Automotive Digital Marketing

Professional Community for Car Dealers, Marketing, Advertising and Sales Leaders

Loading... Be Patient!

Consumer data privacy concerns are constantly in the news. Growing pressure on lawmakers to do something has resulted in a wave of new consumer privacy legislation being passed in many states.


California has passed the California Consumer Privacy Act (CCPA). A similar law is expected to soon pass in Washington state. Alabama, Louisiana, Colorado, Nebraska, Massachusetts and Ohio have recently added new data security standards to their data breach notification laws. You can bet that other states will follow suit.


These laws require that businesses take “reasonable measures” to secure consumers' personal information, such as names, addresses, social security numbers, credit card numbers, credit scores and bank account numbers.


The definition of "reasonable measures" varies from state to state, but all of these laws highlight the importance of protecting your customer data. For most dealerships, becoming compliant with these laws is likely going to require upgrades to software, hardware and data security equipment, as well as the implementation of new policies and procedures.


Recently, the California Attorney General defined “reasonable measures" as compliance with 20 controls established by the Center for Internet Security. In a nutshell, if your dealership is located in California, you'll be responsible for the following:


1) Inventory and control of hardware assets

2) Inventory and control of software assets

3) Continuous vulnerability management

4) Controlled use of administrative privileges

5) Secure configuration for hardware and software on mobile devices, laptops, workstations and servers

6) Maintenance, monitoring and analysis of audit logs

7) Email and web browser protections

8) Malware defenses

9) Limitation and control of network ports, protocols and services

10) Data recovery capabilities

11) Secure configuration for network devices such as firewalls, routers and switches

12) Boundary defense

13) Data protection; encryption, integrity protection and data loss prevention techniques

14) Controlled access to data based on the need to know

15) Wireless access control

16) Account monitoring and control

17) Implement a security awareness and training program

18) Manage the security life cycle of all web-based or application software

19) Develop and implement an incident response infrastructure and management plan

20) Penetration tests and red team exercises to test strength of defense


Is your dealership taking all of these "reasonable measures" to protect your data from the threat of cyberattacks? If not, you might be subject to fines from your state attorney general's office and/or litigation from consumers.


When it comes to protecting consumer data, dealers can no longer afford to do business as usual. If your state hasn't already updated its data breach notification law or passed a consumer privacy law, it soon will. It's up to every dealer to learn what their state's data security requirements are, and proactively take steps to become compliant.

Views: 25


Oops... You need to stop "Lurking" on ADM and become a more genuine Automotive Professional by completing your membership registration. As a registered ADM Member, you can post comments, publish your own articles (be a star!) and start Forum discussions. Stop being an online "Peeping Tom" and JOIN ADM RIGHT NOW!

Join Automotive Digital Marketing

Automotive Professional Network and Resource Exchange for Car Dealers, Managers, OEM and Marketing Practitioners seeking Best Practices.

ADM Sponsor

William B. Terry
Rated by Super Lawyers

loading ...

ADM Badge


Based On Your Interests...

ADM Consulting, LLC

Onsite/Offsite Combination ADM Consulting, LLC Professional Services
Select the maximum monthly investment you plan to make
Sign up for

Automotive Marketing Tools

Get ADM Toolbar

Click here to take the ADM Member Survey

Getting too many emails from ADM? Click mailbox below to control which types of alerts and updates you are sent......



ADM Professional Services
Phone Consultation
Topic or Issue:

Top Automotive Marketing Forum Discussions

Share the Best Content w/AutoMarketing Community

© 2020   Created by Ralph Paglia.   Powered by

ADM Badges  |  Report an Issue  |  Terms of Service