GLBA is old news, so you may be asking why am I hearing so much about it now?
Let’s address this and a few more Frequently Asked Questions for those who may be wondering why you are suddenly seeing it pop up everywhere.
What is The Gramm-Leach-Bliley Act (GLBA)?
GLBA is a federal law enacted in 1999 and effective in 2003, that requires financial institutions to protect sensitive data and explain to consumers and customer how their data is used.
Why am I hearing so much about it now?
Auto dealerships have been subject to GLBA for years. The answer to that is that the Federal Trade Commission (FTC) revised the GLBA Safeguards Rule in December 2021 in a way that now requires most dealerships to make changes or updates to how they handle customer and consumer data.
When do I have to be in compliance with the updated Safeguards Rule?
June 9, 2023 is the compliance deadline for the GLBA Safeguards Rule.
What do I have to do to be compliant?
The FTC has provided an excellent guide at: https://www.ftc.gov/business-guidance/resources/ftc-safeguards-rule-what-your-business-needs-know
In general (but speak with your legal counsel for details), the Safeguards Rule requires you to:
• Designate a Qualified Individual to oversee your information security program
• Conduct a risk assessment with respect to the security of your data, and also conduct periodic reassessments
• Implement safeguards to control and reduce the risks identified in your risk assessments
• Monitor and test the efficacy of your safeguards
• Provide training to your staff so they can identify and minimize risks to your data security
• Monitor your vendors/service providers with respect to their safeguards
• Stay up to date with your information security program
• Create and implement an incident response plan
• Have your Qualified Individual regularly report back on the status of your information security program to your leadership
Yikes! That’s a lot to do, what if I’m not ready?
Don’t stress. The most important thing is to create a plan and take action on that plan before the deadline.
GLBA compliance is an exercise in continuous improvement. Your information security program should evolve alongside your business and technology needs. Focusing on this improvement will ensure that you are consistently moving closer and closer to the highest standards.
What about Client Command? You’re one of my vendors! Are you ready?
As a Trusted Partner, data security is a top priority at Client Command. Like you, we are continuously improving our Information Security Program to be as robust as possible.
Client Command does many things to protect consumer data and ensure that we are a Trusted Partner with our clients, among them:
• We maintain certifications with many leading automotive DMS and CRM providers.
• We’ve implemented an Information Security Program that is reviewed and updated at least annually.
• We have implemented the Center for Internet Security (CIS) control framework to protect the confidentiality, integrity, and availability of consumer data.
• We engage in cybersecurity, privacy, social engineering, and phishing training for all Client Command employees on a quarterly basis.
• We vet our third-party vendors and service providers against appropriate data security standards.
• We require our vendors and service providers to process consumer data in accordance with our robust Data Processing Agreements.
• We review and update our Data Inventory Maps at least annually.
• We maintain a Cyber Liability Insurance Policy.
Have more questions? Here are a few things you can do!
Understood. We encourage, and even recommend, that you engage with an attorney or data security expert to support your efforts.
And if you have additional questions about what Client Command does to secure data, please reach out to our Qualified Individual at privacy@clientcommand.com
Schedule a demo today.
Give us 15 minutes of your time and we will show you how to engage with real shoppers as soon as they enter the market.
See firsthand:
-
How many people are actively shopping for a vehicle or looking to schedule service right now
-
How to reach them with highly efficient 1:1 marketing
-
How to drive more sales in less time with 27:1 ROI