FTC Safeguards Rule

The FTC Safeguards Rule requires dealerships and other financial institutions to develop, implement, and maintain a comprehensive information security program. The rule specifies technical safeguards such as encryption, multi-factor authentication, access controls, and the designation of a qualified individual to oversee the program.

Dealers collect significant amounts of non-public personal information during the F&I process, including Social Security numbers, credit data, and bank account information. Failure to comply with the Safeguards Rule can result in FTC enforcement actions and substantial fines.