Access to customer data must be only permitted to authorized users. Examples of access controls include password protection for electronic databases and locked doors securing physical files.
314.4 (c) (1)
Implementing and periodically reviewing access controls, including technical and, as appropriate, physical controls to:
(i) Authenticate and permit access only to authorized users to protect against the unauthorized acquisition of customer information; and
(ii) Limit authorized users' access only to customer information that they need to perform their duties and functions, or, in the case of customers, to access their own information;
Mosaic Compliance Services provides Access Control best practices and documentation. Our training and documentation will help you understand access controls and implement those appropriate for your dealership.