Per Violation
The FTC can levy civil penalties up to $53,088 per violation, the current 2026 federal maximum.
Don't let a data breach put your dealership in the headlines. The FTC Safeguards Rule is now the law for every dealership handling customer financing. Violations mean fines, lawsuits, and personal liability.
Or call (434) 317-6669 to talk to a compliance specialist.
The FTC Safeguards Rule is not optional, and the consequences of ignoring it go far beyond a fine.
The FTC can levy civil penalties up to $53,088 per violation, the current 2026 federal maximum.
Owners, GMs, and officers can be held personally liable for compliance failures. Your personal assets are at risk.
A data breach at a non-compliant dealership opens the door to class-action litigation.
Carriers increasingly deny claims from businesses that lacked a documented compliance program.
These dates are already in effect. Each one widened what applies to dealerships.
Breach notification is live. A notification event involving the unauthorized acquisition of unencrypted information of 500 or more consumers must be reported to the FTC no later than 30 days after you discover it.
Why you need a written incident response planThe FTC published its first dealer-specific Safeguards Rule FAQs, spelling out who is covered and where vendor and OEM responsibility sits. The "does this apply to us" question is settled.
What the FTC answered for dealersNew state privacy laws took effect in Kentucky, Indiana, and Rhode Island on January 1. On July 1, Connecticut's privacy law began applying to dealerships operating there, after the state removed the GLBA exemption that used to keep many dealers out.
How state privacy laws are closing the GLBA loopholeSimple. Fast. Compliant.
We audit your current practices against all nine FTC Safeguards Rule requirements and deliver a written report identifying every gap.
We design and implement a complete, written information security program tailored to your dealership: policies, controls, training.
Compliance is ongoing. We handle annual risk assessments, continuous monitoring, staff training updates, and the annual report.
Every dealership that arranges financing must satisfy all nine requirements. How many does yours currently meet?
Appoint one employee responsible for coordinating and overseeing your information security program.
Identify and assess internal and external risks to customer information in each relevant area.
Design and implement safeguards to control the risks identified through your assessment.
Regularly test or otherwise monitor the effectiveness of your safeguards' key controls.
Provide security awareness training to all staff, including phishing and incident reporting.
Take reasonable steps to select and retain service providers capable of maintaining appropriate safeguards.
Evaluate and adjust your program in light of testing results, changes, and new risks.
Create a written plan for responding to security events that could compromise customer data.
Prepare and present an annual written report on your program to the Board or senior owner.
Get a no-obligation gap assessment, free for qualifying dealerships. We will show you exactly which of the nine requirements you meet and which need work.