Reason #1: You’d look great in a prison jump suit
Reason #2: Your dealership has more than enough cash to pay the civil penalties
Reason #3: Your dealership could use less business.
Reason #4: Data security is my vendors’ responsibility, not mine.
Reason #5: You think GLB is a new sandwich option.
If none of the above apply to you, then you need to proactively develop a data security plan. And the sooner, the better.
Newsworthy data breaches have become so common we’ve become numb to them. And we may be able to rationalize complacency by thinking dealerships are not priority targets for hackers. Even if that was true, many of the vendors that dealers use every day may be VERY attractive targets for hackers or miscreants intent on stealing sensitive personal information of thousands of consumers.
Just as worrisome, your business or one of your software vendors doesn’t have to be hacked to create problems for your business and you. Just having a discovered vulnerability is enough to have the FTC at your door and generate some horrible PR for your business.
Chances are you have been exposed to The Gramm-Leach-Bliley (GLB) Act through your State Dealer Association, attorney, or trade publication. So, you also may already know that under the GLB’s Safeguard Rule, car dealers are required to protect sensitive consumer information from unauthorized access, fraud, or misuse. The Safeguard Rule also requires dealers to ensure the vendors they select properly protect sensitive data. And failure to do so could lead to substantial fines and penalties from the federal government. And of course, you have further obligations under the GLB Privacy Rule.
At a minimum, there are two actions your business must take to avoid data breaches and rules violations: Preparation and Prevention. We’re not here to provide legal advice or counsel on GLB Rules Compliance, but there are numerous companies that can help guide your dealership(s) in the various elements that dealers should comply with including:
• Developing, implementing and maintaining a comprehensive documented data security plan.
• Guides to ensure that dealership staff and vendors maintain appropriate safeguards.
• Designating an employee or contractor to coordinate and monitor safeguards.
• Identifying the risks to customer information in each department area of the dealership.
• Implementing, monitoring and testing your safeguards program.
• Evaluating current and prospective vendors for compliance with your plan.
Dealers should also consider buying Data Breach Insurance coverage to help cover the costs of a data security breach.
Data breach prevention starts with your own systems, including your dealer management system/software. If you’re not confident you have the resources on staff to manage all aspects of data security, you should consider leaving it up to the experts. That’s one of the many benefits of true cloud, Software as a Service (SaaS) software architectures. For example, Dominion VUE true cloud-based web DMS utilizes the Microsoft Azure™ Cloud, so elements of data security including encryption, network and infrastructure, and threat defense are managed by the top data security experts in the world. Microsoft reportedly has a staff of 3,500 data security experts and invests $1B annually on data security.
Of course, that doesn’t mean dealers no longer have any responsibility related to data security. But these responsibilities are more manageable and include activity such as proper user access management and controlling the devices dealership staff use to access systems. There are apps that can help with both.
The choice is yours. Get prepared and proactive about data security. Or roll the dice.
Want to learn more about how true cloud software can fit in your data security plans, let us know.READ MORE >