Auto dealers urged to improve protection of buyer data

Michael Martinez
The Detroit News

As car-buying increasingly shifts to online research and purchasing, some industry groups are urging dealers to better protect customers' personal information — things like Social Security numbers, bank accounts, phone numbers and vehicle purchase history.

State and federal laws help dictate how customers' information is stored and secured, and no dealer group has suffered a major hack. But mobile apps and car-shopping websites have increased the possibility.

While some automaker trade associations have developed privacy guidelines, and customers can guard themselves by using trusted dealers and secure websites, most of the responsibility falls on dealers' shoulders.

"Customers should always take care online, and shopping for a car is no different," said Mike Hindelang, co-leader of data security and privacy for the Honigman Miller Schwartz and Cohn LLP law firm, which advises businesses on these matters.

"If you are using secure connections and a 'https' website of a reputable company, you can generally transmit your information without fear, but it is never risk-free."

Beth Hill, general counsel and chief compliance officer for FordDirect — a joint venture between Ford Motor Co. and its franchise dealers that provides advertising information — said dealers have an increased responsibility to avoid becoming the next Target, Home Depot, Sony, Anthem or other large organization that's had data breached and personal information stolen. That responsibility includes everything from educating employees on simple measures — like not sending Social Security numbers or financial informational through email — to ensuring the credibility of the vendors with whom dealers work.

Dealers increasingly are turning to third-party software developers to create mobile apps and virtual showrooms to help sell cars. At the National Automobile Dealers Association convention in January, groups introduced new technologies such as personalized websites and tablet-based signature pads on which customers can sign documents during the car-buying process.

"Underpinning all of these new technologies is the need to secure information and to do it in a privacy sensitive way," Hill said in an interview. "There's a lot of information they have about customers. They must make sure they're working with trusted providers to take that issue seriously."

Studies say customers are doing more mobile shopping than ever before. FordDirect research found customers spend about 75 percent of their car-buying experience online, and 30-50 percent of that online traffic comes from mobile or tablet use.

"Your online showroom is very important," said Kate Bullach, vice president of marketing and communications at FordDirect. "Customers aren't tire-kickers, they're tire-clickers."

While researching, studies have found that would-be buyers visit third-party sites — like AutoTrader, TrueCar or Edmunds — 51 percent of the time, and go to dealerships less and less.

"There's a lot of change in consumer behavior," said Dave Winslow, chief digital strategist for Dealertrack Technologies, a company that provides software to dealers to develop their digital presence.

"They're spending more time on dealer sites and they're not just viewing cars; they're getting finance quotes, they're getting trade-in information. The landscape's really shifted to digital."

Raj Sundaram, Dealertrack's co-president, said customer data is in secure hands with his company.

"All of that has been accounted for in all our (services). This is what we do; we know how to protect data."

He said Dealertrack works with dealers to educate their employees on safe handling of sensitive information, and he's noticed a change in the types of workers dealers hire. More are filling chief technical officer jobs with highly qualified workers — positions that weren't needed at a dealership five or 10 years ago.

David Kelleher, president of David Chrysler Dodge Jeep Ram in Glen Mills, Pennsylvania, uses Dealertrack and said most customers' information isn't discussed through email — and credit or personal information is transmitted through encrypted Web pages.

"Data in our store is something we've worked very hard on," he said. "Our finance and insurance 'wing' was put away from normal traffic areas, and all have secured unique (virtual) locks that can only be opened by the manager or myself. Fortunately, we've never had an issue. There is lots of support available to dealers to safeguard."

mmartinez@detroitnews.com

(313) 222-2401

Twitter.com/MikeMartinez_DN