New Gramm-Leach-Bliley Act cybersecurity rules: How car dealers can prepare
The cost to implement compliance program for the Gramm-Leach-Bliley Act is dependent on the network size and cybersecurity maturity level of each dealership. For the smaller “do it yourself” dealerships, investment costs will be more substantial.
In general, to become compliant, dealerships will need to budget for a security officer, security network/technology, ongoing penetration testing, ongoing risk assessments, employee training and ongoing act audit/compliance reporting. As with any compliance program, building compliance capability internally can be a very expensive endeavor. Most dealerships would benefit from outsourcing this service to a company that specializes in compliance with the act.
While these changes might seem expensive they pale in comparison with the size of the fines potential violators could incur — up to $100,000 per violation, with potential additional fines for responsible management. New cybersecurity technologies also have the potential to benefit dealership management and staff every day, beyond just meeting federal regulations — business data will be more secure and a connected, protected system will enable work to be more efficient.
While all auto dealers have their customers’ best interest at heart, the Gramm-Leach-Bliley Act is throwing a spotlight on cybersecurity issues that many dealership owners are not aware of nor in a position to address. What’s more, the act is providing a deadline to make changes. The good news is that the data protection techniques described here can help dealers to both meet the requirements of the act and offer dramatically better protection of their customers’ data.