News: CIF Announces Support for Repairers Impacted by Hurricane Ian
As the use of cloud computing has increased, so too have repairers’ concerns over how their data is being used. So how is it being used? And are repairers’ privacy concerns justified? We try to separate fact from fiction and see if the positives outweigh the negatives.
Cloud computing: A type of computing based on sharing computing resources rather than having local servers or personal devices to handle applications.
If you’ve never heard of cloud computing before, it might conjure up an image of angels tapping away on Macs or PCs. Or maybe the ability to tap into the Internet while you’re on an airplane. In both cases, you would be way off…as far off as the clouds, you might say.
Basically, it’s the delivery of hosted services over the Internet. In the case of the collision repair industry, it’s software and information providers like CCC, Mitchell and Audatex delivering these services to repairers via the Internet. In this scenario, the software and data repairers use is stored not on their own servers but on the servers of the information providers.
Advocates of cloud computing say that those businesses that take advantage of it can reduce their expenses related to IT staff and hardware and software upgrades. Plus, end users have the ability to access their network of information from a broader amount of locations. For instance, a production manager doesn’t have to be tied to his desk but instead can be on the floor updating repair status, typing notes on his smart phone, etc.
More specifically, they say that cloud computing offers end users a longer, more sustainable hardware purchase because each update won’t take up residence on their desktops – which reduces the need to continually purchase the latest hardware to match the latest software.
Greg Horn, vice president of industry relations for Mitchell International, describes it this way: “I can sell you a disk and ship it to you, but then you have to insert it into your computer and install it. Plus, you have to make sure it can run based on your computer’s capabilities. That’s a big problem because the majority of calls to our customer assistance unit stem from the fact that the program wasn’t properly installed or there’s some sort of deficiency in the customer’s computer system.
“With cloud computing, I can send you a link to the Internet, and you’re in. That’s all it takes. All the heavy lifting happens in the cloud. And upgrades happen automatically and instantly, so everyone can be on the same version of the product.”
Another advantage to cloud computing, proponents say, is security. Jim Dickens, general manager of the automotive market segment of CCC Information Services, Inc., cited an example of a shop in Virginia that was not cloud computing and as a result lost all of its files when the building was struck by lightning and burned to the ground. On the contrary, a shop in Nashville using the cloud that had its computers destroyed by flooding only had to buy a new computer, connect it back to CCC One and log on to be back to doing business with all of its data intact.
While most repairers can appreciate these cost savings and conveniences, some are uneasy with the concept of their private business and customer information residing somewhere out in the Internet and the possibility that it could be used for unintended purposes. Some are even going as far as to say that this data is being used to justify paying them less for the services they offer – or is being sold outright to interested parties.
• The underlying concept of cloud computing dates back to the 1960s, when computer scientist John McCarthy predicted that “computation may someday be organized as a
• When telecommunications companies began offering “Virtual Private Network” services in the 1990s, they used a cloud symbol to differentiate between what was the responsibility of the provider and what was the responsibility of the user.
• The first scholarly use of the term cloud computing was in a 1997 lecture by Ramnath Chellappa, who is currently a professor of informations systems and operations management at the Goizeuta Business School, Emory
As opposed to the issue of steering, which the vast majority of repairers understand to be a major issue in the industry, data privacy seems to not rank very high on repairers’ list of concerns. But Society of Collision Repair Specialists Executive Director Aaron Schulenburg says it should.
“Issues like labor rate suppression, control over repair costs and customers being swayed from using shops are top of mind with all repairers, and because of that, data privacy hasn’t been scrutinized as heavily by them,” Schulenburg said. “But repairers who have taken the time to understand how this data is being used, and the ways in which it’s collected, aggregated and reported as ‘trends,’ have come to the conclusion that it can be considered a precipitator of many, if not all, of the aforementioned high priority concerns in the industry.”
At issue, Schulenburg says, are the reports issued quarterly by the information or database providers that he believes take this data and convey it to the industry as “trends.” The problem, he says, is that the data is mostly taken from those shops that have contractual relationships with insurance companies and thus is not representative of the entire market.
“These uploaded estimates don’t represent market door rates that are determined through competition in the marketplace, and therefore the data doesn’t really reflect the market,” said Schulenburg.
Schulenburg pointed to a recent example where one of these reports indicated that domestic vehicles and vehicles older than one year were receiving “lower hourly additional paint operations.” This information, he says, was then picked up by an insurance publication and distributed to carriers, who were told, “The good news is that the numbers seem to be trending in the right direction.”
“The report, using bits and pieces of our data, can now be used to apply further pressure on the repairer, ensuring that the trend is propagated in the market, driving down refinish repair values,” Schulenburg says.
Nick Kostakis, former president of the Alliance of Automotive Service Providers/New Jersey and owner of Angelo’s Auto Body in Irvington, New Jersey, has much the same view as Schulenburg, believing that the reports generated from this data ultimately serve to take dollars out of repairers’ pockets and put them in someone else’s.
“The information providers’ marketing literature for these ‘data analysis tools’ clearly promotes that the use of these tools enables parties to control claims severity,” says Kostakis. “When I write an estimate on my neighbor’s car, that document is intended only for myself and my neighbor. Now, cloud computing puts it in information providers’ safes, but neither I nor my customer intended for any of that information, regardless of aggregation, to be shared with other parties.”
But CCC’s Dickens is somewhat perplexed over the hubbub cloud computing has created.
“For 20 years, we’ve been collecting estimates that are shared between insurers and repairers and processing their data on their behalf to allow people to figure out how better to run their businesses,” he says.
He also takes exception to Schulenburg and Kostakis’s contention that the data aggregated is slanted toward DRP shops and used as leverage by insurers.
“[Their contention] makes sense if you just straight translate DRP responses to represent the industry,” Dickens says. “But we’re always careful when we aggregate information to not say that ‘this is the source of the data and this is how it’s collected.’”
Mitchell’s Horn said he and Schulenburg talked about the potential negative consequences of this information being perceived as representing the entire industry and at least agreed on some things.
“We agreed that what we are reporting may not necessarily be what’s happening on a given repair,” he said. “For instance, there are shops that don’t request an estimate or ask to be paid for some of the additional operations that they do in fact perform. But that’s the nature of the beast. There has to be offer and acceptance. There has to be an offer to pay from the insurer, and the shop has to accept it. It’s a legal concept. [Aaron] explained how insurers use it as leverage, but [Mitchell] leaves it on a national level, and we put caveats in our reports that this is a national average. But there are regional differences, no question.”
Safe and Secure?
With the growing trend of cloud computing, all information providers have been stressing to repairers that their private data is safe and will not be used for unintended purposes.
“We have a data policy that specifies that a shop’s data will be ‘de-identified’ when provided in an aggregated fashion, and that certain data will not be shared with third parties, regardless of consent,” says CCC’s Dickens. “This data includes: projected or actual gross margin of repair, labor cost (including employee wages, hours assigned, actual hours worked and projected or actual labor gross margin), internal notes and internal events (file history).”
Plus, Dickens says the information is even safer than it used to be when it resided on a shop’s own servers.
“It’s like comparing your mattress to your safe deposit box at the bank,” he says. “Cloud computing applications house software and data in secure facilities with permissioned access, versus local applications stored on a computer that sit in the open.”
Schulenburg has confidence the information providers have made this data secure from hackers, but is less assured that the information won’t be used in ways repairers didn’t consent to.
“What we need now is to be able to focus on the licensing agreements and ensure that the end-users both understand and agree how their data will or won’t be used,” he says. “We also need to ensure that end-users aren’t forced to provide consent to their service providers by other entities. The industry needs protocol that makes the use of the technology beneficial to the end-user rather than exploitative. At the end of the day, shops need to make rational business decisions and ensure that the contracts they’re signing serve and protect them as well as the other party.”
Shop owner Kostakis says the term “safe” is both ambiguous and misleading.
“To me, safe in the context of cloud computing means that they promise not to lose my data, not that they have other uses for it and I should trust that those uses will not hurt me,” says Kostakis.
As far as the rumor that shops’ information is being sold, Dickens said that’s pure poppycock.
“We don’t sweep the BMS extracts and then go off and sell those files to anybody,” he said. “We have a nice letter from CARFAX that we send to people that says, ‘We get no data from you guys.’ We haven’t found any good reason to do that, and we’re not sure we’ve even given ourselves the right to do that. Second, we’re not planning on doing it, and don’t foresee doing that any time ever. That’s not the business we’re in.”
All About Control?
“Control is the key word here,” says John Shortell, a former body shop manager who still offers his opinion on collision repair issues at www.bodyshopsolutions.com. “[The information providers] want control of every bit of information of every vehicle you work on. It’s a can of worms and a class-action lawsuit in the making.”
Shortell believes there is no reason the information providers need to store all of a shop’s information on their servers.
“They could have easily stored a shop’s estimates on the shop’s computer and then at night downloaded that information to their servers. But they know repairers are smarter than that,” he says. “They know that most repairers don’t want their data being used to help insurers see what they’re doing. They know that many repairers would disable their ability to access their data by closing their Internet connections. The only way they could guarantee to their insurance partners that repairers’ data would be accessible was to store all repairers’ information on their computers.”
But CCC’s Dickens flat-out disagrees. He says the reason CCC is promoting cloud computing is for all the aforementioned reasons – efficiency, cost savings and convenience for both CCC and the end user. He cites the recent success of a new launch of updated software that was done through the cloud.
“We started Monday morning, and by lunchtime every one of our customers had it loaded and installed on their computers and we didn’t get a single phone call about it,” he said. “But when we send out a new CD or DVD, we got thousands of phone calls, which means thousands of our customers have questions, issues and problems. That alone shows you that we can deliver a much better product through cloud computing.”
Regarding insurers, Dickens says, “The only data we share with them is the data the shops have agreed to share with insurers, which is the estimate – and that’s the estimate they specifically sent to the insurer. That’s at the request of the insurer and repairer, not us trying to control.
“If I’m an insurer and I do business with with repairers, I can look at their data they share and ask CCC to process it on my behalf and turn it into reports. What I can’t do is look at the repairers’ data they do with other insurers because frankly that is not my business. The same thing goes for repairers, who can look at the business they do with insurers and, if they would like to subscribe, we can process it and turn it into reports.”
As far as whether what the information providers are doing with collision repair facilities’ information is actionable in a court of law, Dickens feels that’s a slippery slope.
“Unless you have an intellectual property lawyer, you’re in a tough spot,” he says. “There are many people who claim ownership of the data in many aspects. Think about an insurer who sends an assignment or referral to a facility and may claim ownership over a number of fields of data – claims and policy information, the insured’s information, etc. And then the estimate is written and there may be claims to certain pieces of data around parts numbers, labor times and prices. And then you have the repairer pulling it all together and adding their content. So there are a lot of different perspectives on who owns what data and has what permissions.”
It seems that most of the collision repair community accept the fact that cloud computing is the wave of the future, but in an industry that grows more challenging to do business in by the day, they need to be assured that cloud computing is more of a help than a hindrance.
“Ultimately, we believe there should be greater transparency in how the data is being collected,” says Schulenburg. “Also, that repairers should have the choice to participate in the data collection process, rather than it being a point-of-sale requirement in order to use software that helps us run our businesses.”
Schulenburg said that repairers’ concern over the privacy of their data is a global concern shared by all industries. He cited a letter sent to the FCC by David Vladek, director of the FTC Bureau of Consumer Protection, that said: “The ability of cloud computing services to collect and centrally store increasing amounts of consumer data, combined with the ease with which such centrally stored data may be shared with others, creates a risk that larger amounts of data may be used by entities in ways not originally intended or understood by consumers.”
But Schulenburg also believes cloud computing can have great benefits in the form of reduced need for IT staff, reduced hardware and software expenses, and a greater ability to access an individual’s network of information from a broader amount of locations.
“If we can measurably fix the practices that compromise business data, the technology should in fact serve the industry well,” he says.
Perhaps Dan Nagy, co-owner of five-store Nagy’s Collision Repair Specialists in northeastern Ohio, put it best and spoke for other repairers when he said: “Do I like it? No. Is it reality? Yes. Repairers can talk all they want about their gradual relinquishing of control of the industry, but it is what it is. It’s happening and will continue to happen. All we can do is stay vigilant and make sure the playing fields are level.”
At this time, Kostakis doesn’t believe it is.
“If the playing field was level as the information providers contend, then we would have equal access to equivalent private data on the opposing parties’ practices,” he said. “Clearly, this is not the case.”