Compliance without the confusion

Protect Your Dealership. Simplify FTC Safeguards Compliance.

Don't let a data breach put your dealership in the headlines. The FTC Safeguards Rule is now the law for every dealership handling customer financing. Violations mean fines, lawsuits, and personal liability.

Or call (434) 317-6669 to talk to a compliance specialist.

Interior of a modern car dealership showroom
9 FTC requirements, one clear program
60 Days to full compliance

The Real Cost of Non-Compliance

The FTC Safeguards Rule is not optional, and the consequences of ignoring it go far beyond a fine.

$53,088

Per Violation

The FTC can levy civil penalties up to $53,088 per violation, the current 2026 federal maximum.

Personal

Liability for Owners

Owners, GMs, and officers can be held personally liable for compliance failures. Your personal assets are at risk.

Class-Action

Customer Lawsuits

A data breach at a non-compliant dealership opens the door to class-action litigation.

Denied

Cyber Insurance Claims

Carriers increasingly deny claims from businesses that lacked a documented compliance program.

How dealership compliance tightened, 2024 to 2026

These dates are already in effect. Each one widened what applies to dealerships.

  1. May 13, 2024

    Breach notification is live. A notification event involving the unauthorized acquisition of unencrypted information of 500 or more consumers must be reported to the FTC no later than 30 days after you discover it.

    Why you need a written incident response plan
  2. June 2025

    The FTC published its first dealer-specific Safeguards Rule FAQs, spelling out who is covered and where vendor and OEM responsibility sits. The "does this apply to us" question is settled.

    What the FTC answered for dealers
  3. Jan 1 and Jul 1, 2026

    New state privacy laws took effect in Kentucky, Indiana, and Rhode Island on January 1. On July 1, Connecticut's privacy law began applying to dealerships operating there, after the state removed the GLBA exemption that used to keep many dealers out.

    How state privacy laws are closing the GLBA loophole

Is Your Dealership Compliant?

  • Designated a Qualified Individual?
  • Completed a written Risk Assessment?
  • Implemented access controls and encryption?
  • Employee security awareness training?
  • Service provider oversight program?
  • Written Incident Response Plan?
  • Annual report to Board or ownership?

Simple. Fast. Compliant.

Our three-phase process takes you from uncertain to fully compliant in as little as 60 days.

  1. Day 0 Gap Assessment
  2. Days 1 to 45 Build Your Program
  3. Day 60 to 90 Maintain and Report

Gap Assessment

We audit your current practices against all nine FTC Safeguards Rule requirements and deliver a written report identifying every gap.

Build Your Program

We design and implement a complete, written information security program tailored to your dealership: policies, controls, training.

Maintain and Report

Compliance is ongoing. We handle annual risk assessments, continuous monitoring, staff training updates, and the annual report.

The 9 FTC Safeguards Requirements

Every dealership that arranges financing must satisfy all nine requirements. How many does yours currently meet?

  1. 1

    Qualified Individual

    Appoint one employee responsible for coordinating and overseeing your information security program.

  2. 2

    Risk Assessment

    Identify and assess internal and external risks to customer information in each relevant area.

  3. 3

    Safeguards Controls

    Design and implement safeguards to control the risks identified through your assessment.

  4. 4

    Testing and Monitoring

    Regularly test or otherwise monitor the effectiveness of your safeguards' key controls.

  5. 5

    Security Awareness Training

    Provide security awareness training to all staff, including phishing and incident reporting.

  6. 6

    Service Provider Oversight

    Take reasonable steps to select and retain service providers capable of maintaining appropriate safeguards.

  7. 7

    Program Evaluation and Adjustment

    Evaluate and adjust your program in light of testing results, changes, and new risks.

  8. 8

    Incident Response Plan

    Create a written plan for responding to security events that could compromise customer data.

  9. 9

    Annual Reporting to Leadership

    Prepare and present an annual written report on your program to the Board or senior owner.

Find Out Where Your Dealership Stands

Get a no-obligation gap assessment, free for qualifying dealerships. We will show you exactly which of the nine requirements you meet and which need work.

Get Your Free Gap Assessment