The recent CDK breach has created significant challenges for dealerships across the country, including those in Colorado. With numerous companies offering various solutions and advice, it is essential for dealerships to stay focused on their compliance obligations at both the federal and state levels. Here is a summary of the key points you need to know.
Federal and State Compliance Requirements
In Colorado, the Colorado Privacy Act provides an exemption for dealerships that comply with federal requirements, specifically the Gramm-Leach-Bliley Act and the FTC Safeguards Rule. In short, if a dealership meets federal compliance standards, it also fulfills state requirements. However, failure to comply with the Gramm-Leach-Bliley Act could result in additional penalties from Colorado on top of any federal fines or actions.
Federal Notification Requirements
Federal regulations require that the Federal Trade Commission (FTC) be notified of a breach as soon as possible, but no later than 30 days after discovering that consumer data has been compromised. It is important to note that only the dealers themselves or the investigating authority, such as CDK, can make this notification. Since CDK has yet to make this notification, the dealer’s obligation to inform the FTC has not been triggered.
What’s Next?
According to the National Automobile Dealers Association (NADA), CDK plans to file a consolidated breach notice with the FTC if it determines that the dealer notification requirement has been met. While this does not imply any admission of wrongdoing, it suggests that an announcement may be forthcoming.
Recommended Actions
Dealers are advised to stay in close contact with their CDK representatives for updates and further guidance. Remaining proactive and informed will help ensure compliance with all necessary requirements and enable dealerships to navigate the situation effectively.
Impact on Colorado Auto Dealers
To learn more about compliance tasks, watch the video below where Matthew Groves, President and CEO of the Colorado Auto Dealers Association, explains the impact and the steps dealers need to take in detail.
Stay Informed with CADA’s Email Newsletter
Dealers are encouraged to stay updated by subscribing to CADA’s email newsletter. This newsletter is a valuable resource for the latest legislative developments, industry updates, trends, and more within the Colorado vehicle industry. It provides essential news directly to subscribers’ inboxes, helping them stay connected with CADA’s initiatives and advancements.
By subscribing, dealers can avoid missing crucial updates on issues such as cybersecurity breaches and other significant changes that may impact their dealerships. Staying informed will help businesses remain compliant and continue to thrive.
About The Colorado Auto Dealers Association (CADA)
Founded in 1933 and officially incorporated in 1938, the Colorado Automobile Dealers Association (CADA) began as a collective effort by dealers to contest a federal excise tax. Today, CADA is a dynamic trade association dedicated to advocating for the interests of Colorado’s auto dealers. It addresses legislative, regulatory, and operational challenges, ensuring that the state’s automotive sector and driving public are well-represented and supported.
CADA keeps dealers well-informed through various channels, including our publications, such as Above the Fold, the Bulletin, and our LinkedIn updates. CADA also provides essential resources to help dealers understand new legislation and industry trends, especially after the legislative session concludes each May.