Cyberattacks and data breaches are on the rise within the financial services industry, resulting in significant harm to consumers. In response to the increase, the Federal Trade Commission (FTC) recently amended the federal Standards for Safeguarding Customer Information (Safeguards Rule) under the Gramm-Leach-Bliley Act (GLBA). The updates put pressure on financial institutions, including auto finance providers, to develop, implement, and maintain a comprehensive security system to keep their customers’ information safe.
To provide a bit of background, the Gramm-Leach-Bliley Act of 1999 is a federal law enacted to control how financial institutions deal with customers’ private information. The FTC adopted the Safeguards Rule in 2003 to encourage financial institutions under their jurisdiction to develop a written information security plan tailored to the institution’s size, operations, complexity, and information sensitivity. The FTC’s recent amendments are the first changes to the Safeguards Rule in almost 20 years, and will require auto finance providers to shore up their data security practices and infrastructure to meet enhanced scrutiny.
These new requirements, which went into effect on January 10, 2022, are increasingly mission-critical in a market environment where more automotive business processes are digital, remote, and contactless. Auto finance providers will have until January 10, 2023, to review their operations and ensure compliance with the amended Safeguards Rule.
Auto finance providers should put the one year of prep time to good use. Unlike previous rules and guidance that were more general, the FTC’s new Safeguards Rule outlines precise criteria for protecting consumer financial information. For example, the amended rule addresses encryption requirements for customer information in transit over external networks and at rest on your servers or cloud infrastructure. While data encryption can be operationally challenging and costly, the FTC noted that encryption for data at rest is “now cheaper, more flexible, and easier than before.” The good news is that auto lenders are not required to encrypt data transmitted internally.
As auto finance providers know, keeping customer data and digital loan documents protected is about much more than confidentiality. With such stringent requirements, auto finance providers need technology that ensures compliance with the GLBA Safeguards Rule and delivers Digital Asset Certainty with their lending transactions. Only available from Wolters Kluwer eOriginal, Digital Asset Certainty guarantees the highest level of enforceability. This gives auto finance providers assurance that their digital loan documents containing customer information are encrypted, compliant, and meet all legal requirements and industry best practices.
Digital Asset Certainty creates an immutable, authoritative “Digital Original” that ensures data integrity and provides a tamper-proof chain of custody, making everything that has happened to the digital asset known. Digital Asset Certainty also enables digital loans to be legally enforceable under the Uniform Electronic Transactions Act (UETA), the Electronic Signatures in Global and National Commerce Act (ESIGN), and the Uniform Commercial Code Section 9-105, including all Safe Harbor provisions.
In an already highly regulated space, auto finance providers must remain agile and responsive to evolving standards for data protection and privacy practices.
The right technology partner can help you manage long-term FTC compliance while future-proofing your customer data and digitized assets from unforeseen threats.Speak to a product specialist to see how Wolters Kluwer’s eOriginal Digital Asset Certainty can help you minimize risk and maximize data integrity.