Syncing 10,000 leads/mo? GET A DEMO
SIGN UP FOR FREE

A guide to the FTC car dealerships’ new lead generation rules

Marialuisa Aldeghi|
June 19, 2023 |
6 min read

Automotive
ftc car dealerships

To any automotive, motorcycle, RV, and powersports dealership in the country, June 9, 2023 wasn’t just any day in the calendar. It was probably marked in red as the day when everything changed.

According to the FTC Safeguards Rule, auto dealers now have to comply with a new set of guidelines with the aim of better protecting their customers’ personal information from cyber attacks.

This article is a “dealer guide” to the FTC Safeguards Rule, to help you:

  • Learn who is covered by the new regulations;
  • What are the steps to guarantee compliance;
  • What this all entails for auto dealerships;
  • And how you can optimize your automotive lead generation campaigns thanks to LeadsBridge.

What is the FTC Safeguards Rule?

The Federal Trade Commission’s Standards for Safeguarding Customer Information – the Safeguards Rule, for short – is a set of regulations that require financial institutions to develop and implement a comprehensive information security program.

The purpose of the Safeguards Rule is to protect the security, confidentiality, and integrity of customers’ Personally Identifiable Information (PII) from cyberattacks, identity theft, and other forms of fraud.

What businesses fall under the Safeguards Rule? 

The Safeguards Rule applies to all financial institutions that are subject to the FTC’s jurisdiction and that aren’t subject to the enforcement authority of another regulator under section 505 of the Gramm-Leach-Bliley Act

A business can be identified as a “financial institution” if it’s engaged in an activity that is “financial in nature” or is “incidental to such financial activities.”

As listed in Section 314.2(h) of the regulation, here are a few examples of the kinds of entities that are considered financial institutions under the Safeguards Rule:

  • Mortgage lenders
  • Payday lenders
  • Finance companies
  • Mortgage brokers
  • Account servicers
  • Check cashers
  • Wire transferors
  • Collection agencies
  • Credit counselors and other financial advisors
  • Tax preparation firms
  • Non-federally insured credit unions
  • Investment advisors

Considering that buying or leasing a car is one of the biggest financial transactions for many consumers (aside from buying a house), the FTC Safeguards Rule involves auto dealers as well.

Why you should comply with the new FTC car dealerships rules

The main reason why the FTC regulations for auto dealers should be taken very seriously from now on is this number right here: $50,125. This is the maximum amount per incident that the FTC can fine you.

Take a moment to think about how many items of PII (current and past) you and your staff have on your computers, phones, and business systems. This includes driver’s licenses, insurance cards, ID’s, and any other document that has a customer’s name along with additional information about them. 

It may be hundreds, if not thousands. Now take that number and multiply it by $50,125. Considering that each of those PII items counts as an individual incident, that is a lot of money for a dealership owner to have to pay.

Then, how can you avoid that?

FTC regulations for auto dealers: What to do

The new FTC Safeguards Rule requires dealerships to implement an information security program – a set of procedures and guidelines – that they have to follow in order to protect their customers’ information from unauthorized access or data breaches.

According to the FTC car dealerships cybersecurity regulations, “customer information” is “any record containing nonpublic personal information about a customer of a financial institution, whether in paper, electronic, or other form, that is handled or maintained by or on behalf of you or your affiliates.” Basically: Information about your own customers and information about customers of other financial institutions that have provided that data to you.

Your information security program has to be written down, and it must be drafted taking into consideration the size and complexity of your business, the nature and scope of your activities, and the sensitivity of the information you handle. To know exactly what this means for your business, you should consult with your legal advisor.

Here is a set of FTC car dealerships’ guidelines that auto dealers will be required to follow.

Implement access controls

You must implement and periodically review access controls. Meaning, you need to determine who can access customers’ information and how they can access it. For example, your company may require employees to log in with a unique user ID and password, or use an electronic key card system. Once access controls are in place, remember to review them regularly.

Keep an inventory

Know what information you have and where you keep it. You need to have a clear understanding of your company’s information ecosystem. Conduct a periodic inventory of data, noting where it’s collected, stored, or transmitted. Keep an accurate list of all systems, devices, platforms, and personnel.

Encrypt information in transit and at rest

Encryption is a process of transforming comprehensible data into an incomprehensible format. This way, anyone who does not have the key won’t be able to access the information. Out of all the FTC car dealerships rules, this is probably the one that most auto dealers are not prepared for: The end-to-end encryption requirement for everything in transit and at rest over external and internal networks.

Every item of PII that is shared digitally between the consumer and the dealership must be encrypted in transit, which means that from now on – in order to be FTC compliant – sales staff will no longer be able to transfer PII via unencrypted text or email. Additionally, utilizing services that hide your IP can further ensure anonymity and protection online.

Auto dealers will have to resort to alternative solutions like, for example, encrypted email services. Or, they could direct their customers to provide the information via phone call or directly on a website.

Assess your custom apps

If your business has developed custom applications that store, access, or transfer customers’ data, make sure they meet FTC compliance standards for auto dealerships.

Implement MFA

You’re required to implement Multi-Factor Authentication (MFA) to access your business’s applications or customers’ data. In addition to username and password, MFA adds an extra layer of security by requiring users to provide one more authentication factor – which can be a one-time code or biometric characteristics – when logging in.

Dispose of customer information securely

You’re allowed to hold on to certain records no longer than two years after your most recent use of it. After that, you’re required to take secure measures to destroy it.

Anticipate and evaluate changes to your information systems

If you’re planning on changing your information systems – which include new equipment, technology, software, updates, or personnel changes – you have to evaluate how that could affect customer information security, and take measures to make sure you’re still compliant with the new FTC motor vehicle trade regulation rule.

Keep an access log

You’re required to put in place a log system to monitor when authorized users access customers’ data, and to keep an eye on potential unauthorized access.

Please note that these guidelines are not comprehensive. The best way to ensure compliance is to have your legal and compliance teams complete a thorough review of these new FTC regulations.

Automate your dealership’s lead generation with LeadsBridge integrations

With the added complexities of the FTC car dealerships regulations, auto dealers will have to find solutions to help them make their lead generation activities easier and faster.

Thankfully, LeadsBridge offers a number of industry-specific integrations to help auto dealerships share their lead data across their marketing stack safely, automatically, and in real time.

The way it works is very easy: by connecting your martech stack with LeadsBridge’s integrations, whenever a lead fills out a form (either on an advertising platform, or on your website), that lead will be automatically sent to your CRM, email marketing software, autoresponder, or any other marketing tool, in real time.

Check out our most popular integrations for the automotive industry.

{ +ADF/XML (automotive) logo
Streamline your data management process with {“id”:168,”name”:”Webhook”,”logoUri”:”http:\/\/leadsbridge.com\/wp-content\/themes\/leadsbridge\/img\/integration-logos\/logo168.png”,”lgLogoUri”:”http:\/\/leadsbridge.com\/wp-content\/themes\/leadsbridge\/img\/integration-lg-logos\/logo168.png”,”xsLogoUri”:”http:\/\/leadsbridge.com\/wp-content\/themes\/leadsbridge\/img\/integration-xs-logos\/logo168.png”,”slug”:”webhook”,”isSource”:1,”isDestination”:1} and ADF/XML (automotive)

ADF/XML – while being one of the most popular tools for auto dealerships – is under scrutiny  right now because it uses a non-encrypted transfer mechanism which could be vulnerable to interception or unauthorized access.

But don’t fret. ADF/XML also works via HTTPS – which is secure – and via email.

The LeadsBridge integration for ADF/XML via email uses a TLS encryption, which helps make it more compliant to the FTC car dealerships security requirements, as long as the destination system accepts minimum TLS v1.2 encryption standard.

However, if the destination doesn’t accept this kind of encryption, then the ADF/XML standard allows previous TLS versions to be used at reduced security effectiveness. But only when this specific instance occurs.

Facebook Lead Ads logo +Absolute Results logo
Streamline your data management process with Facebook Lead Ads and Absolute Results
JotForm logo +VinSolutions logo
Streamline your data management process with JotForm and VinSolutions
DealerSocket logo +ActiveCampaign logo
Streamline your data management process with DealerSocket and ActiveCampaign
Google Ads lead form extensions logo +elead logo
Streamline your data management process with Google Ads lead form extensions and elead
Facebook Marketplace Ads logo +Velocify logo
Streamline your data management process with Facebook Marketplace Ads and Velocify

Explore all automotive integrations here

Our automated integrations allow you to take immediate action on your newly acquired leads, giving you a huge head start over the competition. Not to mention, they free you from having to manually download and upload data into different platforms, giving you back the time you need to push your leads through the funnel.

The best part? Our integrations are 100% CCPA compliant. Why? Because we never store any of your lead data, we just pass it through across your platforms, which helps you maintain compliance with the new regulations mentioned above.

If you’re looking for some inspiration on how to best advertise your auto dealership, check out these articles below:

Final thoughts

The way auto dealerships are going to approach lead generation from now on is never going to be the same. With the FTC car dealerships new regulations in place, auto dealers will have to be very careful with how they handle their customers’ data. In order to avoid heavy fines – with a maximum of $50,125 per incident – they will have to put in place safety measures to help their businesses guarantee FTC compliance.

Thankfully, LeadsBridge automated integrations can help you share lead data across platforms safely, automatically, and in real time.

Explore all of our automotive integrations here and start automating with LeadsBridge!

Marialuisa Aldeghi

Marialuisa brings a wealth of expertise to the table as an accomplished content writer and creator with years of experience in the B2B digital marketing landscape. After getting her Bachelor’s Degree in Foreign Languages and Literatures in Milan, she got a dual Master’s Degree in Communication in both Italy and the U.S. Her dynamic background has shaped her into a true cosmopolitan spirit with an appetite for adventure. Don't be fooled by her wanderlust though - she enjoys peaceful evenings at home just as much.

Related posts

Vinsolutions crm review

Tools and Integrations

The ultimate VinSolutions CRM review for car dealerships

Automotive is a competitive industry. That’s why dealerships often try to secure a lasting edge in a competitive market.…

Elena Mazaheri|
May 02, 2024 |
4 min read

The ultimate Elead CRM review

Tools and Integrations

The ultimate elead CRM review for car dealerships

CRMs are indispensable tools for any business in the automotive industry. This software is key to a smoother buying…

Elena Mazaheri|
April 25, 2024 |
4 min read

Tools and Integrations

The complete guide to automotive lead management 

Car dealerships and salespeople have their hands full on a daily basis, with leads constantly coming and going.  Automotive lead…

Ana Gotter|
April 24, 2024 |
8 min read

Dealersocket crm review

Tools and Integrations

The complete guide to DealerSocket CRM for car dealerships

From the initial handshake to the final signature, streamline your sales process to enhance transparency and improve reporting. Monitor…

Elena Mazaheri|
April 23, 2024 |
5 min read

Lead acquisition

The complete guide to TikTok advertising (with examples)

TikTok is a video-sharing social networking service that enables users to make short videos, usually fifteen seconds long, in…

Hephzy Asaolu|
April 19, 2024 |
25 min read

Automative lead generation

Lead acquisition

11 Automotive lead generation ideas you can use right now

Leads are everything for car dealerships and auto shops. Without them, it’s impossible to sell any products or keep…

Lizzie Davey|
April 17, 2024 |
7 min read

Try LeadsBridge now!

Sign up
More info