Consumer Data Privacy Revolution is Underway - AutoSuccessOnline

Consumer Data Privacy Revolution is Underway

Data breaches are happening on an almost daily basis, exposing customer addresses, passwords, credit card numbers, social security numbers and other sensitive information.

Consumer privacy concerns are sweeping the nation and lawmakers are taking notice.

In the first six months of 2019, the number of data breaches has increased by 54% compared to the same time last year. As of July, more than 4.1 billion customer records have been exposed in approximately 3,800 publicly disclosed data breaches.

The business sector is responsible for 67% of reported breaches and 85% of exposed records. Data breaches are happening on an almost daily basis, exposing customer addresses, passwords, credit card numbers, social security numbers and other sensitive information.

Recent notable breaches include:

The City of Baltimore’s computer systems were infected in May with an aggressive ransomware called RobinHood. Although the city did not pay the ransomware, the resulting chaos has racked up more than $18 million in damages.

In late July, Capital One was hacked, exposing 100 million records including credit card applications. This is one of the largest data breaches in history with potentially devastating consequences.

Bulgaria’s National Revenue Agency was recently hacked, compromising the information of 5 million out of Bulgaria’s 7 million citizens. The hackers later sent a message to the Bulgarian media declaring “The state of your cyber security is a parody.” Imagine the consequences if this happened to your business.

According to one report, an unauthorized person accessed NASA’s Jet Propulsion Laboratory. The hacker went undetected for 10 months and acquired highly sensitive information from many critical and confidential projects.

Quest Diagnostics and LabCorp. These two clinical laboratories were both hacked in June, exposing a combined 19.6 million medical records and personal information. In fact, 2019 has been a horrible year for customer privacy in the medical industry, with breaches occurring on an almost weekly basis.

First American Financial was hacked in May, exposing 885 million sensitive records including bank account numbers, statements, mortgage information and tax records.

Facebook recently admitted that 600 million user passwords have been stored in plain text and could easily be accessed by its 20,000 employees. If you use Facebook, change your password.

Consumers Demand Protection

Many people still have an image of “hackers” as teenagers in basements, but this stereotype is inaccurate. The vast majority of today’s hackers are employed by large criminal or state-backed entities. These organizations use sophisticated strategies and systems to carry out cyberattacks worldwide. Although cybercriminals are located all around the world, most activity originates from Russia, China, North Korea and Brazil.

Understandably, consumers are increasingly fearful about the consequences of their personal information being stolen. Identity theft is a growing problem, with 33% of U.S. consumers reporting some form of credit card fraud or identity theft. In the next few years, experts estimate that cybercriminals will steal $6 trillion from U.S. consumers and businesses.

Once stolen, personal data is typically sold on the dark web to criminal organizations that are willing to pay from $10 to a few hundred dollars per identity. One successful data breach could net perpetrators millions of dollars. Because it’s so lucrative, cybertheft is a rapidly growing industry.

Cybercriminals use personal data to take over bank accounts, commit credit card, tax and mortgage fraud, steal identities and scam vulnerable consumers.

Across the U.S., growing consumer demands have motivated lawmakers to take action in order to drive businesses to be better prepared for cyberattacks. Although every state in the U.S. has a law that impacts how businesses must report data breaches, most experts agree these laws don’t do much to prevent data breaches in the first place.

To address this challenge, as of July 2019, 20 states have drafted or passed consumer privacy laws. The most notable example is the California Consumer Privacy Act (CCPA), which requires businesses to take “reasonable measures” to protect consumers’ personal and private information.

The CCPA applies to most auto dealerships in California. Dealerships store vast amounts of personal information from consumers, including names, phone numbers, email addresses, home addresses, credit card numbers, social security numbers and other financial information.

Dealerships Need to Take Action

The CCPA takes effect in January, 2020. Unfortunately, becoming compliant is not as simple as installing antivirus software and calling it a day. The California Attorney General has defined “reasonable measures” as 20 Controls issued by the Center for Internet Security (CIS).

To become compliant, California auto dealers will need to implement these 20 controls, which include appointing a security officer, creating a cybersecurity plan and providing security awareness training to employees. Depending on the state of the IT network, it may also include upgrading network equipment, computer hardware and software.

Although compliance will take time, money and effort, the CCPA is forcing a much-needed evolution in dealerships’ information technology (IT) practices.

The first steps to become CCPA compliant are:

  1. Understand where your current IT environment falls short of CIS 20 controls. Order a gap analysis, also known as a Risk & Vulnerability Assessment, from a recommended IT services provider.
  2. Create a prioritized remediation plan that fills gaps identified.
  3. Implement the plan. Seek help if you are shorthanded. The clock is ticking and time is of the essence.
  4. Maintain compliance with ongoing management. IT isn’t static and it’s easy to fall out of compliance if things aren’t routinely managed and monitored.

Compliance with the CCPA by the January deadline requires a sense of urgency and a detailed plan of action. If your dealership hasn’t yet taken steps to protect consumers’ personal information, you may be vulnerable to a data breach and subsequent lawsuits in 2020.

Erik Nachbahr

You May Also Like

The Dealership Flywheel: A Perspective from X-Amazonian

Customer obsession is key. Every dealership must have processes in place to never fail a customer.

service customer and mechanic

As your dealership heads into 2024, it’s common to reflect back on the previous year and identify possible areas of improvement. As you reflect, consider things like whether or not you’ve had about the same number of people coming into your service department each day of the week or month of the year. As you reflect back on this past year’s sales and inventory hurdles, you undoubtedly know which months your store sold the most used or new cars.

New Research Reveals Age and Gender Differences in Vehicle Add-On Purchases

Are there certain age/gender demographics with a higher propensity of purchasing any specific set of VPPs? This study sheds light on consumer preferences and priorities when it comes to safeguarding and maintaining vehicles.

study about age and gender differences - man and woman
How Generative AI Is Impacting Auto Lending Compliance

What is often left out of recent headlines, is the extraordinary power of AI to reduce harm, including fair lending and discrimination risks.

5 Predictions for Front-Line Chat Solutions

In the next few years, prepare for a chat solution that must act like a personal greeter to every customer who visits your digital showroom.

Maximizing Fleet Uptime: A Dealer’s Guide

This guide provides actionable insights for dealers to ensure their fleets are always on the move.

Other Posts

Privacy4Cars’ Vehicle Privacy Report 2.0: More Features, Expansion into Europe

The new report doubles geographical coverage and deepens vehicles’ data practices analysis of manufacturers by adding privacy implications of infotainment apps and more.

Your Service Department’s Undervalued Opportunity: Streamlining RO Stories

Consider how much time repair event stories take to write. Now, multiply that by the number of technicians employed at your dealership and you could easily be wasting hundreds of technician hours every month.

Ways to Save on Credit Card Merchant Transaction Fees

A processor should lessen your workload by handling merchant processing. They should free you up to focus on the customer, while feeling confident that your processing remains compliant and safe.  

How End-of-Year-Sales May Impact Auto Finance Digital Transformation Strategies

We still have a very paper-driven culture but we need to continue to shift focus to digitization to reduce risk and liability.