Chicago Automobile Trade Association

NADA urges FTC not to adopt proposed Safeguards Rule changes

September 20, 2019
A series of amendments to the Federal Trade Commission’s Safeguards Rule would add significant cybersecurity duties — and costs — on all financial institutions, including dealerships, the National Automobile Dealers charged Sept. 9.
Since 2003, the Safeguards Rule has required dealers and other financial institutions to develop, implement and maintain a comprehensive written information security program to protect the data obtained from their finance and lease customers. The FTC proposal includes a litany of new requirements such as dual-factor authentication, data encryption and engagement of a chief information security officer.
The NADA said it is concerned about the effect the proposed changes may have on dealers, especially smaller dealers. In comments filed with the FTC, the NADA objected to most of the new requirements as premature, unsupported, expensive and of little cybersecurity benefit for consumers. 
In addition to detailing its concerns, the NADA estimates the average dealer would incur nearly $300,000 in up-front costs plus more than $275,000 annually to comply, if all the proposed requirements ultimately are adopted.
"Data security is of critical importance, and dealers should continue their vital efforts to protect customer information, meet regulatory requirements and earn customers’ trust every day," the NADA said in a statement. "While we have urged the FTC not to adopt these expensive proposed requirements, dealers should continue to work with their IT staff and providers to ensure they are adequately protecting the information they maintain."
Dealers can find more background information and other tools at Questions can be directed to


Copyright © 2010 Chicago Automobile Trade Association. All Rights Reserved.