Data security is the main reason that CCC Information Services decided to launch the Secure Share network and stop supporting Estimate Management Standard (EMS) files, a CCC executive recently told collision repairers.
Speaking at the July 25 Collision Industry Conference (CIC) in Chicago, Mark Fincher, vice president of market solutions for CCC, reiterated the company’s previous statements that the cloud-based Secure Share network – launched on April 4 – will provide a more secure platform for body shops to exchange estimating data and other repair information with third-party app developers.
“We invest millions of dollars today in securing repair-facility information within our own internal systems,” Fincher said. “Meanwhile, this information is sitting on thousands of shop servers or shop PCs completely unencrypted and accessible, in some cases, to third parties or potential breaches.”
That isn’t the case with Secure Share, Fincher asserted.
“Secure Share allows that information to remain in the CCC ONE cloud in a secure fashion, and we’re able to transmit that data to a third-party application through a secure connection to their cloud so that information is never left unencrypted sitting on a server or a PC within the shop,” Fincher said.
Coinciding with the launch of Secure Share, CCC announced that it will stop supporting EMS files in April 2018 and will transition to the Collision Industry Electronic Commerce Association’s (CIECA) new Business Management Suite (BMS) data-interchange standard.
The shift to BMS files will provide a number of benefits to collision repairers, Fincher asserted, including enabling body shops to control the distribution of their data.
Whereas the EMS file is an “all-or-nothing message” containing 604 data fields, according to CIECA, the BMS format enables repairers to pick and choose the data that they share with app providers. CCC provided this example: A CSI app only would receive data that’s relevant to conducting a CSI survey – not the full estimate.
App providers have restrictions on how they use the data from body shops, Fincher added.
“The app provider does not have the ability to just share that information with anybody that they want to,” Fincher explained. “You, as a repairer, retain control of that information and know that it’s only being used for the purpose for which you designated that. And because this is all part of the platform, we have the ability to log that information inside of CCC ONE so within the work file you’ll know exactly who you shared that information with and when that information was shared, to protect you and mitigate that risk of having unsecured data sitting on your PC.”
He also said that Secure Share will make it easier for companies to develop apps for collision repairers.
“We strongly believe that EMS is a barrier to new innovation for the industry today,” Fincher asserted. “Because a data pump is required and/or shops are required to upload this data to a website, for new application providers to come into this industry and provide new innovative solutions to collision repairers is a very expensive proposition for them. It’s hard to get at that data, and we believe that Secure Share is going to open that up and bring new innovation to the industry.”
Who Owns the Data?
At the time of CIC, 19,000 body shops had access to Secure Share, according to Fincher, and more than 50 companies had applied to have their apps available on the Secure Share network. At the time, CCC had approved seven apps.
Although there’s no fee for body shops to exchange data via Secure Share, there’s a 50-cent-per-workfile transaction fee for app developers to access the shop data. Fincher defended the transaction fee, noting that CCC’s investment in building the architecture to process thousands of transactions per minute is significant.
“We set the price at 50 cents a transaction because we believe that’s a fair and equitable price for us to recuperate our costs,” Fincher said. “Down the road, we will make some profit on this – I don’t deny that at all – but that’s what we do. We’re a software company that builds software to forward our business. So we think the price is fair and equitable for all the participants in the industry.”
CIC organizers anticipated so many questions for the Q&A session with Fincher that they asked audience members to submit their questions in writing for moderators to read. The first question – read by Automotive Service Association President Dan Risley – asked: “Who owns the data?”
“There are a lot of people who claim ownership to that data,” Fincher responded. “I will say that CCC does not. Repairers, insurers, OEMs and other companies that we source that data from all claim ownership to the data.”
Risley also asked if there have been any instances in which shop data has been breached or compromised since CIECA introduced the EMS standard in 1994.
Fincher said he wasn’t aware of any significant data compromises “other than data being shared with companies that shouldn’t have had that data.”
“But we don’t want to be in a reactive mode,” Fincher added. “We are processing thousands of files per day. There are thousands of collision repair facilities that are using this data that’s sitting unencrypted. The last thing we want to do is be in a reactive mode. … That’s why we’ve set out a plan that gives the industry and app providers almost 24 months to prepare for this transition. We didn’t do this overnight, and we don’t want to be in a situation where we have to react and do this overnight. We want to give the industry plenty of time to implement this new solution.”