The Facts

• The Gramm-Leach-Bliley Act (“GLBA”) is a federal law that applies to businesses that handle consumer information relating to financial services  
• GLBA was amended in October 2021, and as of December 9, 2022 auto dealerships are required to meet all its heightened information security requirements
• There are 2 rules under GLBA that apply to your information management practices  

1. The Safeguards Rule
2. The Privacy Rule

As the industry’s first cloud-native solutions provider, Tekion has embraced innovative information security best practices from its very beginning, and we continue to lead the way in protecting customer information.  

We’re already helping you with your checklist!

Designate an individual who has ultimate responsibility for the implementation and maintenance of the dealer’s Information Security Program

• The FTC expressly permits you to rely on the expertise of service providers like Tekion to manage the information security heavy lifting you are required to apply to your customer information.  

Develop, implement, and maintain a written Information Security Program

• The data you store within Tekion is already protected by our refined and professionally managed information security program.  

Provide Multi-Factor Authentication on all systems that access PII (Personally Identifiable Information)

• Tekion requires multi-factor authentication ("MFA") in its own operations, and enables MFA in your instance(s) of our products by default.

Perform, and periodically review, a comprehensive information security risk assessment

• Tekion's robust information security program includes requirements for periodic comprehensive review of its security landscape.

Periodic penetration testing and vulnerability scanning  

• Tekion engages in this practice using robust, industry-leading tools.

Implement Change Management policies and procedures  

• Tekion locks down its production code base and maintains intricate emergency deployment procedures designed for optimal responsiveness and security.  

Exercise due diligence in selecting your service providers that have access to customer information, and require that they comply with the Safeguards Rule  

• Tekion’s standard contract language includes our commitment to you that we meet the required elements of the Safeguards Rule. Additionally, we require the same contractual commitments from our own service providers.

Maintain a data retention policy

• This can be easily automated with Tekion’s cloud-native, configurable solutions.

Develop a plan to respond to, and recover from, security events affecting customer information  

• Tekion’s incident response plans are comprehensive, sophisticated, and inclusive of all the Safeguards Rule concerns.

*Tekion furnishes this information to you as a general descriptive summary of certain features of Tekion products in relation to the Gramm-Leach-Bliley Act. The contents of this informational guide do not constitute legal advice. For specific guidance on your compliance obligations under GLBA, consult your legal counsel. You are responsible for your compliance with relevant regulations, including GLBA. Tekion's obligations relating to regulatory compliance are set forth in the Master Subscription Agreement.