By Nick Reed and David Cantor-Adams
What to Expect After the FTC Safeguards June 9th Deadline
Since the extension of the FTC Safeguards was announced nearly six months ago, the FTC has gone silent. As the Safeguards June 9th extension deadline looms, many are wondering what the significance is and what is next for the FTC Safeguards. While the auto dealer industry patiently awaits an official release from the FTC, here are some scenarios that could play out.
Expanding Scope
The FTC has been slowly expanding the scope of enforcement over non-banking financial institutions. Particularly since 2019, with the release of the expanded rule set for public comment. As dealers move into the digital world and cybercrime continues to rise, the scope of the FTC Safeguards will change in parallel. This could mean an expansion of the rule is applied to non-banking financial institutions. The FTC has already revised requirements once, breaking up the scope across two deadlines. It is conceivable that additional changes to the Safeguards will take the form of revised and supplemental requirements. An expanded scope is not an unreasonable assumption considering that in 2022, the FTC greatly broadened its authority to enforce Section 5 of the FTC Act, which prohibits unfair and deceptive practices.\
Enforcement Action
The FTC has a history of making examples of large organizations with landmark cases. With such a wide area of jurisdiction, the FTC’s resources are limited, so their strategy is to make examples out of industry leaders. This tactic has previously been exhibited by the FTC under Section 5 of the FTC Act. In 2019, Facebook became the example for violating a previous FTC order calling out their unfair and deceptive business practices. Facebook was hit with an unprecedented $5 billion fine by the FTC. Enforcing compliance with high-profile cases that make a big statement is a trend that could well be expected in future enforcement of the Safeguards.
Self-Assessment
At the moment, FTC Safeguards compliance is a self-assessment process, and there is no indication from the FTC that this is set to change. However, it is worth noting the Department of Defense’s (DoD) recent move away from the self-assessment process. The DoD has introduced auditing to enforce the compliance of its contractors’ data security practices. As the federal government has learned from previous self-assessment initiatives, it is incredibly unreliable. Some organizations will take advantage of lax reporting, leading to lapses in security that will ultimately harm the customer. Will the FTC follow in the DoD’s footsteps? It is too soon to tell, but OCD Tech will continue to monitor the requirements and keep you informed of any changes that affect your business.
We are available to answer any questions or concerns you may have. Contact our experts!
