Association Events
Learn about NHADA's major events and fundraisers.
Print this article
.png?width=150&name=Ally_Final%20Logos%20and%20Pairings_11.14.2018-01%20(2).png)
.png?width=150&name=wiplfi%20logo%20new%20(003).png)
.jpg?width=150&name=NHADA_Partner_FTR_Img_NHADA_Insurance%20(1).jpg)
.jpg?width=150&name=NHADA_Partner_FTR_Img_JMA(1).jpg)
.png?width=150&name=corp_logo_horz_on_light_with_trademark_symbol_1200w%20(002).png){kind=logo}
.png?width=150&name=Priority%20Commerce%20Automotive%20-%20Full%20Color@4x%20(1).png)
The Federal Trade Commission (FTC) has updated its Safeguards Rule data breach notification form. The new form now clarifies that a third party, such as a law firm or third-party vendor, is able to submit the notification on behalf of a financial institution. The form also adds a check box if the submitter would like to request a secure file transfer link to provide a spreadsheet of the names of the financial institutions on whose behalf the notice is being sent.
When such a filing occurs, the third-party may enter the following in the “Name of Affected Financial Institution” data field: “Multiple car dealerships listed in the submitted spreadsheet.”
The FTC Safeguards Rule requires financial institutions (including dealers) to provide an electronic notice to the FTC on the FTC’s website as soon as possible and no later than 30 days after discovering a notification event involving the information of at least 500 consumers. A notification event is the unauthorized acquisition of unencrypted customer information. This update to the breach notification form clarifies that third parties may file the form on a dealer’s behalf but does not relieve dealers of any of the requirements in the Safeguards Rule, including the obligation to oversee their service providers.
Following two recent data breaches reported by third-party vendors that potentially triggered the breach notification requirement for auto dealers, NADA worked with the FTC and the vendors to have the vendors file a consolidated breach notice on behalf of their dealer clients. The old form did not have the capability to allow a vendor to file a consolidated breach notification. The updated form now allows for this capability.
Dealers should coordinate closely with their vendors to ensure that any required data breach notices are filed in a timely manner. Dealers should also keep in mind that data breach notifications submitted to the FTC may be made public, whether the dealer submits them directly or through a third party.
More Info (login required):
· A Dealer Guide to the FTC Safeguards Rule
· CDK to File a Consolidated Breach Notification with the FTC on Behalf of Dealer Clients if CDK Determines that Federal Notification Requirement is Triggered
· 700 Credit to File a Consolidated Breach Notice with the FTC on Behalf of its Dealer Clients
Source: MSADA Bulletin #82