New York State’s Stop Hacks and Improve Electronic Data Security (SHIELD) Act goes into effect in March 2020, and if your dealership is found to be in violation, you could face up to $250,000 in civil penalties. The pressure is on to prepare for compliance.
It’s not just New York-based businesses that need to be concerned with the SHIELD Act, either. Any business that owns or licenses computerized data containing private information of New York State residents must comply.
If you’re worried about what this means for your dealership, you’re not alone. However, with the right strategy, you can use these policy changes to your advantage in order to gain customer trust, achieve SHIELD Act compliance, and save money in the long term.
Here are 5 tips for making sure your dealership is SHIELD Act compliant:
- Choose a person or team to be in charge of compliance.
Select a person or team (depending on your dealership’s size) to manage the SHIELD Act compliance process for your dealership. If you assign specific responsibilities, it will be easier to track progress, enforce deadlines, and make sure everything is going as planned.
- Don’t go it alone — work with an IT service provider.
When overhauling (or even adjusting) cybersecurity controls and consumer data collection methods, an experienced IT service provider who has done similar projects in the past is your best asset. IT experts can handle a wide variety of issues beyond compliance as well, so you can focus on other important aspects of your business.
- Develop a strategic roadmap for achieving compliance (and stick to it).
Along with your internal project manager and IT service provider, come up with a timeline to follow, taking into account potential setbacks and delays. Make sure your roadmap is realistic and puts you on track to achieve compliance before the deadline — you don’t want to scramble at the last minute.
A good place to start is the Center for Internet Security (CIS) Top 20 Critical Security Controls. Make these security controls a priority on your roadmap, and discuss strategies with your IT service provider to determine appropriate timelines.
- Put yourself in the consumer’s shoes.
The SHIELD Act can feel like another regulatory headache. But when thinking about the law, it’s valuable to see things from the customer’s perspective.
Consumers are increasingly concerned about how their data is managed, especially after several notable data breaches. New York is not the only state to enact new data privacy legislation in the past year, and businesses across the U.S. will likely be making changes to comply with changing laws and consumer expectations.
Knowing about privacy issues provides an opportunity to be proactive; dealerships that successfully cater to consumer demands may end up with a competitive advantage. By being upfront with customers about the collection and storage of their personal information, you can set your dealership apart from the pack.
- Don’t stop where the law does.
It’s a good idea to see the SHIELD Act as a starting point and not the final word on consumer privacy. As things evolve, more provisions or stricter regulations could be coming down the pike.
One notable example is the New York Privacy Act (NYPA), which failed to pass the state legislature in July, but will likely return in a future legislative session. Other data privacy legislation is already in the works in New York.
If you go above and beyond basic compliance now, you’ll have a head start when stricter laws do pass.
By keeping these tips in mind, you can put your dealership on the path to timely compliance.