Industry Advice ASK MIKE: How Can Shops Talk to Customers About Data Sharing?WMABA’s 2024 Insurer Survey

with Mike Anderson

This month, we “ASK MIKE” for his thoughts on how shops can talk to customers about the possibility of data sharing. We at Hammer & Dolly hope you find the following exchange useful, and we encourage you to reach out to us if you have a question for Mike on this or any industry-related matter that he can answer in a future issue.

Hammer & Dolly: There’s a lot of information generated during the repair process, and there are concerns about that – both in and out of the industry. What are some ways that shops can talk to their customers about the information that’s been gathered, how it’s used and the protections that are in place to keep it safe?

Mike Anderson: I’m sure there are a lot of people in our industry who have thoughts on where certain data comes from and how it’s probably being shared with entities like CARFAX. Unfortunately, nobody has come forward in a public forum to present facts and information on how data is being shared. If you have a conversation with a customer in advance of their repair about the possibility of their data showing up on CARFAX, that could open a can of worms. If you do it after the fact, you could end up dealing with an unhappy customer. Unfortunately, I don’t have a clear industry-wide answer – but if you’re asking me how I would respond to that question, let’s start by taking data privacy out of it. No matter what, you need to start by making sure you have a good customer authorization form that authorizes you to dismantle or work on the vehicle and indicates your charges and payment options. Even 10 years ago, we’d need an authorization form to scan a vehicle or share data with a third-party payer. 

I know of a situation where a shop scanned a customer’s vehicle for a rear-end hit. The customer said the navigation unit hadn’t been working since the accident, but the data from the scan showed that the navigation stopped working six months prior to the collision. The shop later shared that information with the insurance company, which said it wouldn’t pay for that navigation unit. The consumer then went after the body shop and said, ‘You didn’t have my permission to share that information.’ 

Obviously, there have been various discussions in the industry as to who owns that data. Does the car own the data? Does it belong to the consumer? What about the insurance company or the lienholder? I don’t have an answer – and perhaps the question will be resolved in a court of law someday – but I do believe that you need to let the customer know in the authorization form that you’re going to scan their vehicle, explain what the word ‘scan’ means and that the information may need to be shared with a third-party payer to justify repairs. You’ll also need to inform the customer that you’ll perform a test drive to achieve the set conditions as part of the repair process. 

If the vehicle is a total loss, the customer still has personal data – everything from phone contacts to the GPS coordinates for their home – in it. That’s more data we need to consider. Shop may want to ask the customer if they want that personal data erased before the vehicle is released to the salvage yard. Then there’s the data that could end up on CARFAX, and that’s a difficult area to address right now. At the end of the day, I don’t know whether to advise shops to have that conversation with customers at the beginning or to suggest they wait until those customers come to them to talk about it. But whenever you have that conversation, it’s important to say to them, ‘We don’t share your data, but there are systems we have to use to write the damage analysis on your vehicle, order your parts and work with your insurance company.’ Talk with them about the ways that data could be shared, but also reassure them that you’re not the one doing it. I don’t know a single shop that’s sharing customer data with CARFAX. 

On a related topic, shops need to be aware of the dangers of being hacked and held ransom for bitcoin. I know of at least 13 shops – independents, dealers and MSOs [multi-store owners] – that had that experience. As of now, none of them have been able to get out of it because none of their IT sides were set up for it. Make sure to check with your insurance company to confirm that you have coverage for it. Some business insurers offer training modules that employees can take to help them be more cautious of clicking or selecting something online that could get them hacked. 

H&D: This all seems to be a variation of the standard advice given to DRPs to review their contracts before signing on the dotted line – only this time, all shops are encouraged to read their EULAs [end-user license agreements] before agreeing to do anything. 

MA: Shops need to read those agreements with any software provider – whether it’s a scan tool, your computerized measuring or paint-mixing software or your estimating and management systems. Reading those EULAs is very important. 

Want more? Check out the March 2024 issue of Hammer & Dolly!