F&I and Showroom, August 2019
www fi magazine com 20 F I and Showroom August 2019 COMPLIANCE F Federal regulations like hurricanes can have costly consequences And like hurricanes they can be seen from a long way if you know where to look In the case of hurricanes we can follow their progress on Wunderground com In the case of federal regulations we consult the Federal Register specifically the April 4 2019 edition 84 FR 13158 for those who wish to dig deeper at home That edition contained the Federal Trade Commissions Notice of Proposed Rulemaking with respect to the Safeguards Rule The proposed revisions to the Safeguards Rule are extensive and as this articles title suggests potentially expensive Its hard to believe but the original Safeguards Rule was less than three pages long Its proposed expansion would push it to almost 14 pages And within that expanded heft are a number of changes that will hit dealerships hard and make the original version look like a friendly little puppy Covered entities and that explicitly includes most automobile dealerships must designate a chief information security officer or CISO Designating an employee isnt necessarily hard But actually having a qualified employee already on the payroll may prove to be problematical In the alternative the CISO may be an outside service provider but a senior manager at the dealership must oversee that service provider and the service provider must run an information security program that satisfies the FTCs rule Lets consider the cost impact of those two approaches INSOURCE VS OUTSOURCE While it is easy to say Abracadabra and designate Bill from Parts as your new CISO that probably wont cut it Bill would need to be educated and experienced enough to credibly take on the duties of a CISO and those are significant Put another way anyone qualified to be a CISO probably wouldnt be working at a dealership in a nontechnical role anyway This fact will inevitably lead dealers to choose between hiring a full time CISO or engaging an outside resource as a service provider in that role How much does an in house CISO cost According to people in the computer security industry Ive spoken to 100000 to 150000 is a reasonable range For a single point dealer that is a tall order The other option is to hire an outside contractor to perform the CISO duties These people do not come cheap My sources say one can expect to pay 4000 The Price of Compliance Is Going Up Recent revisions to the federal Safeguards Rule cement the need for a compliance officer in every dealership Whether their duties are performed by an employee or outsourced satisfying the new requirement is going to cost your store thousands of dollars per month BY JIM GANTHER GETTYIMAGES COM WEERAPATKIATDUMRONG Sorry
You must have JavaScript enabled to view digital editions.
