2. Draft a written security plan that states how you handle non-public information.
3. Train every employee on handling non-public information.
4. Have employees and vendors sign confidentially agreements.
5. Draft a checklist that includes a quarterly audit to see how you are doing following your security plan.
While these steps won’t ensure compliance because compliance still has to be executed on a daily basis, they will put you on the right path.
Identity theft in businesses keeps gaining momentum. In 2002, 70 percent of identity-theft-related crimes stemmed from one-on-one attacks like dumpster diving or e-mail scams like phishing. A recent statistic indicated 70 percent of identity-theft-related crimes are now coming from a work environment due to either careless or corrupt employees. That is a significant shift. The reason for this shift is that identity thieves know that if they can get access to your customer records, they get a lot more bang for the buck. This means that you can no longer take chances with non-compliance.
Customers are getting smarter, too. There have been documented cases of “customers” sniffing around the dealership in hope of finding deal jackets, a driver license or other personal information out in the open. Other customers are looking for an opportunity to sue you and your dealership, and it is a game they can win if you are not legally prepared.
If you have a data breach and a customer suffers losses (or even worse, if multiple customers suffer losses), you can be held responsible for those damages along with federal and state fines. USA Today reports, “The average damages to victims of identity theft are over $92,000.” If you are going to take chances like that, you’ll need more than lady luck on your side. That’s why you need a solid data security plan.
Have you ever heard the expression, “house rules?” In the game of compliance, the FTC is the “house.” If you have to gamble, go to your favorite casino, but please don’t gamble with your dealership. You will lose. The FTC is serious about dealer compliance. Contact your attorney today, and make certain you have what you need in place to protect your customers, your employees and your dealership. If you do, the odds are stacked in your favor.
Vol 5, Issue 8