FTC Safeguard Rule

The Federal Trade Commission (FTC) has issued a Safeguard Rule for automotive dealers. It is meant to ensure the security and confidentiality of customer records and information; protect against any anticipated threats or hazards to the security or integrity of such records, and protect against unauthorized access to such records or information that could result in substantial harm or inconvenience to any customer. Following are a select list of suggestions from the Safeguard Rule on how to maintain security throughout the lifecycle of customer information and an explanation of how Oplogic ensures that your dealership complies with these particular Safeguard Rules.

Only authorized employees [should] have access to the data and records should be stored in a secure area. Our solution:

A password or biometric fingerprint is required to access customer data in the Oplogic system. In addition, the Oplogic system only allows access to certain data for different managers and salespeople. Salespeople only have access to their customer’s data, and never have access to extremely sensitive information, such as credit report results and scores. Data is kept secure through an off-site server and 128bit encrypted in the transfer. All data is stored and accessed in compliance with the GLB Act. Oplogic’s system never stores information on other computers and no information is required to be printed on paper.

Additional Recommendations:

  • If paper records are printed and kept, they must be stored in a room, cabinet, or other locked container where only authorized employees have access.
  • Do not store sensitive customer data on a machine without passwords or with an insecure Internet connection.

Secure data transmission must be provided with clear and simple security tools when collecting or transmitting customer information.

A Secure Sockets Layer (SSL) is used in the Oplogic system so that information is encrypted in transit. All encryption and security is integrated directly into all Oplogic tools.

Dispose of customer information in a secure manner. Our solution:

All data is stored indefinitely and in full compliance with the law. Credit applications are maintained securely for the minimum five years designated by the FACT ACT. However, in the event that data is requested for deletion, all data is securely purged from the system.

Additional Recommendations:

  • If customer records are kept on paper, the information must be shredded under the supervision of a designated manager; promptly dispose of outdated customer information.
  • Erase all data when disposing of computers, diskettes, magnetic tapes, hard drives or any other electronic media that contain customer information
  • Maintain close inventory of all computers, and dispose of any outdated customer information

Maintain secure backup media and keep archive data secure. Our solution:

All data is securely and redundantly archived for disaster recovery. Databases are stored on RAID striped storage servers and tape backups are performed regularly on off-site locations.

Additional Recommendations:

  • Any data not stored inherently by Oplogic should be forced into strict and secure backup procedures as recommended by the Safeguard Rule.

Additional Information can be found at these online resources: