Data Laws Changing Terms of Privacy
A trending topic at April’s Collision Industry Conference (CIC) meeting in Nashville was data privacy and the right consumers have in regard to data privacy. After all, in the U.S. alone, new data-related laws are being introduced all the time.
Frank Terlep led a session in Nashville regarding data access, privacy and security. The longtime collision repair expert outlined what repairers need to know going forward regarding bills such as the California Consumer Privacy Law that passed in June 2018. The law gives consumers the right to know what information corporations are collecting on them, gives consumers the right to tell a business not to share or sell their information and protects consumers against businesses that do not uphold the value of privacy. As Terlep sees it, after studying the law, it appears it can affect any business that a California resident would go to, even if the business is not in the state of California.
Right now, the industry is seeing a proliferation of state initiatives, partially due to the failure of federal policymakers to address such issues, Bob Redding, ASA’s Washington, D.C., representative says.
“There’s been numerous hearings in the 115 and 116 Congresses on data privacy,” Redding says, “but there’s no clear data privacy or data access path to date.”
So, moving forward, collision repair shop owners need to be aware of how this might affect their consumer consent and privacy statements and other security practices in the shop. Redding feels the industry has to be careful because if policymakers and lawmakers extend their reach to protect consumers, there may be a point where it is too far and it could block repairers from gaining access to data that’s important to repair cars.
FenderBender recently spoke with Redding and asked what collision repair shop owners should be aware of with regard to current data privacy issues.
What are some of the prominent bills in legislature right now related to consumer’s data privacy?
The California Consumer Privacy Act (CCPA) is one widely discussed example. The CCPA was passed in July 2018 and is set to go into effect January 2020. At a U.S. Senate subcommittee on manufacturing, trade, and consumer protection, Ryan Weber, president of the KC Tech Council stated, “a state-by-state approach to data privacy creates a compliance nightmare for the entire tech industry…[because] data does not abide by state boundaries… [and] as states create new and increasingly disparate privacy requirements, the result will prove untenable and could have a disastrous impact on small businesses and innovation.”
NHTSA also released its “Cybersecurity Best Practices for Modern Vehicles” in the fall of 2016. But, these are voluntary guidelines and not new laws. I think states will continue to try and fill this void.
How has the data privacy trend changed in recent years?
In hearing after hearing, we have seen both political parties expressing concern about protecting consumer data. A U.S. House Energy and Commerce Subcommittee hearing this year included witnesses for several independent public policy groups.
Major data issues exist but no obvious path has evolved for next steps as far as congressional action.
What is the main takeaway for shops in light of these laws?
There are several important pieces. First, we have to stay informed on any new and related state or federal laws. Second, we need to ensure, as best as possible, that our shops are secure.
Finally, it is critical that shops have a clear, secure path to obtain the data necessary to repair vehicles. Shops cannot become collateral damage in any overzealous data protection policy effort. There’s been a concern that there is a lack of a formal data access stakeholder groups to work with policymakers. There has been concern that there is a lack of a formal data access stakeholder group to work with policymakers.
There was an attempt to establish a data access and cybersecurity stakeholder group at NHTSA in the last Congress through autonomous vehicle legislation. This bill passed the U.S. Senate Commerce Committee but was not taken up on the floor prior to adjournment.
How will shops need to enhance their data management practices and update privacy policies?
At ASA and other industry meetings, leaders are sharing information and strategies relative to data and cybersecurity. Shop owners should monitor ASA’s website and stay on top of the industry news.
Also, U.S. Senator Marc Rubio (R-FL), introduced legislation that encourages Small Business Development Centers to have trained staff available to work with small businesses in addressing cybersecurity issues in their businesses. This legislation recently passed the Senate Small Business Committee.
Overall, why is it important for shop owners to learn about these data privacy laws?
Many consumers have had issues with devices, other than their vehicles, as far as data security. Consumers, consumer organizations and policymakers are seeking more information about what data is being accessed by businesses.
For shop owners, it will be important to protect our customers while at the same time having access to important data to repair the vehicle.
After the California law it begs the question as to why other states wouldn’t take a similar stance. I think that without federal law on the issue, more states are likely to follow in the footsteps of California and the CCPA.