Cybersecurity Laws Illinois Car Dealerships Must Follow to Avoid Legal Action

As cybercrime rises, more business are being required to meet cybersecurity compliance, and car dealerships are no exception. This guide will explain three cybersecurity laws car dealerships must follow to lower your financial liability if a security breach was to occur.

Enforceable Cybersecurity Laws You Need to Know

  1. The Gramm-Leach-Bliley Act (GLBA): Enforced nationwide by the Federal Trade Commission (FTC).
    1. Regulatory penalties: The FTC and any other regulatory agency can investigate and fine up to $11,000 per violation.
    2. Customer lawsuits: Customers whose data is leaked from a breach of your systems can file a lawsuit for damages.
    3. Criminal charges: If proven institution knowingly violated the GLBA, criminal charges may be filed, resulting in fines and imprisonment for responsible individuals.
  2. The Personal Information Protection Act (PIPA): Enforced by the Illinois State Attorney General.
    1. Regulatory penalties: The Illinois Attorney General can investigate and impose penalties up to $50,000 for each violation.
    2. Customer lawsuits: Like with the GLBA, customers reserve the right to file for damages.
  1. Illinois Personal Information Disclosure Act (PIDA): Enforced by the Illinois State Attorney General.
    1. Notify customers: Car dealerships must notify customers of a data breach and pay for a minimum of one year of credit monitoring.
    2. Notify state: If the data breach includes over five hundred Illinois residents, the car dealership must notify the Attorney General.
    3. Lawsuits: Your customers can file lawsuits against you for not protecting their personal data.

The Biggest Mistake Care Dealerships Make Trying to Meet Compliance

  1. Not approving the entire solution: If IT recommends a solution, and you only allow them to implement part of it, and then you are breached, who is responsible?
  2. Not holding employees accountable to new ways: Compliance is equally about the technology deployed as it is the employees following your standards. You must have proper training and hold staff accountable if business processes are not followed.
  3. Not consolidating IT security vendors: Check out our blog article on the challenges of having too many cybersecurity vendors.

Our Advice for Illinois Car Dealerships Not Knowing Where to Start

  1. Start with the basics: Implement essential cybersecurity practices such as updating your computers, installing endpoint protection software, and backing up your data.
  2. Expand to email protection: Implement an email security solution that protects against spam and phishing attacks. Deploy two-factor authentication and setup security awareness training for your staff.
  3. Perform a security assessment: Identify which employees and computers access sensitive information, confirm if any computers do not meet security standards, and put a plan together to resolve security holes.
  4. Replace legacy hardware and encrypt: Computers running “Windows Home” need upgraded to “Pro”, computers without TPM chips/end of life need replaced and encrypt all computers to protect from physical theft.
  5. Build compliance documentation: Create documents outline your business processes that also meet cybersecurity requirements.

 Conclusion for Illinois Car Dealerships

With cyber threats such as ransomware on the rise, car dealerships are at risk of losing customer trust, financial loss, regulatory fines, and legal lability. It is critical for car dealerships to increase their cybersecurity posture and protect customer data from theft.