I've been thinking lately (often dangerous) and a few concerns keep haunting me...
The first is, what implications do new and pending internet privacy laws have on dealers? For example, we are required to allow people to "opt out" of distribution of their personal info to any third parties. What happens when we send the customer's info to the manufacturer when submitting a warranty claim after the customer opts out? Are there sufficient legal disclaimers and authorizations in the warranties to allow that? I'm sure the factories are covered, but what about us? Do we need to start adding more caveats and disclaimers to our documents?
More thoughts on the implications of the internet in our lives to follow.
------------------
Jack Daniel, MCSE+I, CCNA
Systems Admin
South Shore Imported Cars
Internet communications and new liabilities
5 posts
• Page 1 of 1
Internet communications and new liabilities
by jdaniel » Mon Dec 02, 2002 6:01 pm
Wow, I'm glad I didn't start with the one about the legal conflicts between due diligence and pending internet security legislation as it relates to testing/verifying partner's and vendor's network and systems security. That might have scared people away...
- jdaniel
Internet communications and new liabilities
by Matt Parsons » Tue Dec 03, 2002 7:30 am
Jack, this is a topic that I am sure most people operating within automotive retail are unable to address. I like to think I am up-to-speed about the effects of IT and the Internet on auto retailing but admit this is an area that I have seen little written and even less spoken about.
Let's start this on an easier note and build up to your question.
What are dealers doing to protect my information as a client that resides within your systems? How easy is it for an employee to access my data and or 'copy' or 'remove' it for purposes outside of the dealership. The best example I can think of pertains to the high turnover in the sales area of dealerships. How common is it (or easy) that when a sales person leaves your employment that he/she can take a copy of your customer base to their new place of employment?
As a consumer, I have trusted very sensitive information to my dealer, including detailed information for financing purposes. What are dealers doing to ensure this data is properly protected?
On a second note, with the explosion of applications moving to the web, how are you ensuring your employees are not visiting inappropriate sites. I read in Automotive News about a store that was sued by a client when they were subjected to pornographic materials that were displayed on an employees PC's. Many dealers I visit still are treating Internet access as an employee issue versus a managed business issue. Allowing individuals to provide their AOL ID's and individual webmail or email accounts to clients that are not provided for, supported by, nor monitored by the dealership is a dangerous habit.
Let's start this on an easier note and build up to your question.
What are dealers doing to protect my information as a client that resides within your systems? How easy is it for an employee to access my data and or 'copy' or 'remove' it for purposes outside of the dealership. The best example I can think of pertains to the high turnover in the sales area of dealerships. How common is it (or easy) that when a sales person leaves your employment that he/she can take a copy of your customer base to their new place of employment?
As a consumer, I have trusted very sensitive information to my dealer, including detailed information for financing purposes. What are dealers doing to ensure this data is properly protected?
On a second note, with the explosion of applications moving to the web, how are you ensuring your employees are not visiting inappropriate sites. I read in Automotive News about a store that was sued by a client when they were subjected to pornographic materials that were displayed on an employees PC's. Many dealers I visit still are treating Internet access as an employee issue versus a managed business issue. Allowing individuals to provide their AOL ID's and individual webmail or email accounts to clients that are not provided for, supported by, nor monitored by the dealership is a dangerous habit.
- Matt Parsons
Internet communications and new liabilities
by jdaniel » Tue Dec 03, 2002 9:18 am
Fair enough-
I have raised concerns about employees access to company data, specifically our customer database, with the dealer. There is little that can be done as far as "trusted" employees while they are at work, but I do the following to limit access:
-We require that employees only use company email accounts for company business (by company accounts I mean accounts that we own/control) so that I can remove access from employees when they leave and redirect email to another employee.
-Remote access is restricted to those employees who actually need remote access.
-Logins to email, Reynolds, and various manufacturer sites are suspended or deleted when an employee leaves.
The issue of an authorized user making a copy of the infomation and using it in an unauthorized manner is a bit harder to control. We do require employees to sign a non-disclosure agreement when they are hired, but that leaves more to faith than I would like.
The web access issue is much easier to address, we used the built-in "Content Advisor" in Internet Explorer until issues with poorly designed manufacturer's web portals became an issue. (Volvo!)
I now run web filtering and anti-virus services on a server to control AND LOG all internet activity. It takes a while to fine-tune, but it is worth the effort to keep your environment clean. Pleasant side effects include increased usable bandwidth and control over the download of unauthorized programs.
I also routinely scan for "spyware" programs which can "leak" information to third parties.
[This message has been edited by jdaniel (edited 12-03-2002).]
[This message has been edited by jdaniel (edited 12-03-2002).]
I have raised concerns about employees access to company data, specifically our customer database, with the dealer. There is little that can be done as far as "trusted" employees while they are at work, but I do the following to limit access:
-We require that employees only use company email accounts for company business (by company accounts I mean accounts that we own/control) so that I can remove access from employees when they leave and redirect email to another employee.
-Remote access is restricted to those employees who actually need remote access.
-Logins to email, Reynolds, and various manufacturer sites are suspended or deleted when an employee leaves.
The issue of an authorized user making a copy of the infomation and using it in an unauthorized manner is a bit harder to control. We do require employees to sign a non-disclosure agreement when they are hired, but that leaves more to faith than I would like.
The web access issue is much easier to address, we used the built-in "Content Advisor" in Internet Explorer until issues with poorly designed manufacturer's web portals became an issue. (Volvo!)
I now run web filtering and anti-virus services on a server to control AND LOG all internet activity. It takes a while to fine-tune, but it is worth the effort to keep your environment clean. Pleasant side effects include increased usable bandwidth and control over the download of unauthorized programs.
I also routinely scan for "spyware" programs which can "leak" information to third parties.
[This message has been edited by jdaniel (edited 12-03-2002).]
[This message has been edited by jdaniel (edited 12-03-2002).]
[This message has been edited by jdaniel (edited 12-03-2002).]
- jdaniel
Internet communications and new liabilities
by jbob » Tue Dec 03, 2002 11:35 am
The dumbing down of computers (via the PC) and the easy access to telecommunication (via the internet)is indeed a double edged sword for businesses. On the one hand, it boosts productivity and speeds business transactions -- and fueled the "real" part of the economic growth of the late 90s.
On the other hand, it has created a whole new set of reasons why busineses - and auto retailers in particular -- must keep heightening their awareness and management of their IT. And the choices are still only two -- hire internal people to spend their time doing it (an option that may seem and indeed be a bottomless pit) OR at the other extreme rely heavily on IT providers such as ADP, EDS, R&R, etc.
I guess there is another option, but it flies in the face of the franchise model in place -- and that is factory controlled IT.
The privacy and liability issues are going to grow, and the solution always involves control of the IT -- and control costs. Are dealers ready to invest?
On the other hand, it has created a whole new set of reasons why busineses - and auto retailers in particular -- must keep heightening their awareness and management of their IT. And the choices are still only two -- hire internal people to spend their time doing it (an option that may seem and indeed be a bottomless pit) OR at the other extreme rely heavily on IT providers such as ADP, EDS, R&R, etc.
I guess there is another option, but it flies in the face of the franchise model in place -- and that is factory controlled IT.
The privacy and liability issues are going to grow, and the solution always involves control of the IT -- and control costs. Are dealers ready to invest?
- jbob
5 posts
• Page 1 of 1
Return to Dealers & General Managers
Who is online
Users browsing this forum: No registered users and 2 guests