HOT TOPICS

2017

MEMBERSHIP

DIRECTORY

115

DATA SAFEGUARDS AND IDENTITY THEFT PROTECTION

Identity theft and data breaches continue to be a serious and ongoing issue for

consumers and businesses. According to the U.S. Department

of Justice, “An estimated 17.6 million Americans—about

7% of U.S. residents age 16 or older—were victims of

identity theft in 2014.” That includes the misuse

of credit card data, as well as personal identity

information. In terms of cost, Javelin Strategy &

Research found that $15 billion was stolen in 2015

– bringing the total amount over the past 6 years to

around $112 billion.

TARGETS: SMALL TO MIDSIZE BUSINESSES

Amid this environment, Small to Midsize Businesses (SMB) such as auto dealerships are perfect targets. According

to the Securities and Exchange Commission (SEC), in a 2015 public statement entitled“The Need for Greater Focus

on the Cybersecurity Challenges Facing Small and Midsize Businesses,” SMB cybersecurity incidents increased 48

percent in 2014. What’s more, the statement found that “60 percent of all targeted cyberattacks last year struck

SMBs.” A June 2015 report also revealed that “75 percent of all spear-phishing scams in June were directed at

SMBs, with the very smallest companies—those with 250 employees or fewer—bearing the majority of those

attacks.” The reason why SMBs are targeted? According to the SEC, it’s because they “face precisely the same

threat landscape that confronts larger organizations, but must do so with far fewer resources.”The statement also

suggests that many SMBs lack sufficient in-house expertise to deal with cyberattacks.

THE COST OF A DATA SECURITY BREACH

Should a breach happen, chances are good that it will be expensive to repair. A 2015 study of the “all-in” cost

of a data security breach estimated the cost at $217 per record compromised. (Source: Ponemon Institute). This

included costs for things such as remediation, legal, public relations, forensics, communications, regulatory,

diversion of management and employee time, loss of customers, and expenses to preserve the company’s

name and reputation in the community. Imagine the potential cost to your dealership if a terminated employee

downloaded your CRM database onto a USB drive from his or her office PC before leaving your dealership.

In this chapter, we discuss laws and regulations relating to a dealer’s obligations to safeguard and securely dispose

of customer information, and to verify customer identities. Additionally, the risks to dealers from certain forms of

identity theft are changing dramatically as lenders look to dealers to repurchase contracts – even contracts that

have paid for a period of time – entered into with identity thieves.