Today, the FTC released a series of FAQs clarifying a number of questions under the GLBA Safeguards Rule, specifically as it relates to motor vehicle dealers. This clearly demonstrates the FTC’s continued focus on the obligations under the Safeguards Rule, and dealers’ duties under the rule in particular.
In some ways, these FAQs largely reiterate prior guidance from the FTC. However, the guidance does clarify dealers’ obligations with respect to third-party service providers and specifically OEMs. Many OEMs treat the Safeguards Rule obligations seriously and work well with ComplyAuto to assist with dealer compliance with the Rule. However, some OEMs still fail to fully recognize their obligations when accessing non-public personal information from dealers. This guidance should help clarify that all third-party service providers, including OEMs, must comply with the requirements of the Rule when they have access to dealer data and/or dealer systems containing non-public personal information.
If you have any questions, reach out to ComplyAuto today—we can help. In the meantime, dealers should review the new FAQs and stay tuned for a more detailed analysis from ComplyAuto soon.