Auto dealerships are now required to plan, implement, and maintain an Information Security Program to increase the private data security of individuals. Avoiding mishandling consumer data is the driving force behind this program. The Gramm Leach Bliley Act (GLBA) 15 U.S.C. § 6805, which calls for this, was designed to protect non-public consumer information collected and maintained by financial institutions. GLBA was implemented in 2003 and extended to auto dealerships in 2021.
Dealerships must implement technical controls, administrative safeguards, and physical access controls as part of the GLBA program.
Basic GLBA Requirements for Auto Dealerships
Some of the basic requirements include the following:
- Design, management, and maintenance of the security program must be completed by a designated employee
- Conduct a risk assessment
- Implement security controls identified in the risk assessment, including multi-factor authentication
What this means for Auto Dealerships
The time and financial commitments associated with GLBA, are high for dealerships. As per the National Automobile Dealership Association (NADA), the compliance cost of catering to GLBA requirements can surpass an average of $276,900 per annum.
Auto dealerships must implement specific data security measures and technical controls to safeguard data. Dealerships will be held accountable for maintaining this new level of security for consumer information, meaning controls must be regularly reviewed. Knowing what data a dealership has, along with the storage and disposal of that data, takes high precedence. On the employee side, dealerships must provide training and deploy multi-factor authentication.
How GadellNet Helps Auto Dealerships Navigate GLBA
These requirements can be a lot to take on while trying to conduct business and keep all day-to-day management plates in the air. GadellNet assists dealerships to ensure our partners take the proper steps to meet compliance. We help speed up the process of achieving compliance and ensure your investment is making an impact.
GadellNet provides the following:
- Technology Audits
- Risk Assessments
- Employee Security Awareness Training
- Phishing Simulation Testing
- Internal and external security scans
- Policy Writing
- Incident Response Plans
- Business Continuity Plans
- Disaster Recovery Plans
- Security Control Planning
- Multi-Factor Authentication
- SIEM (Security Information and Event Management)
- Endpoint Detection and Response
GadellNet is here to help you navigate this process and serve as a technical expert. To learn more about how GadellNet can help you through this process, please reach out to your account manager or our sales team at firstname.lastname@example.org.