Ashley Denison, chief information officer for the Caliber Collision chain, agreed, noting the company’s CEO even came to her about tracking down the issue because the repair of his own daughter’s car made it onto the vehicle’s CARFAX report.
Denison said Caliber has resources to try to address the issue, but she sees the need for an industry solution because if it happens to any shop, “it happens to all of us, it’s a knock on the industry.”
She said listening to what Benavidez as the owner of a single shop has done trying to track the problem down, she was “blown away by how much as an operator he had to know about all this,” when he should be focused on the quality repairs and customer service everyone wants from shops.
“So how do we as an industry begin to flip that,” Denison asked rhetorically.
Putting Things in Writing
Benavidez said he worked with the Automotive Service Association years ago to create an “end-user licensing agreement” (EULA) shops could require vendors to sign related to their use of the shop’s data.
“But I have yet to get one company to sign that,” Benavidez said. “I think the reason for that is even they don’t always know where [the data] is going. I’ve brought it up numerous times, but I’ve had zero response in getting anybody to sign that EULA."
Denison said Caliber does have EULAs in place with its vendors.
“I think this is where size and scale makes a little bit of a difference,” she said. “But the reality is [the agreements] are more of a punitive thing---only if we find out that something has happened---than something on the front-end that stops the data from going out.”
Koukal said her company falls between Benavidez’s and Caliber in terms of size, and has EULAs with some of its vendors but not others. She agrees with Denison’s view that such agreements have limited value.
“In order to do anything about them, you have to know where that data was shared and who shared that data,” Koukal said. "You’d also need to take it to a court of law in order to have anything done with it. I don’t think everyone is in a position to do that, nor do they want to do that. So I don’t know how much value [the EULAs] have.”
The panel was asked if some sort of government regulation, similar to those designed to protect patient information in the medical field, was the answer. Denison said that certainly would create compliance, “But I absolutely believe that as an industry we can solve the problem without the government getting involved.”
In the meantime, Koukal and Denison each said their companies added verbiage to their repair authorization indicating the customer allows the shop to access and share vehicle data with third-parties as relevant to the repair of the vehicle.
“My concern is: Do they read it and understand what that actually means,” Denison said, acknowledging that if she knew little about the industry and was getting her car repaired, she would just check the boxes as necessary and sign the form.
Benavidez said his similar concern led him to create a second authorization related to the use of their vehicle data from scans.
“It’s really helped us with the consumer to gain their trust,” Benavidez said.
John Yoswick