Wednesday, 01 June 2022 13:55

CIECAST Looks at Unintended Consequences of Data Sharing in Collision Repair

Written by Abby Andrews


...demographic information on who is buying those EVs.


It’s a common misconception among shops that third party providers can successfully manage personal ID info and repair data, Tagliapietra said.


“There’s no surefire way to manage it successfully unless it happens right where the shop writes an estimate,” he said.


data flow web


He showed a flow chart, above, illustrating how customers’ personal information and vehicle repair data can get from a shop to a completely unaffiliated third party.


A shop creates an estimate, then uploads the data to its estimating system provider, which attaches the EMS report via an ActiveX control or data pump.


To help facilitate the repair, the EMS data goes to parts search databases, parts providers, third party claims processors and business management systems---and it can also end up in vehicle history reports and information on parts pricing, vehicle repairability and vehicle owner demographics.


This has led to a complete lack of control of the vehicle owner’s personal info, Tagliapietra said.


“It started happening in the mid to late ‘90s, so it’s nothing new, but it now has grown to the point it’s been identified by states,” he said.

California now has strict regulations on personal information security, and other states, like Virginia and Ohio, are looking into it. Tagliapietra said many more states will follow.


“Businesses can no longer ignore the potential liabilities by not protecting personal information,” he said. “It needs to be dealt with. And it will be dealt with, but it’s just going to take time to do that.”


Paul Barry, executive director of CIECA, talked about the difference between data security and information privacy.


“Data security---think of it like home security,” Barry said. “It’s really about keeping the bad guys out.”


Businesses need to manage their own data security to prevent unwanted access, he said, using routers, firewalls, VPNs, passwords and anti-virus software.


Information privacy is a business’s policies and procedures aimed at protecting that data.


“Each business should develop a program of controls to ensure info is protected and shared appropriately,” Barry said, including password, system access and...