It is the shop’s responsibility to protect the privacy and proper use of the data, the task force acknowledges, but “the repair facility is entitled to and must have the freedom and flexibility to utilize the data as they deem appropriate, [including] the ability to copy or export data to separate servers, trading partners or online data warehousing services, without approval from a third party.”
Dan Risley of the Automotive Service Association, one of three chairs of the CIC task force, asked Fincher if data security really has been a problem within the industry during the decades in which the current data exchange system has been used.
“There has not been a significant compromise from a security perspective,” Fincher acknowledged. “But we don’t want to be in a reactive mode. We are processing thousands of files per day, and there are thousands of collision repair facilities that are using this data that is sitting unencrypted. The last thing we want to do is be in a reactive mode.”
Shouldn’t a shop have the right to share its estimate data as it chooses, Risley asked Fincher.
“Unfortunately, it’s not just the shops that own that data,” Fincher said. “There are others who claim ownership of that data, and we have a commitment to secure the data of all of our customers and other providers we work with who provide us that source data.”
Risley said one alternative that he has heard is being worked on is a system in which the shop exports a PDF file of an estimate to a third party that then translates that file back into a data file the shop can share.
“We agree there are other alternatives that could exist to share this information,” Fincher said. “As long as it’s within the guidelines of the contractual agreement that the repair facility has with CCC, then absolutely… [But] it’s also important to understand other contractual relationships that as a repair facility you might have with insurance companies, and look at those DRP agreements to see what your limitations are. There is specific language about what and who you can share information with.”
Risley acknowledged CCC has been responding to some of the concerns raised by the industry about Secure Share, reviewing its contract language with app providers that some vendors found troubling, and potentially establishing an advisory board to allow for ongoing feedback.
Still, following Fincher’s presentation, 70 percent of CIC attendees in Chicago voted to not disband the task force, believing “there is additional work to be done.”
CIC Chairman Guy Bargnes praised the task force’s work.
“Regardless of your position, your thinking on this issue, the work done by this task force…absolutely exemplifies…CIC’s mission: To discuss issues, to enhance understanding, to find common ground,” Bargnes said. “That’s the objective of CIC, to bring more information.”
John Yoswick, a freelance writer based in Portland, Oregon, who has been writing about the automotive industry since 1988, is also the editor of the weekly CRASH Network bulletin (CrashNetwork.com). He can be contacted by email at john@CrashNetwork.com.