chasing the rabbit down the hole to learn more about these amendments and what it means for my clients. So, what is it?
Gramm-Leach-Bliley Act: The Gramm-Leach-Bliley Act (GLBA) requires financial institutions – companies that offer consumers financial products or services like loans, financial or investment advice, or insurance – to explain their information-sharing practices to their customers and to safeguard sensitive data.
First and foremost, you must designate an employee to manage or oversee your compliance project. This includes designing, implementing, maintaining, testing, and reporting on it during the entire life of the business. Despite my nature to keep things in-house, the task of developing and implementing the Security Program is quite complex and strict. In my utmost professional opinion, I recommend to everyone to outsource these duties to a professional I.T. company. It is well worth the investment into your business, your clients, and a good night’s sleep. I would also suggest working with a company that can be paid to train your designated employee (start reading up on the rules) to maintain the job duties of Safeguard Compliance once your program is in place.
Pricing to hire someone can be all over the place – from Too good to be true to The Bentley of Safeguard Compliance Professionals. I suggest you look thoroughly into the company; Do your research, ask a lot of questions, and hire a professional with a clear vision of what you expect of their performance and duties.
Non-compliance with GLBA can carry severe financial and PERSONAL consequences for OWNERS and employees. The fines for GLBA infractions can be eye-watering to say the least – some reaching up to $100,000 per violation… (Read that one more time…PER VIOLATION.) Owners, officers, and/or directors can be fined up to $10,000; Imprisoned for 5 years; Or Both. OUCH.
Once you have completed all the tasks of implementing your Security Program, the Federal Trade Commission then requires you hire a professional cyber security company to test its strength, to be followed up with a report. (If you are able to find one company that can do all the required tasks for one fee, even better!) From there fix any holes found and move forward with your business.
The information I have discussed with you all today is just the beginning of a laundry list of compliance regulations dealers are held accountable for meeting. At the end of the day, the secret to running a successful business is operating through due diligence. Sometimes staying on top of it can be like eating an elephant; The only way through is one bite at a time, creative recipes, and manageable goals to keep you on task.
As always, I am PROUD of all of you, in this, our community of dealers & friends. Let me just say, the financial storm that is gathering is going to carry us to heights we as BHPH Dealers have never seen!