News: Last Chance for Collision Repairers to Grade Insurers
SCRS, AASP and ASA contend that companies could be collecting business information without shops’ consent, in some cases selling it to third parties.
The Society of Collision Repair Specialists (SCRS), Automotive Service Association (ASA) and the Alliance of Automotive Service Providers (AASP) have issued a joint statement voicing concern over how estimating and management system providers could be collecting and using shops’ business-generated data. The groups contend that these companies may be collecting business information without shops’ consent, in some cases selling it to third parties.
The groups are asking the these companies give shops the option to keep this information private rather than making information sharing a requirement.
The statement is reprinted below:
The issue of data ownership is of ever-increasing importance to both consumers and businesses as technology expands the landscape of digital trade, and the collision repair industry is not immune to concerns relative to ulterior use of business generated data. During the past several decades, the estimating and management system companies have increased their product offerings beyond core estimating and management functions for repair facilities. Their scope of services presently includes the collection, generalized aggregation, analysis, and sale or provision of repairer data to third parties. Collision repairers contend that:
The collection of data is unilaterally demanded as a point of sale requirement for every estimating system option offered in the market, barring repairers that wish to provide electronically generated estimates from having the option of keeping their business data from being utilized for unauthorized purposes.
The information that is harvested from the collision repairer’s system is being used for purposes other than those that the subscriber had intended when contracting to use the estimating system software.
The information is used by secondary customers in ways that may ultimately be detrimental to the subscribing end-user who generated the data.
When this issue was first broached several years ago, one primary response on the part of the estimating system providers was that the only data being captured was that obtained via the upload of Direct Repair (DRP) estimates, and those end-users had implicitly waived any data ownership rights by agreeing to upload estimates as a condition of their participation in the (DRP) program. They also claim that no privacy rights have been violated since the information is all collected in a depersonalized manner and presented as an overall aggregation of data collected. While we continue to contest the validity of both positions, the advent of cloud-based platforms has expanded the data collection potential to include any businesses utilizing the server-based programs. It has also expanded the potential of data mining from only estimating programs to the possible inclusion of information generated from business management programs or other technology-based service platforms.
The Information Providers may seek to reassure the collision industry that they have taken all necessary steps to safeguard repairer/consumer information from data privacy breaches. While the data may remain safeguarded from threats in the traditional sense of electronic security, the members of the collision industry remain concerned that the information is not necessarily safeguarded from the technology firms themselves who have built in contractual permissions to force the industry to permit utilization of the data in ways that were not intended or expressly approved by their customer base. We believe it is long overdue for our industry to have the express option to either "Opt In" or "Opt out" of allowing technology firms to have access to ancillary uses of our data as a point of sale requirement to utilize the necessary tools once intended to aid the industry in running our businesses.
This statement serves as a public request from the collision repair industry to Audatex, CCC, Mitchell and other technology firms who collect data. The industry seeks removal of contractual clauses within End User License Agreements which require permissive access to aggregate and collect end-user data as a point-of-sale requirement to purchase those programs. Further, we believe that if a business is to permit their data to be mined, they should be entitled access to an annual report specifically indicating where that data was used, and a list of parties that received reports utilizing data from the user’s system. We believe the ability for businesses to choose participation in the data collection process is a reasonable solution, and we look forward to your response.