Risley discusses how the information provider is addressing industry needs in the face of evolving privacy and security regulations.
With the California Consumer Privacy Act (CCPA) coming into effect this year, and concerns over security and privacy issues growing generally across the U.S., the need for the collision repair industry to employ data security and consumer privacy best practices continues to grow.
In our video interview embedded below, Dan Risley, vice president of quality repair & market development for CCC Information Services, discusses the how the information provider can help the industry comply with regulations and use new tools in its estimating platforms to employ privacy best practices. Risley also addresses the company’s data policies, how to better protect EMS transaction data and BMS transaction security.
Risley explained that the implementation of the CCPA this year is an important issue for both the collision repair industry and businesses generally.
“With CCPA becoming effective January 1st, 2020, it absolutely is a turning point year for businesses broadly and certainly the collision repair industry,” Risley explained. “Data privacy is a critically important topic and one that obviously we take very seriously. And as we move forward into 2020 and beyond, we want to help our customers understand what their responsibilities are relative to securing their customer’s data, not just in California but the entire United States.”
“Today, for our California customers that are listening, we do provide tools to help support requests they could be receiving today from their customers for any accessing data or deletion requests,” Risley continued.
As other states, or the Federal Government, address data privacy issues, the company is prepared to scale the solutions to meet the industry’s needs.
“As things continue to roll East, our tools are scaled now so that as other states are enacted we’re able to support our customers and our shops in those areas,” said Risley. “We’re going to continue to expand the support nationwide for these tools with privacy. And one of the things that you’re going to see very soon this year is our CCC Data Privacy Center.”
According to Risley, when implemented, the CCC Data Privacy Center will enable users to generate reports for customers who request a copy of their data.
Risley explained, however that the report only provides details on CCC products or those with an interface to a CCC product. He explained that for this reason, “…repairers really need to have a better understanding of what software they might have on their computer in addition to CCC and where else their EMS data might be shared outside of CCC One products.”
Regarding the often raised concerns by repairers over how CCC can use the data resident in their systems, Risley explained that the company has a published data policy, available online, to address these concerns.
“We’re in the business to support our client’s needs and we’re there to help protect their data and their information,” said Risley. “Our agreements outline exactly what we can do with the data and what we can’t do with the data. We have our CCC One data policies online and it’ll speak exactly to the things that I’m talking about right now, and that’s online and it’s available to you today.”
Risley also outlines key differences in the Collision Industry Electronic Commerce Association (CIECA) EMS and BMS transaction that impact data security and privacy.
“EMS contains all the data on a given estimate, and a user can’t limit the access. So, it’s the entire estimate, unlike when a user might use BMS and CCC Secure Share. Therefore, we’re encouraging shops to use BMS, use CCC Secure Share because of the data privacy that it has, as well as the additional layer security it provides that EMS can’t,” said Risley. “I’ll add to that is that both solutions continue to be available to the industry at no charge. So, you can choose whatever which one is best for your respective business. We’re going to continue to support both of those file types.”
Risley also detailed that shop should review the pathways they are using on their local computers to store EMS files and remove unnecessary or no-longer need export folders from their CCC settings.
“There’s a few things a shop can do to help better secure their data. The first thing is for the shop to take a look at within CCC One, and take a look at all the directory paths they have for EMS,” said Risley. “Identify which ones are necessary and which ones are not. Remove the ones that are not necessary. That will help eliminate the potential for some estimate data to be shared with somebody perhaps that you’re no longer doing business with.”
The two images below are screenshots of the configuration screens in CCC ONE showing the EMS export path configuration screens with multiple directories and with them removed.
The slide above shows multiple EMS directories configured.
The slide above shows the EMS directories removed, disabling EMS exports.
Risley also addressed a common question regarding whether CCC sells data to CARFAX for use in their vehicle history reports. According to Risley, they do not.
“I wish I had a dollar for every time somebody had asked me this question. CCC does not share data with CARFAX, nor do we sell data to CARFAX, nor have we ever,” said Risley.
Risley explained that CCC customers, who have questions about data security privacy issues, or need details on how to properly configure their systems to protect their data, can talk to their account representative. If contact information is needed, you can search for your local representative online.