Zonic Design, a certified vendor to CDK Global and Reynolds and Reynolds, is urging auto dealers to begin reviewing their vendors’ privacy and data security measures ahead of the January 1 deadline for compliance with California’s Consumer Protection Act (CCPA).
While CCPA is California-specific legislation, its requirements affect dealers and dealer groups having stores in the state, and many vendors serving auto retailers are domiciled there. CCPA’s comprehensiveness is designed to ensure healthy consumer privacy and data security guidelines for dealers and vendors, wherever located.
The timing for this call could not be better. According to a study from PossibleNOW, 56% of U.S. businesses polled are not likely to “be fully prepared” to meet the January 1 CCPA compliance deadline. This fact should add urgency to dealers’ sense of timing about reviewing their vendors’ compliance practices.
Likely other states will enact consumer privacy and data security legislation, given the lack of national guidelines and standards. Those laws are sure to be as stringent as is CCPA to protect those states’ residents.
Zonic Design is data-driven service marketing company leveraging auto retailers’ existing and conquest consumer to increase customer retention, revenues and ROI. When a major dealer group reviewed the vendor’s data security during vetting, group security personnel were taken aback at how much more comprehensive Zonic’s security measures were than their own.
“Dealer groups may have up to 20 different vendors tapping into their dealer management or other internal systems which store personal consumer data, so they will want to be certain, and confident those vendors’ data practices are current and stringent,” said Brian Ramphal, Chief Executive Officer, for Zonic Design.
Foremost, he said, dealers must insist their vendors be DMS certified. Other qualifying questions they should ask vendors, though, sometimes go unasked, including:
- Where do vendors store client data once extracted from you, and how is that data protected?
- What cyber liability limits do your vendors carry?
- What processes do vendors use to ensure accurate a safe data transformation and management
To help dealers vet their vendors – and as a guideline for vendors – Zonic has prepared a brief PDF download, Data Compliance Questionnaire, at https://zonicdesign.com/#home-form-section.
Last month the CCPA was amended by the California Senate, with two exemptions relevant to automotive vendors. These exemptions are:
- Loyalty programs, for which “certain prohibitions in the CCPA would not apply
- Warranties and recalls, exempting information retained or stores for purposes of warranty or recall-related vehicle repair
The International Risk Management Institute notes that the CCPA allows any consumer to demand to see all the information a company has saved on them. This invitation extends to third parties with which this data is shared. CCPA now requires that companies must have visible website footers offering consumers the option to opt-out of data sharing.