Crime Scene Investigation: What’s the Chain of Evidence For Your DMS Data?
by Mike Esposito, President and CEO, Auto/Mate Dealership Systems
Heinous crimes are being committed, day after day in auto dealerships around the nation. Somehow the valuable data in your dealership management system (DMS) keeps ending up in other dealers’ hands. How is it that your competition across town knows that one of your customers is six months away from coming off a lease? How is it that one of your most loyal customers who has purchased three Toyotas from you, has just received an email offer from a competing Toyota dealership?
What nefarious forces are afoot, you wonder, and well you should. Is someone stealing your precious data? Is your DMS provider giving your data away? Before we start pointing fingers, let us follow the Chain of Evidence.
In a Crime Scene Investigation (CSI) the Chain of Evidence is a series of events which, when viewed in sequence, account for the actions or location of a person or entity during a particular period of time. I submit the following:
- Mr. Dealer is required to sign up for a parts program with their OEM. Or, Mr. Dealer has decided to install a new software program from a third-party vendor. The agreement states the OEM or third-party vendor will be pulling or getting a push of the data on a daily basis from the dealer’s DMS.
- OEM or third-party vendor subcontracts the data push/pull duties to a data aggregator.
- Data aggregator receives the data. In their agreement with the OEM or third-party vendor there is a tiny clause in the fine print that allows them to share, resell or trade this data with several affiliates.
- Quite possibly, the OEM or third-party vendor is not aware of the fine print.
- Quite certainly, Mr. Dealer is not aware of the fine print.
- The data from Mr. Dealer’s DMS is resold, traded or shared with one, several, or for all we know, dozens of the data aggregators’ affiliates, and their affiliates, and so on.
From this Chain of Evidence, there is only one possible conclusion. The fiend responsible for giving your precious data to your competitors is none other than …you, Mr. Dealer! (Cue dramatic music and shocked face)
Yes, you are the party responsible for signing an agreement without reading the fine print. You are the party who failed to ask the pertinent questions. Your third-party vendors are not doing anything illegal or even unethical. Your DMS provider is obliged to do what you tell them, which is to give a third-party vendor or aggregator unrestricted access to your data.
The good news is, I think you have a pretty good case for self-defense. After all, you don’t know what you don’t know. But now that you do know, you can avoid being part of this twisted, diabolical chain of evidence, by taking the following steps:
- Review all contracts with third-party vendors. Require the language to be very specific regarding what type of data is needed, how often and from which part of the system. This is where your DMS provider can offer the most help, by performing monthly audits and providing dealers with the above information. That way the dealer can check and see if vendors are indeed pulling the agreed upon information.
- Insist on the removal of all language that relates to sharing or re-selling information. However, if doing so is required for the vendor to do their job, this won’t be an option. In this case, demand to know what type of data is shared or sold, and to whom – including the specific names of all affiliates.
- Request to see the agreements between data aggregators and their affiliates, and demand the same type of language be in their agreements, so they know what the affiliates are doing with the data.
- Insist you have the right to full transparency in terms of what purpose(s) the data is being used for, from both vendors and their affiliates.
- Review all agreements and ask who is actually accessing the data, then ask to see the agreements between the third parties and any vendors they sub-contract access to.
- Once every few months, enter in a false customer profile with a personal email address that you set up for the purpose of tracking what companies are soliciting to your customers.
- Daunting? Yes. One vendor may have half a dozen affiliates, and some of those affiliates may have affiliates. There may actually be up to a dozen parties involved in a single process.
- Worth it? Yes. The fact that your competitors can buy your customer data is beneficial to them and harmful to your business.
If you, the dealers, don’t stand up for your right to know who is selling what to whom, then who will? Take a stand, ask questions and follow the Chain of Evidence until you are completely satisfied that nobody is sharing or selling your data. You are now released on your own recognizance.