Unbeknownst to consumers, companies have been using their data for years. Take Facebook, for example, which, in 2014, allowed the data of up to 87 million users to be improperly shared with Cambridge Analytica. This data privacy violation caused a public outcry, and Facebook was fined a record $5 billion by U.S. regulators.
Now, data privacy laws are coming down the legal pipeline, and you need to be certain that your shop is ready to adhere to stricter guidelines when it comes to your customers’ personal information. Personally identifiable information (PII) is any data that could potentially identify a specific individual. This kind of data is already regulated by privacy laws, but new legislation plans to regulate how shops properly handle, collect and dispose of PII.
A good example of this is the California Consumer Privacy Act, which will become law in 2020, and applies to businesses some of the strictest rules on consumer data management. Basically, it forces companies that gross more than $25 million, or make most of their living off of selling data, to reveal what data they collect, give consumers the right to delete it and prevent its sale. While these terms were meant to keep consumers from being exploited by big tech companies and not so much collision repairers, there are more laws on the way in other states such as New York, Maryland and Massachusetts that seek similar protections for their consumers.
The obvious data these policies would target is the information you collect from the customer prior to the repair such as their name, insurance information and driver’s license number – things that we’re already familiar with as personal information.
What you might not think about is how these laws could affect the data your shop shares with other businesses such as the rental agency or insurance company and how you transfer it. While we would like to assume all of our business partners are handling customer data correctly, there may be some who are not.
At the Society of Collision Repair Specialists’ (SCRS) open board meeting and again at the Collision Industry Conference (CIC) in Indianapolis, SCRS Executive Director Aaron Schulenburg said he has received an increased volume of calls from shops in the last two years who say their estimates are rapidly appearing on vehicle history reporting sites like CARFAX.
“We should be concerned with what we’re sharing,” Schulenburg said.
Schulenburg added that SCRS is currently investigating these claims. With these new privacy laws, he doubted most shops would be able to knowledgeably tell a consumer what data was collected and where it went. In addition, shops may be interested in knowing which companies aren’t being responsible with data and be able to hold them accountable by deciding whether or not to continue to do business with them.
So what can you do? Try reading any software terms-of-use agreements you signed and find out what data is being collected and how it’s used. Additionally, to help prevent unauthorized data usage by third-party vendors, you can consider ASA’s Data Security Policy template. (Note: I am not an attorney and suggest consulting with a qualified licensed attorney in your state before adopting any legal documents.) The template can be found at asashop.org/tools-resources/free-industry-tools/.
As put by ASA Collision Division Operations Committee Director Scott Benavidez, “Nobody should be profiting from the data we are generating on behalf of our customers.”