Handwritten deals and rows upon rows of file folders are slowly giving way to new data management techniques, largely digital. 5G connectivity along with AI and connected vehicles creates a monumental challenge for protecting consumer data. Twenty automakers have committed to the Automotive Consumer Privacy Protection Principles that are reviewed biannually. But what should individual car dealerships be doing to protect their customers’ data?
The Type of Data that Needs Protecting
Quantifiably, the data that requires protecting is universal. Every customer that does business with your store should reasonably expect that their information will remain confidential and secure, and the dealership will actively work to keep it that way. That data includes:
- Their name and address
- Email addresses
- Any identification provided such as driver’s license, social security number, and passport
- Home, work, and cellular telephone numbers
- Banking and credit card information including credit reports and financing terms
- Vehicle purchase and service history
Automotive expert Chris Riley of AutoWise says, “Customers across all industries expect that their information will be closely guarded. That not only means it won’t be sold but also protected against intrusion.”
Why Data Protection is So Important
There are the obvious reasons to protect data: exposing the dealership to litigation and being responsible for identity theft or fraud, to name a couple. But the reach is much deeper than the surface. It affects your current customer base and can be catastrophic to your store’s future.
Total Dealer Compliance , a car dealership compliance auditing firm, discovered in a survey that 84 percent of car buyers would not return to a dealership whose data had been breached. Max Zanan, President of TDC, says, “Our report discovered that more than 70% of dealers are not up to date on their anti-virus software, and nearly a third of consumers lack confidence that their personal data is secure when purchasing a vehicle.”
Those statistics are bound to strike a chord with many dealers. Here are some steps you can take to be compliant with consumer data privacy expectations.
Train Staff on the Importance of Data Privacy
Most dealership staff are unlikely to know what’s expected for consumer data management aside from what’s deemed common sense. However, common sense as common as you’d expect, which is why every employee should receive training on consumer data privacy protection.
Expectations should be stated in a store policy and accompanied by a signature from each employee along with clear discipline for violations. While it’s evolving constantly, the draft should include:
- Securely storing documents with customer information
- Locking computer screens when they’re left unattended
- Responsible use of social media
Keep Digital Communication Through a Secured Network
While it can be tempting to grant remote access to your dealership’s CRM for ambitious employees to work after hours from home, it can be a detriment to network security. If you can’t ensure the integrity of a network, access should not be granted.
All communications – largely emails – should be sent through your dealership’s network or by approved devices that are compliant. If that sounds restrictive, remember that IBM pegs the average data breach cost at nearly $4 million.
Give Consumers Control of their Data
A consumer should have discretion of how their data is handled. Clearly, the dealership needs their information to serve them properly, but how it’s used is flexible. Offer customers an opt-out for communications and adhere to it. CRMs are designed with this in mind for their own compliance. Ensure that your team is using it effectively to handle customer opt-outs.
Total Dealer Compliance shows that the penalty for violating the Do Not Call rule is $40,000 per violation.
Hire or Train a Certified IT Specialist
With nearly 70 percent of dealers not current on their anti-virus software, it makes them an easy target for hackers. Yet, only 30 percent have an IT professional that’s certified in Computer Security. That leaves a huge gap.
Dealers would be well served to look for an IT employee with recent training and certification in Computer Security. Alternatively, offer training to certify your current IT staff to keep the personnel you have.
Have an Audit Performed
Dealers are focused on the day-to-day car business while other companies specialize in consumer data privacy and compliance. It’s a worthwhile investment to have a dealership audit performed to discover vulnerabilities and issues. While the money spent won’t turn into a profit or additional sales, it can prevent a catastrophe like a data breach from tanking your store.