CATA News

Gabrielle Abinion of Fox Valley Volkswagen and Carly Weck or Elgin Kia were selected by Automotive News for the 2024 40 Under 40 class. Now in its 13th year, the 40 Under 40 class is comprised of a group of talented and dedicated leaders blazing paths in automotive retail. This year’s class features honorees who have grown up in the industry and those who found a career in automotive retail later in life. Their accomplishments are many. The CATA salutes Gabrielle and Carly and all honorees

Gabrielle Abinion, 33

General manager, Fox Valley Volkswagen

Carly Weck, 33

Finance manager, Elgin Kia

This past Saturday, the Chicago Automobile Trade again partnered with the USO to host the 11th annual BBQ for the Troops fundraisers. More than 60 local new-car dealerships rallied their communities to host fundraising events which featured everything from patriotic ceremonies, classic car shows, live music, games for kids of all ages and, of course, barbecues.

To date, this year’s fundraiser has brought in more than $10,000 for the USO but we’re not done yet! Online fundraising efforts will continue throughout the month of July. Additionally, participating dealers will be making a donation for every test drive in the month of July. Since the program’s inception, CATA dealers have rallied to raise more than $1.1 million to support USO programs and services with more than 600 fundraisers taking place.

“Supporting the USO and local service members and their families is a cause everyone can rally around, and what better organization to drive the effort than the local new-car dealers who are already pillars of their communities,” said Jason Roberts, Chicago Automobile Trade Association chairman. “What the dealers have been able to achieve over the last ten years of this program is incredible and we are grateful to everyone who has contributed to this collective fundraising effort that is so crucial to support our troops.”

“The support of service members’ hometown communities and local new-car dealerships has allowed the USO to positively impact more than 300,000 service members and their families annually through hundreds of programs and services as well as our USO Centers across Illinois,” said Christopher Schmidt, USO Executive Director. “Neighbors helping neighbors through initiatives like BBQ for the Troops makes communities even stronger and joining your local dealership for their BBQ in July is a great way to get involved!”

“From the USO and all those who serve our nation, we thank all of the participating dealers and their communities for the generous support,” Schmidt continued.

For more information and to make a donation, visit https://www.cata.info/2024-BBQ-for-the-Troops.

Key Trends in Chicago Area Market

Download Chicago Auto Outlook - Q2 2024 (login req.)

The U.S. Federal Trade Commission (FTC) approved a rule banning most noncompete clauses. The effective date of the rule is September 4, 2024. As SESCO reported, a lawsuit was filed and the Plaintiff, Ryan LLC and later joined by the U.S. Chamber of Commerce, won the case. The Northern District Court of Texas blocked the FTC from enforcing the noncompete rule for Ryan LLC and the U.S. Chamber of Commerce. The court refused to issue a nationwide ban.

Given this result, as well as recent Supreme Court Rulings limiting Federal Agencies’ independence, SESCO does foresee continued challenges on the FTC’s noncompete rule between now and September 4th. SESCO will monitor developments and keep clients and subscribers informed.

As a refresher, the FTC’s rule on noncompete agreements includes:

For now, the noncompete ban remains scheduled to take effect on September 4, 2024, with respect to all covered employers other than Ryan LLC and the U.S. Chamber of Commerce.

If employers have any questions or concerns, we recommend they contact us to ensure compliance. For assistance, contact us at 423-764-4127 or by email at sesco@sescomgt.com.

[From NADA] On April 23, 2024, the DOL published a final rule that raises the minimum annual salary threshold to classify an employee as exempt from overtime rules under the Fair Labor Standards Act (FLSA) from $35,668 to $43,888 as of July 1, 2024. A more dramatic change will take place on January 1, 2025, when the annual salary threshold rises to $58,656.

	Current	Jul. 1, 2024	Jan. 1, 2025
Minimum Annual Exempt Salary	$35,568	$43,888	$58,656
Highly Compensated Employee Salary	$107,432	$132,964	$151,154

The new rule may require dealers to reclassify some exempt employees as non-exempt and require justification for classifying some employees as non-exempt. Required adjustments need to be made as of the pay period beginning July 1, 2024.

• After June 1, 2024 all employees with a salary under $43,888 per year must be reclassified as non-exempt, and therefore receive overtime pay. This threshold jumps to $58,656 on January 1, 2025.
• Employers may use nondiscretionary bonuses and incentive payments (including commissions) that are paid on an annual or more frequent basis to satisfy up to 10% of the standard salary level. Existing exemptions for salesmen, partsmen and mechanics primarily engaged in selling or servicing automobiles remain unchanged.
• See NADA’s previous compliance alert (login req.) for more details about the final rule, including the highly compensated employee threshold.

In 2016, a federal court stayed President Obama’s attempt to dramatically increase salary thresholds and ultimately struck it down. The new rule may ultimately succumb to the same fate as it has been challenged in courts in Texas—with one court enjoining the rule as it applies to employees of the Texas state government and another court denying the request for an injunction.

[From NADA] In the aftermath of the CDK cyber incident, the Internal Revenue Service (IRS) has issued a reminder to auto dealers to be on the lookout for any new phishing scam attempts.   

Fraudsters and identity thieves attempt to trick the recipient into clicking a suspicious link, filling out personal and financial information or downloading a malware file onto their computer. Scammers are relentless in their attempts to obtain sensitive financial and personal information, and impersonating the IRS remains a favorite tactic. The IRS urges auto dealerships to be extra cautious about unsolicited messages and avoid clicking any links in an unsolicited email or text if they are uncertain.

Businesses should remain alert for targeted email and text scams aimed to disrupt their computer systems. These messages arrive in the form of unsolicited texts or emails to lure unsuspecting victims to provide valuable information that can lead to identity theft or malicious malware installed on computer systems.

In some cases, phishing emails appear to come from a legitimate sender or organization that has had their email account credentials stolen. Setting up two-factor or multi-factor authentication with their email provider will reduce the risk of individuals having their email account compromised.

Individuals and businesses should verify the identity of the sender by using another communication method, for instance, calling a number they independently know to be accurate, not the number provided in the email or text.

What to do:

Read the full release of the IRS’ reminder to auto dealers about protection against scamming.

Given the recent spike in daily temperatures, the CATA wanted to make dealers aware of a proposed U.S. Occupational Safety and Health Administration (OSHA) proposed national heat illness and injury prevention standard.

The proposed rule would require employers to develop a heat injury and illness prevention plan (HIIPP) with input from nonmanagerial employees that contains site-specific information to control heat hazards. The HIIPP must be in writing for employers with more than ten employees and must be made available to employees in a language that each employee, supervisor, and heat safety coordinator understands. Employers will need to re-evaluate the plan whenever a recordable heat-related illness or injury occurs and at least annually.

 The fundamental elements of the proposed rule, which include components addressing rest, water, shade, and acclimatization, are nothing surprising as they are abatement strategies historically recommended by OSHA in prior guidance. However, the proposed standard includes an initial heat trigger with a heat index of 80 degrees Fahrenheit, at which employers must provide drinking water that is suitably cool, break areas with cooling measures, and implement an acclimatization protocol for new or returning employees. The high heat trigger of 90 degrees requires employers to provide employees with a minimum 15-minute paid rest break at least every two hours and a hazard alert reminding employees to drink water and take breaks, among other things.

The proposed standard also requires significant recordkeeping and other administrative obligations. These include requiring employers to:

OSHA will accept comments on its proposal for 120 days following publication in the Federal Register.

Notwithstanding the public comment period, there is no doubt that the proposed rule will face legal challenges particularly in light of the recent U.S. Supreme Court case eliminating deference to federal agencies.

The FCC announced it will vote on final rules that will improve transportation safety and mobility by integrating advanced communications technologies into vehicles and infrastructure. The rules would allow in-vehicle and roadside units to operate cellular-vehicle-to-everything (C-V2X) technology in the 5.9 GHz spectrum dedicated to Intelligent Transportation Systems (ITS).

 “The evolution of the 5.9 GHz band advances new car safety technologies in an efficient and effective way while also growing our wireless economy,” said Chairwoman Rosenworcel. “This is sound spectrum management at work.”

 C-V2X technology provides direct communications between vehicles, roadside infrastructure, and other road users such as cyclists, pedestrians, and road workers to facilitate, among other things, non-line-of-sight awareness, notice of changing driving conditions, and automated driving.

FCC Chairwoman Jessica Rosenworcel worked for nearly a decade in a bipartisan push to reconsider the best use of the 5.9 GHz band that had long been designated for automobile safety technology but had made little progress toward deployment. These efforts resulted in new rules for the automotive industry that move away from dated technology to the more advanced C-V2X automobile safety technology while also freeing up additional spectrum for unlicensed use, such as Wi-Fi.

The Report and Order circulated by the Chairwoman would, if adopted, promote efficient use of 30 megahertz of spectrum dedicated for ITS in the 5.9 GHz band as well as provide substantial safety benefits to the American public. It would codify C-V2X technical parameters in the Commission’s rules, including power and emission limits and message prioritization. The rules would provide flexibility for the auto industry to use three 10-megahertz channels either separately, in combination as a 20 megahertz channel or as a single 30-megahertz channel. The rules would also establish prioritization of safety-of-life communications. The rules would not require licensees already operating under C-V2X waivers to make changes to their currently deployed systems, and would provide a two-year timeline for sunsetting the use of existing Dedicated Short Range Communications (DSRC)-based technology.

 To permit the full benefits of connected vehicle technology to flourish, the rules would also optionally permit devices installed in vehicles to use geofencing techniques to allow C-V2X equipment to transmit at a higher power level when operating outside of protection zones around federal radiolocation sites.

 All of the Dynatron solutions are a combination of our technology and our industry expert coaches. With their support, we turn plans into action plans, and action plans into results. Managing your Service Department is hard enough. You don’t need another vendor; you need a partner.

Guaranteed and unmatched expertise, Dynatron’s results drive customer ROI.

Learn more.

In the wake of the recent CDK Global cyber breach, the automotive industry is facing significant challenges and uncertainties. On June 19th, CDK confirmed a "cyber incident" that led to a series of rapid and consequential actions, including shutting down various systems that are critical to dealership operations. This incident has escalated over weeks, revealing that Eastern European hackers allegedly demanded a multimillion-dollar ransom, and culminating in reports that CDK may have paid approximately $25 million to end the outage.

It is crucial for dealerships to stay informed and take immediate steps to protect their data. This article provides a detailed timeline of the events, an overview of the FTC Safeguards Rule, and KPA’s recommendations for navigating this crisis and enhancing your dealership's data security.

CDK Cyber Incident Timeline:

Reporting Obligations under the FTC Safeguards Rule

The Federal Trade Commission (FTC) Safeguards Rule provides a framework for dealerships and other financial institutions to protect customer information by requiring them to have certain measures in place to ensure the security and confidentiality of customer records and information.

On October 27, 2023, the Federal Trade Commission (FTC) announced a revision to the Safeguards Rule, requiring non-bank financial institutions to report data breaches to the FTC within 30 days of discovering that unencrypted information of more than 500 consumers was obtained by third parties without authorization.  This notification requirement went into effect on May 13, 2024, and is in addition to any state notification requirements.

Are You Required to Report this Incident to the FTC or Others?

Dealership do not know yet since CDK has not revealed exactly what has happened.  While it is very likely that the hackers accessed and acquired unencrypted customer information, we do not know the extent of what customer information was accessed.  In other words, dealerships have no way of knowing whether their customers’ information was compromised during the CDK Cyber Incident.

While CDK has worked an agreement with the FTC that would allow CDK to report on behalf of any dealership if that dealership’s customer information was compromised, you should still gather more information before deciding to participate or opting-out.  What will CDK’s message to the FTC state?  Will the dealership have any obligations to follow-up on requests from the FTC?  Will CDK indemnify the dealers for any mistakes or errors?

Additionally, states have their own notification laws, and the agreement between CDK and FTC do not address those state-level requirements.

Regardless, if you have not already done so, you should notify your insurance company and put them on notice of this incident, even if not making a claim, to avoid arguments by the carrier that a notification delays caused prejudice to the carrier.  The carrier will also be helpful in the notification process, if necessary.

Nevertheless, stay informed because date breach notification time-frames are very narrow.

Tips for Data Security at Your Dealership

Ensuring the security of your dealership's data is more crucial than ever. Evaluate how your organization protects user data and consider steps to enhance its security. Here are some essential tips to keep your dealership's data secure:

By implementing these tips, you can strengthen your dealership’s data security and build trust with your clients.

Ensure You Are Safeguard Compliant

Need a partner in Complete Compliance? KPA is here for you! KPA Privacy & Safeguards software offers a comprehensive solution specifically designed for automotive dealerships to ensure complete compliance, protect customer data, and streamline operations with a guided 10-step approach.

Our robust 10-step compliance framework includes customized legal policies, technical safeguards, and regular assessments to mitigate risks and ensure compliance. We’re your partners in true, complete compliance. Please reach out to us at info@kpa.io, by visiting kpa.io/automotive, or by giving us a call at 866-856-1735.