CDK's purchase of Auto/Mate may create a major disruption in the dealer management system (DMS) industry. Here is our take. DOWNLOAD
Last week we took a look at best practices for handling consumer data offline. This week, we're taking a closer look at online practices.
Remember, always consult your lawyer when working with consumer data -- we've got best practices for you and your best interests at heart, but they're the ones who will make sure you've got all the legal questions covered.
On we go!
Here’s a sample of what one looks like: this is the policy we have developed to use with our network of websites that car buyers use to apply for financing. Since they’re filling out a full application, including employment information and SSN, we have to be sure that we make clear what our intentions are for the information they’re sharing.
We spent a lot of time with our legal team developing this policy, which includes clear language describing what we do, why we do it, and how. It also gives the consumer the opportunity to limit how we share information, or to opt out of the process altogether. This is especially important to ensure compliance with federal regulations governing the use of the data - similar to CAN-SPAM on the email front.
This policy also addresses some specific questions the consumer might have, such as “How does [company] protect my personal information?” and “Why can’t I limit all sharing?” These are important considerations that a savvy potential customer will take a look at before deciding to share their sensitive data.
If you’re using a financial application on your dealership website, you need to make sure that it is using encryption technology to protect the bits and bytes that are moving through your system.
You’d be surprised how many dealers’ websites have financial applications - including those built by some reputable website providers - that are written in unencrypted HTML and do not include “https://” in the URL. That means that the information is wide open. If you’ve got someone on your website who knows anything about data leaks on the Internet, they will not submit their application if they recognize that it’s not being protected.
If you're using a website provider, ask them whether the data is secure, and how. If you don’t hear terms like “SSL”, “site certificate” and “encryption” as part of the conversation, you are not getting the best tool for collecting consumer information from your website visitors.
Take a look at our flagship consumer finance site, Carloan.com, as an example. When you hit the home page, we feature trust symbols from the Better Business Bureau and security services industry leader Network Solutions. When you click through to our finance application, you will immediately notice the “locked” symbol in the URL and “https://” as part of the address string. All of these elements -- and a strong domain name -- help to make it the best-performing consumer finance site in our network.
We also offer our expertise to the members of the Carloan.com Dealer Network, in the form of a customizable application. No muss, no fuss - we can create a secure financial application using your dealership’s branding that you can then use in conjunction with your website, regardless of who built your website and where it is hosted.
You might not expect to see this again under online best practices, but think about it from their perspective. If a consumer is not actively engaged with you and sees a hard credit pull on their report - and many of them will - they will interpret that as a fraudulent action on your part and potentially sue your dealership. As far as they know, their financial information has been compromised, and you are responsible. Might sound far-fetched, but we’ve seen it happen.
That makes it worth mentioning again.
You have a legal and moral obligation to make sure that your prospects are aware when you are acting in a way that can potentially affect their credit. Period.
It is entirely up to you to make sure that you're on the right side of the law and tenaciously guarding this sensitive information. Most of the dealers we see out there are using these best practices, which is great. It’s the bad actors that make it tough for the rest of us.
When you follow these best practices, you are ensuring the safety and security of sensitive personal information for your customers. Put a consistent process in place for handling consumer data, both offline and online. Protect your store and your customers.
If you treat them well, these consumers will expand your business by referring their friends and returning to buy more cars from you. Treat them poorly, and you can expect them to talk to their lawyers.
Be sure to speak to yours when you're setting up to ensure that you're following the letter of the law.