CDK Breach:
Updates for Colorado Car Dealers
July 3, 2024
Recent news has highlighted the CDK breach, which is causing issues for dealerships nationwide, including in Colorado. With numerous companies offering solutions and advice during this outage, it is crucial for dealerships to focus on their compliance obligations at both the federal and state levels. Here is a summary of what is important to know.
Federal and State Compliance Requirements
In Colorado, the Colorado Privacy Act offers an exemption for dealerships that adhere to federal requirements, specifically the Gramm-Leach-Bliley Act and the FTC Safeguards Rule. In essence, compliance with federal requirements also ensures compliance at the state level. However, if a dealership fails to meet Gramm-Leach-Bliley requirements, Colorado could impose additional penalties on top of any federal fines or actions.
Federal Notification Requirements
Federal regulations require that the FTC be notified of a breach as soon as possible, but no later than 30 days after discovering that consumer data has been compromised. It is important to note that only the dealers themselves or the investigating authority, such as CDK, can make this notification. As CDK has not yet made this notification, the dealer’s obligation to inform the FTC has not yet been triggered.
What’s Next?
According to NADA, CDK intends to file a consolidated breach notice with the FTC if it determines that the dealer notification requirement has been met. While this does not imply any admission of wrongdoing, it suggests that an announcement may be forthcoming.
Recommended Actions
Dealers are advised to stay in close contact with their CDK representatives for updates and further guidance. Being proactive and informed will help ensure compliance with all necessary requirements and effectively navigate the situation.
Impact on Colorado Auto Dealers
To learn more about compliance tasks, watch the video below where Matthew Groves explains the impact and what Dealers need to do in detail:
