As a dealership, you’re an integral part of the auto industry, but your real business is data. It’s behind every sale, every service call, every business decision you make. That’s why it’s critical to make sure the information you collect and store is secure.
You have likely spent millions of dollars building your database systems. Your dealership has amassed reams of information, from internal data such a payroll, accounting, inventory, parts, and service records, to customer information, including credit applications, social insurance numbers, and financing terms.
That is a lot of information, including a staggering amount of client personal and financial data. But how much time have you devoted to ensuring your data is secure? If you answer “not much” or “not enough” you are not alone.
For most of the dealers I know – and I know many – your favourite parts of the job are the active, tangible ones: selling cars, servicing vehicles, and generally making your business run like a well-oiled machine.
Less exciting and less immediate, but just as important, is data security. The risks of shoddy processes or a data breach are serious: loss of client trust, scrutiny or fines from regulators, legal action, major reputational damage.
It’s crucial you protect the goldmine of data that you have amassed. Here are some easy ways to make sure your data-handling processes are secure.
Pick Your Partners Wisely
Ask vendors and potential vendors about their data security and sharing policies. Where will your data be stored? On your network or the vendor's servers?
Read the fine print. Ask about anything you don’t understand.
Understand how third-party vendors will integrate into your DMS. What can they access? Are they certified? If you’re unsure, check the DMS website for a list of certified partners.
Find out how vendors handle user access. Do they have automatic logoff? Automatic time-based password resets?
Know the Law
Understand your duty to protect your customers’ personal information through the Canadian Anti-Spam Legislation, the CAN-SPAM Act, and The Personal Information Protection and Electronic Documents Act, or PIPEDA.
Incorporate knowledge about when and how you can use data into your policies and procedures.
Review your organization’s plan to protect itself from employee data breaches.
Manage User Access
Your vendor may have the best security going, but that won’t protect against breaches by current and former employees. You should:
Ensure only current employees have access to your system.
Create a process to block former employees once they leave your organization.
Limit employee access to only the information he or she needs for their job.
Remind employees that the customer is the dealership’s, not “theirs,” and the same is true for all client data.
Know Your Technologies
You should become very familiar with the technologies your teams use to:
Create clear, strict rules and procedures around exporting data.
Ensure your technologies are compliant with local and federal legislation. It will be you, not the vendor, who will be held liable if not.
Foster a culture of data security among your entire staff, not just the management team. Train all employees on relevant legislation and your organization’s policies and procedures.
Good data stewardship is an essential part of running your business. What are you going to do today to make your dealership data more secure?