Additional resources
The sources to the left have additional information about
industry standards, data security practices, and data security laws and regulations
Mission: The goal of the STAR (Standards for Technology in Automotive Retail)
Group is to use voluntary information technology (IT) standards as
a catalyst in fulfilling the business information needs of dealers
and manufacturers while reducing the time and effort previously
required to support this activity.
STAR has created Dealer
Infrastructure Guidelines as well as standards for automotive
transactions between dealers, manufacturers and dealer's IT
suppliers.
The GLBA Compliance Tool is an online assessment of a dealership's compliance with
the Gramm-Leach-Bliley Act. The tool has been broken down into 5 different
categories: Formal Documented Risk Assessment, Information Security Program, Vendor Relationship Assessment,
Technical Security Management, and Annual Audit and Update.
Within each category you will find a summary of the various safeguards concerning today’s dealerships. Once you
complete each section, the GLBA Compliance tool will review your answers and provide you with a final report showing
your overall risk assessment rating.
This NADA Management Education publication was designed
to help dealers understand and comply with the FTC requirements.
Written by NADA attorney Paul Metrey and Hudson Cook attorney
Michael Benoit.
The FTC rule that came from the Gramm-Leach-Bliley Act. The
rule establishes standards relating to administrative, technical and
physical information safeguards.
The standards are
intended to: ensure the security and
confidentiality of customer records and
information; protect against any
anticipated threats or hazards to the
security or integrity of such records; and
protect against unauthorized access to
or use of such records or information
that could result in substantial harm or
inconvenience to any customer. (You'll need the Adobe Reader
product to read and print it. You can
download
Adobe Reader for free from Adobe's web site.)
California, as well as other states, has enacted
legislation that requires
businesses that maintain personal data on California
residents to disclose security breaches that result in
unauthorized access to unencrypted personal data. The law
pertains to any organization, whether based in California or
in other parts of the country. Personal information includes
an individual's name along with their Social Security
number, driver's license number, state identification
number, or credit or debit card numbers with security codes.
Sandi Jerome has created a number of training manuals that can assist a dealer
in extracting data from their Reynolds or ADP systems. She has also created a training
program for complying with the
Safeguards Rule.
The FTC put together a set of frequently asked
questions (and their answers) about the privacy laws for auto
dealers. This is an easy to read practical guide.
(You'll need the Adobe Reader product to read and print it.
You can
download
Adobe Reader for free from Adobe's web site.)