On today’s episode I am joined by Brad Miller, Chief Regulatory Counsel for Digital Affairs and Privacy at NADA, and James Crifasi, CTO at RedZone Technologies. Brad and James are presently working together with car dealerships and other businesses to translate the recently revised FTC Safeguard regulations about data security and privacy into practical action plans.
Here are the 9 key areas that were discussed in the conversation about what car dealerships must comply with prior to December 9th 2022.
- “Determine the right person to implement and oversee company’s information security program.”
- “Conduct a risk assessment.”
- “Design and implement safeguards to control the risks identified through your risk assessment.”
- “Regularly monitor and test the effectiveness of your safeguards.”
- “Train, educate, and test your staff.”
- “Monitor your service providers.”
- “Keep your information security program current.”
- “Create a written incident response plan.”
- “Require your Qualified individual to report to your Board of Directors.”
As a CIO and Business IT Leader here are some wins you will get by listening:
(3:52) Brad Miller: “The type of data financial institutions is so sensitive that they have to have special obligations with respect to this information.”
(3:55) Brad Miller: “One side is the privacy rule…you have to tell the consumers what you’re gathering and what you’re going to do with it. The other half is the Safeguards Rule where you have to take steps to protect this information.”
(6:45) Brad Miller: “What resulted was a rule that came out about a year ago, it’s a mix of technical steps, contracts, policies, and training that companies have to do just as a minimum to meet your obligations.”
(7:35) Brad Miller: “The FTCs looking for a way to move the market forward, to really push data security across the board.”
(9:05) Brad Miller: “If you don’t think data security is part of your core competency, you have to make it one.”
(10:25) James Crifasi: “In the Safeguards, there’s a lot of room for what’s called the qualified individual or whoever is in charge of the IT security program.”
(12:57) Brad Miller: “Dealers are buttoning up their internal systems but need to make sure those third parties are doing the things they can.”
(16:20) James Crifasi: “This DMS provider just won’t budge. What do I do?”
(17:46) Brad Miller: “Dealers shouldn’t assume that just because you’re dealing with someone larger means they’re probably further along.”
(21:15) Brad Miller: “What makes it particularly difficult for dealers?”
(29:33) James Crifasi: “We want to keep the business side progress going as much as the security side.”
(31:36) Brad Miller: “We’re living in an age where the FTC is very, very activist.”
(31:53) Brad Miller: “We want people to do as much as they can as far as they can by the deadline, then continue plowing forward.”
(39:42) James Crifasi: “Advances in cars are going to start making security more important.”
(41:35) Bill Murphy: “The most inexpensive way to raise your security profile is to educate and train your employees.”
(43:15) Bill Murphy: “What does a written response plan look like?”
(44:42) Brad Miller: “Think beforehand what you’re going to do in the event of an issue and then practice.”
(48:34) James Crifasi: “When it comes to incident response plan and training, more attention to not assuming people know what the right thing to do is because naturally people don’t know the right thing to do.”
National Automobile Dealers Association (NADA)
“Data Security and Privacy: What Dealers Need to Know”
“FTC Issues Guidance on the Revised Safeguards Rule: The Time for Dealers to Act is Now”
“A Dealer Guide to the FTC Safeguards Rule”
“Drive Down Your Cyber Risk and Stop Breaches”
“FTC Safeguards Rule: What Your Business Needs to Know”
Love this episode? Leave a Review
Share it on your LinkedIn feed.
If you haven’t already, please make sure you leave us a review on iTunes.
About Bill Murphy
Bill Murphy is a world-renowned IT Security Expert dedicated to your success as an IT business leader.
Connect With Us On Social Media
Connect with Bill on LinkedIn.
Join The CIO Innovation Mastermind Community
We invite the top 20% of Business IT Leaders for my CIO Innovation Mastermind Events group to participate in monthly discussions on things like VR, AI, and other disruptive & emerging technologies. If you want to become a member, email Chief of Staff, Jamie Devou email@example.com for more information.