I recently saw a film, "The Social Dilemma," on Netflix, and it tells a frightening story.
It’s a documentary-drama hybrid examining the human impact of social networking, with top tech experts sounding the alarm on their own creations.
In the film, they analyze how companies all over the world covet your personal information, including what you buy, what you eat and where you take your car for repairs. They use it to market products and services and try to manipulate what you do in every aspect of your life.
It’s a topic in the press literally every day, so consumers are more aware than ever about their privacy and cybersecurity.
Since the beginning of the year, the California Consumer Privacy Act (CCPA) went into effect, requiring, among other things, auto body facilities to protect customers' personal information. The new law grants consumers the rights to request a business to disclose the categories of sources from which it collects about the consumer, the categories of sources from which that information is collected, the business purposes for collecting or selling information and the categories of third parties with which the information is shared.
Fundamentally, the CCPA is directed at companies that gross in excess of $25 million or sell consumer data. They will now have to reveal specifically the data they collect, and offer consumers the right to remove it and/or stop it from being sold.
CCPA was devised in order to keep consumers from being exploited and currently states like New York, Maryland and Massachusetts are coming up with similar laws to do the same.
CAA Executive Director Richard Johnson has been proactively warning his organization’s membership about the effect of this new law and how it can directly affect the collision repair industry in California.
“Our main concern is that unfortunately, when uploading an estimate or ordering parts from third-party vendors, some estimate software systems may not be protecting consumer information as well as you might think,” he said. “The CCPA grants California consumers an entire set of new rights to access, delete and/or opt out of the sale of their data while placing restrictions on entities that collect, store and sell Californians’ personal information.
"We are working hard to learn everything about the CCPA, so that we can successfully share the information with our members and keep them ahead of the game.”
The International Association of Privacy Professionals (IAPP) estimates more than 500,000 businesses in the U.S., including more than 100,000 businesses in California alone, will need to comply with this new law.
This data in question includes customer name, vehicle license number and Vehicle Identification Number (VIN.) The VIN carries with it everything needed to identify the vehicle in detail. Some parties sell this information to other vendors that use this information to other vendors that use it to produce vehicle history reports or other purposes.
To address this issue, some estimate software system vendors have taken appropriate measures to comply with the new California laws and protect consumer information by creating a “secure” system.
For example, CCC has developed a “secure share program," CCC Secure Share, that is getting positive reviews from the industry. It enables body shops to quickly and easily share data from the CCC ONE platform in real time with any registered third-party app using the BMS format.
Within this platform, collision repairers are able to browse through a listing of available apps and may choose to activate or de-activate sharing with those apps at any time.
As an analogy, it's similar to how a person can add or remove apps from their smart phone via an app marketplace.
Johnson and CAA are concerned about companies like CARFAX, whose vehicle reports often include information from consumers’ estimates.
“They glean the data from the estimate and not from the invoice. A customer will go to a shop and get an estimate on a repair, but then they don’t get it fixed, and it appears on the CARFAX report as a 'damage report,' which assumes that the vehicle was in an accident," Johnson said. "It could be a scratch and not a big deal, but it’s listed in a damage report.
"The consumer assumes that the estimate is between them and the shop only, but that’s obviously not the case. We asked CARFAX where do they get the information and they simply plead the fifth.”
Will this new law protect consumers and body shops, so third parties can’t access and profit from their data? Only time will tell, but according to Johnson, the CCPA is one step in the right direction.