CIC Moves To Protect Data Privacy
Cloud computing services, or Web-based computation, software, and data storage providers, are quickly growing in popularity with collision repair shops. The technology has given shop owners the ability to store and generate service information online, which prevents both data overload on their personal systems and loss of information if shop systems are compromised.
But there is industry concern that the convenience the cloud offers in the way of data storing can also allow for data sharing by third parties, such as insurers, without shop consent.
“This was limited somewhat with ‘local based’ software since not all estimates were being uploaded,” says Tony Passwater, chairman of the Collision Industry Conference (CIC) Data Privacy Committee. “However, with cloud-based systems, all data are available by the provider of the software.”
To address these issues, the CIC introduced two surveys to evaluate industry concerns about the privacy of estimating and management systems data, and also examine where data is going, how it’s protected and where it’s possibly being leaked.
The first survey was distributed during a July CIC conference to the companies that are storing, generating or transmitting data from estimating and management systems. The second survey is for those with firsthand knowledge of instances in which specific repair information was reportedly leaked to third parties.
Passwater says results of the first survey, which is now closed, would probably not be made public. The second survey is still available for repairers at svy.mk/CICsurvey2. Passwater says the second survey will probably stay live to help identify when any possible abuses take place.
He says that in researching the issue while developing the survey, the CIC found that many third parties have “data pumps” capturing data and using it beyond the product or service the shop is subscribing to. The issue is of great concern to Nick Gjomeric, CEO at Collision Plus Auto Body Repair Centers in Illinois, who wonders whether insurers could use the information to set prices based on numbers alone.
“If I was an insurer, I would like some inside information to push the button to reduce my costs,” Gjomeric says. “I’m just not sure that I would always want to share my costs with the buyer.”
Aaron Schulenburg, executive director for the Society of Collision Repair Specialists (SCRS), says most repairers aren’t aware that third-party data sharing is occurring and most often, companies aren’t giving business owners the option to ‘opt out’ of third-party sharing. Information provided on it, if any, typically comes in fine print, he says, as part of a user-license agreement. All that’s required is to click a check box that says, “I agree.”
“On the management side, there are probably a couple of more options through some of the smaller companies. On the estimating side, there are few if any options,” Schulenburg says. “All of the companies have similar positions on the point-of-sale requirement: ‘If you want to buy our system, then you have to give us authority and rights access in the end-user license agreement to be able to extract your data, de-personalize it, aggregate it and redistribute it or sell it.’”
One state, North Carolina, has made it illegal for management systems to make the allowance of party-data sharing a point-of-sale requirement, Schulenburg says. He says he is unaware of legislation in any other states that currently addresses this issue.
Schulenburg says the CIC committee, the SCRS and other groups are continuously trying to figure out how to level the playing field for repairers. The surveys, he says, should provide some data to help do that.