It seems like every week a company makes the news regarding theft of credit card data from millions of customers, concerns about the collection of call data by the National Security Agency and countless other stories about privacy.  You understand how this impacts you as a customer, but do you know how you are impacted as a business owner?

Privacy policies and information security programs are no longer just for big retail chains.  The telematics systems and other information-gathering technology that you are selling your customers put you squarely in the middle of the debate about privacy and use of customer information.

Information generated by the equipment you sell has many benefits for you, your customers and your manufacturers.  However, customers are becoming more sensitive about who has access to the data, how it is secured and how it will be used.  This concern is leading to a growing debate among producers, manufacturers, seed companies and legislators.  On a weekly basis, it seems like a different group has an announcement relating to this issue:  from the Farm Bureau’s policy on data privacy, to the formation of a grower’s cooperative for the protection and licensing of producer data, to the establishment of cross-industry projects to develop standardized formats for farm data to facilitate producer access to data generated by various data-gathering tools.

Dealers need to be paying attention, too.  As a conduit between your customers and your manufacturers, you are in the position of advising customers on uses of the information available to them.  In many cases, you also may have access to your customer’s data and the ability to use that data to help drive your marketing plan or other business decisions.

Due to your access to customer data and growing manufacturer concern about negative brand implications if dealers don’t adopt best practices about data and privacy, you need to be thinking about steps to address customer questions and concerns.   As part of that process, you should consider taking the following actions:

  • Adopt a Privacy Policy.  A privacy policy is simply your promise to customers about how you will collect, use and secure data at your dealership.  When creating a privacy policy, there are two important things to remember.  First, if you commit to a policy, you need to make sure you are prepared to follow the policy.  Second, a privacy policy doesn’t mean you have to lock up information and never use it.  As part of this process, think carefully about how to balance the customer’s interest in privacy and your interest in using the information for valid business purposes.
  • Establish an Information Security Program.  If you make promises to your customer about how you will use and protect information, it is a good idea to also adopt an internal plan that helps you live up to those promises.  More importantly, federal law and the data security and breach notifications laws in place in 46 states require dealers to monitor and respond to a breach of their information systems. In many states, an information security program is either required or provides significant benefits to dealers, such as more limited penalties if violations occur.
  • Employee Training.  Putting a plan or policy on paper doesn’t do you any good unless your employees understand how to apply it and the importance the dealership places on compliance.  To adequately address the issues, it is critical to make someone accountable for training your employees on your policies and security programs.

Taking steps now to keep up with the changing dynamics of information access and privacy will allow you to show your customers you are informed, address manufacturer concerns, reduce your exposure to liability and comply with existing legal obligations.  This area will continue to rapidly evolve over the next several years but it is important to act now to meet customer expectations and put your organization in a better position to adapt to (and perhaps shape) changes and standards relating to data privacy in the future.