Repairer Driven News
« Back « PREV Article  |  NEXT Article »

Read CCC responses to 1st and 2nd set of CIC Task Force questions on Secure Share

By on
Announcements | Associations | Business Practices | Technology

CCC has responded to a second wave of questions from the Collision Industry Conference Open Industry Data Access and Sharing Task Force about its plans for Secure Share, which could radically change how nearly half the country’s auto body shops share estimate information with their various business partners.

CCC during the July 25 CIC discussed its vision for the platform, which offers additional efficiency, convenience and security but raises cost and control issues. Its comments then and responses to the first and second sets of task force questions should alleviate — or exacerbate — industry concerns. Read our coverage of the live CIC event and the Q&A below and see what you think. (Formatting and mild stylistic edits by Repairer Driven News.)

CCC’s Responses to 1st list of questions

The Program: (CCC’s comments regarding the following Task Force questions) We direct you to https://www.cccsecureshare.com/. Under the program, third parties that currently pull EMS extract data from collision repair systems, both in an authorized and unauthorized manner; will be directed to Secure Share to access estimate data via BMS formatted messages when authorized by a repair facility to do so. After an introductory period to allow all affected parties to get up to speed, such third parties will be subject to the Secure Share program per unique workfile fee. Repair facilities will control the flow of data via Secure Share by configuring CCC ONE® Estimating (“CCC ONE”) to permit data sharing with third party applications of their choosing.

Although not grounded in fact, we have heard of concerns that CCC will unfairly manage the Secure Share program, or even slow data flow for competitors. As evidenced by the terms of the program as well as its rollout, a fair approach has been taken to make Secure Share accessible and not to adversely impact either application providers or CCC customers while achieving the core objectives of the program. As many of you are aware, in the past several months we have worked with application providers to resolve concerns regarding the program. CCC takes seriously the provision of data control and data security to its customers. Any other conclusions as to the intent of the program or the terms around it are simply unfounded.

Specific program questions posed by the Task Force:

Q-1: Will CCC have access to all data transactions processed through Secure Share?

CCC Response: When data is received by an application through Secure Share, CCC will be aware of it. This is a fundamental security component and avoids “data pumps” that have historically concerned our customers. CCC will not otherwise have access to the details of the transactions that a repair facility undertakes with a third party.

Q-1 a): If yes, will CCC have access to all details associated with the data? (e.g.: part description, price, customer name, etc.)

CCC Response: Yes, and CCC has this detailed data today.

Q-1 b): If yes, what prevents CCC from gaining access to transactions that competing companies want to keep private?

CCC Response: We do not understand the inquiry, but if a repair facility and a third party wishes to transact business with their data outside of CCC ONE and Secure Share, they are certainly entitled to do so. We do not believe that Secure Share provides CCC with any competitive advantage, if that is the concern.

Q-2: Will all companies that use EMS today, such as Computerlogic, Alldata, OE Connection, Enterprise Rental Car, Hertz and others, be required to pay .50 cents per transaction to provide their services to CCC estimating or shop management system users?

CCC Response: Yes, any company using EMS that switches to Secure Share will incur the same fees; .50 cents per unique workfile.

Q-3: Does CCC pay CIECA any fees associated with Secure Share?

CCC Response: No.

Q-4: The Secure Share license agreement states that CCC may require or offer Certification for your Applications to comply with CCC’s guidelines, else the agreement is terminated. What does Certification involve and what are these guidelines? What language in Secure Share protects shops by allowing them to have the sole right to share their data with vendors of their choice?

CCC Response: The terms of the Secure Share documentation are available for your review. For precise language and context, we refer you to those documents. Application providers are, of course, expected to comply with the terms of the program, which are laid out in the program documentation. As to how repair facilities control where the data goes, they configure it within CCC ONE.

Q-5: Can a software company write a light application that does nothing but retrieve BMS from Secure Share and only certify that application?

CCC Response: No, data pumps are not secure and are not permitted under Secure Share.

Q-6: Can a software company. using the above. share the data retrieved from above with other vendors?

CCC Response: No, data pumps are not secure and are not permitted under Secure Share.

Q-7: Which data elements of Secure Share can be shared with another party? Assuming customer name is passed in the BMS, does CCC claim the right to restrict a shop from sharing any of its own data by virtue of that data appearing in the BMS?

CCC Response: The terms of the Secure Share program are available for your review. Of course, part of the security afforded by the program includes restrictions on the use and transfer of data. If an owner of data, whether it be a repair facility, an insurer, an OEM or a CCC licensor, desires to utilize its data outside of CCC ONE and Secure Share, it can do so if it is not in violation of the terms of its agreements with CCC.

Q-8: Who determines which segments of the BMS that a vendor has access to? What is the basis for making that determination? If a vendor comes up with a product modification that requires additional BMS segments. who determines whether they should have access to it in Secure Share?

CCC Response: We have published app category guidelines that define the various application types we have found to be used in the industry. A related message is associated with and is assigned to the app based on its type. If product modifications place the app in a different category then it will be reviewed again and an appropriate message will be assigned based on the modifications. We have worked with several application providers already to modify the program by adding new application categories and data elements.

Q-9: If CCC denies access to a vendor that would have provided information that would have helped a collision repairer avoid fines or lawsuits (safety data. state or federal consumer laws) does CCC accept partial fault in the lawsuits because they are in essence determining what information a repairer needs to perform repairs?

CCC Response: We have not been presented with any specific issues along the lines of fines being imposed, lawsuits brought or of safety issues presented because of the Secure Share program. Please provide specific concerns and we will take them under consideration.

Q-10: If a collision shop uses free software from the public domain whose only purpose is to retrieve BMS from Secure Share and store it within the customers premise, a) would that software be allowed by CCC) would there be a 50 cent charge, and c) if there were a 50 cent charge, how does that reconcile with CCC’s statement that the shop doesn’t have to pay for the data?

CCC Response: No, data pumps are not secure and are not permitted under Secure Share.

Data Rights: (CCC’s comments regarding the following Task Force questions) Questions have arisen as to the impact on the data ownership rights of repair facilities and third party application owners. Nothing in Secure Share is intended to, nor does it, impact any such ownership rights. Although amongst them there may be unique claims to rights in data related to a repair claim, the various users of CCC products and services, as between them and CCC, own the data they input into those products and services. Of course, other parties, including data providers such as OEMs and database licensors also own data that appears within our products and services, and contract terms between CCC and its customers naturally acknowledge those rights as well.

Q-11: By using Secure Share does the shop or app developer give up ownership of their data?

CCC Response: We cannot identify anything in the program documentation that changes any party’s current data ownership. Please provide further detail and we will look into the concern.

Agreement Terms: (CCC’s comments regarding the following Task Force questions) Questions have been presented that essentially ask CCC to verify terms in the Secure Share documentation that are readily available to you. We direct you to those documents to confirm their content. The Secure Share program has been put together as a comprehensive platform similar to what you would find in any app store and, similarly, requires similar legalese. Such documents are necessarily drafted to apply to a wide range of factual scenarios. Many of the terms and conditions lend some flexibility to the program, which is intended to both work in the favor of application providers (CCC can, as it has already done, add data workfiles readily) and CCC repair customers (to swiftly take action if required by a customer or, for instance, data privacy laws). If you scrutinize many of your own or similar types of third party agreements, you will find similar terms – for example, many agreements retain the right to modify terms and conditions, to revoke account access, etc. We suggest any legal terms be considered in the context of their application to the actual implementation and management of Secure Share. CCC’s utmost priority is serving the interests of its customers, which includes facilitating and advancing their ability to connect, communicate, and conduct commerce with the parties they choose. The suggestion that the intentionally drafted broad legalese might be used to disrupt our customers’ ability to conduct any of these core functions is simply not consistent with our business model, track record or proven commitment to customers.

Q-12: Does the Secure Share license agreement state that CCC may reject or terminate access to the API Documentation for any reason?

CCC Response: For precise language and context, we refer you to the program documents. This is common language for legal agreements of this nature.

Q-13: Does the Secure Share license agreement state that CCC may terminate Agreement and revoke access to Account Information/Data for any reason, at any time?

CCC Response: For precise language and context, we refer you to the program documents. This is common language for legal agreements of this nature.

Q-14: What language in the Secure Share license agreement prevents CCC from raising the price of Secure Share from .50 cents a transaction to $1.00, $1.50 or $2.00 per transaction?

CCC Response: For precise language and context, we refer you to the program documents. As previously explained, CCC is making a significant investment in infrastructure, software development, cloud hosting, additional security measures and the ongoing support of Secure Share. It is a standard industry practice for third party app developers to pay a fee for cloud-based APls in order to offset the costs associated with the development and support of those interfaces.

Q-15: What language in the Secure Share license agreement prevents CCC from limiting or slowing down data to their competition? For example, what would prevent CCC from limiting, slowing down or preventing data from reaching other Information Providers, parts procurement or claims management companies?

CCC Response: For precise language and context, we refer you to the program documents. We are not aware of any such restrictions, CCC prides itself on providing industry-leading service to our customers, and we view Secure Share application providers as customers. We also expect similar programs from others in the future, and would expect nothing but the same treatment from others in the industry.

Q-16: The Secure Share license agreement states that CCC may develop products which are competitive with your Application, irrespective of their similarity to your current products. By using Secure Share, does the Application developer give up copyright protections?

CCC Response: We cannot identify anything in the program documentation that conveys any intellectual property rights, including copyright, from one party to another. Please provide further detail and we will look into the concern.

Q-17: Does the Secure Share license agreement state that CCC may modify the terms and conditions of the Agreement at CCC’s sole discretion. your only recourse being to terminate the agreement and lose access to Secure Share?

CCC Response: This is common language for legal agreements of this nature. This type of legalese lends flexibility to the program, which is intended to both work in the favor of application providers (CCC can, as it has already done, add data workfiles readily) and CCC repair customers (to swiftly take action if required by a customer or data privacy laws). If you scrutinize many of your own, or similar types of third party agreements, many retain the right to modify terms and conditions. Again, we suggest any legal terms be considered in the context of their application to the actual implementation and management of Secure Share.

CCC’s Responses to 2nd list of questions

Q-18: We understand that 3rd party vendors will be billed .50 per work file coming from the CCC-One Estimating application. Will CCC charge a fee for files coming from CCC’s Management System?

CCC Response: CCC Secure Share only exports data from the CCC ONE Estimating application.

Q-19: CCC does not allow app providers to share Secure Share Data with other entities. This prevents an app provider from combining estimate information with information from their own software to provide a report to a third party, for example, a report showing the savings from replacing a part on the estimate with a newly found part. This report may need to go to a shop, its franchisor, and/or its DRP insurer. Is CCC going to prohibit third party apps from providing these kinds of reports?

CCC Response: CCC Secure share does not prohibit an application provider from allowing its customers to use the application for its intended purpose.

Q-20: By definition, for a market to be competitive, alternative choices must be readily available, thus a purchaser of services can make a choice that is in the best interest of themselves and their customers. Why is CCC not giving shops the option to continue using EMS. if so desired? If the shop or one of their business partners finds value in using Secure Share they can make a business decision to go along with paying CCC’s new fees. If they do not see value in the ‘Secure Share’ business model, they can continue doing business as before. This allows ‘freedom of choice’ to all parties in the industry and is not dictating to anyone how they must run their business.

CCC Response: Multiple parties within the collision repair ecosystem claim ownership of estimate data including, but not limited to repair facilities, insurers, vehicle manufacturers and others from which we source data. CCC Secure Share was designed based on feedback
from the industry to implement the CIECA BMS message and secure the data for those that claim ownership of the data. Continuing to support the CIECA EMS file will perpetuate the lack of data security that exists in the industry today.

Q-21: It is our understanding that CCC will not charge its shop customers a fee for importing the estimating data into CCC’s management program. If CCC charges a 3rd party bodyshop management system provider a fee to import that same data into that 3rd party’s application. is that not un-fair competition?

CCC Response: CCC ONE is a unified platform. There is no import and export of data within the platform. We do import EMS files from Mitchell and Audatex and we have stated in the past that we would be willing to pay for a similar solution offered by those providers and we would not pass those costs on to our customers. We believe that CCC Secure Share is an appropriate approach to address the security issues it is intended to address.

Q-22: Will all 3rd parties have exactly the same terms and conditions in the Secure Share contract that they must sign? If not, why, and what terms and conditions would be different?

CCC Response: As with most platforms, all 3rd parties will be bound by the same material terms and conditions of use for Secure Share. Any updates made to these common terms of use will be published and will be applicable to all parties per the terms of the CCC Secure Share Registration agreement and CCC Secure Share Application Publishing Agreement.

Q-23: Will CCC make any exceptions to any company regarding the CCC mandate that they must sign the Secure Share contract in order to receive BMS data from CCC? For example, will QuickBooks be required to sign the Secure Share contract?

CCC Response: We have had the concern around QuickBooks and other accounting systems raised recently. We are currently evaluating the questions presented.

Q-24: CCC does not allow app provider A to share Secure Share Data with app provider B. This restricts any app provider from correlating estimate information with its own information and communicating the combined information to another app which is part of a workflow occurring outside of the CCC estimate. There are many examples, including workflow tools and shop management systems that interface with other software, and parts locating, procurement, and reporting systems.

Q-25 a): Does CCC intend to prohibit app providers from correlating estimate information with their own information and sharing the combined information with other software providers?

CCC Response: CCC does allow app providers to correlate data with other app providers by the use of a Document ID. The Document ID can be passed from App Provider A to App Provider B. Provided App Provider Bis registered with CCC Secure Share and the shop has approved App Provider B, App Provider B can use that Document ID to retrieve the appropriate message for the designated workfile from CCC Secure Share. App Provider B’s request will be logged in the workfile so the shop has a record of App Provider B accessing the data. CCC has requested that the task force provide specific examples of use cases not addressed by this enhancement to the CCC Secure Share solution.

Q- 25: In several responses to the first set of questions asked by the Task Force CCC criticizes the use of ‘data pumps’ and, for all practical purposes, conveys the idea that they are dangerous or evil. For example, in responding to the first question of that questionnaire CCC responded, “This is a fundamental security component and avoids “data pumps” that have historically concerned our customers.” And in response to question five they said, ” … data pumps are not secure and are not permitted under Secure Share.” Throughout the Secure Share agreements 3rd party companies, other than CCC, are prohibited from being a ‘data pump’ for a shop. Is CCC the only company in the collision industry that can be trusted to be a ‘data pump’ for bodyshops and are bodyshops not capable of making their own decision as to who they would trust to provide them the same level of security for their data as CCC claims they will provide?

CCC Response: Multiple parties within the collision repair ecosystem claim ownership of estimate data including, but not limited to repair facilities, insurers, vehicle manufacturers and others from which we source data. CCC Secure Share was designed based on feedback from the industry to implement the CIECA BMS message and secure the data for those that claim ownership of the data. Continuing to support the CIECA EMS file will perpetuate the lack of data security that exists in the industry today. All app providers using CCC Secure Share will employ the same level of security as CCC to transmit information securely over the internet.

Q-26: In their response to the Task Force’s last questionnaire CCC stated, ” … if a repair facility and a third party wish to transact business with their data outside of CCC ONE and Secure Share, they are certainly entitled to do so. We do not believe that Secure Share provides CCC with any competitive advantage, if that is the concern.” Our question then is; how does a 3rd party get access to a shop’s data without signing a Secure Share contract that dictates how that 3rd party can then use that data in the future?

CCC Response: Repair facilities have other options for conducting business, for example, the option to key information directly into a third party application without the use of CCC Secure Share.

Q-27: CCC Secure Share does not allow app providers (including parts locating, procurement, and reporting systems and shop management systems) to write information back into the estimating system (such as changing a part type, changing a vendor, changing a part number, etc.). CCC also does not provide enough fields in the parts message for parts locating, procurement, and reporting. Is CCC willing to use Secure Share exclusively (with the same set of rules as app providers) for its own shop management system and its parts locating, procurement. and reporting system when these systems are communicating with (1) the CCC estimating system, (2) each other, or (3) other software?

CCC Response: CCC Secure Share does contain an API that allows third party application providers to post part price changes back to CCC ONE in the same manner it provides the EMS parts price change file. CCC Secure Share also passes vendor information in the BMS file in the same manner it passed vendor information in EMS file.

CCC has made many enhancements to the existing messages based on app provider feedback. In addition, CCC has created 10 new messages since inception based on requests from app providers. If there are additional fields required for the Limited Parts Message defined in CCC Secure Share please submit a request and we will review that request for potential inclusion in a future release.

Q-28: In their previous response to questions CCC stated, “CCC’s utmost priority is serving the interests of its customers, which includes facilitating and advancing their ability to connect, communicate, and conduct commerce with the parties they choose.” If that is the case, why is CCC not giving shops the ‘freedom’ to do business with business partners who do not want to sign an agreement with CCC in order to have access to their data?

CCC Response: By no means does CCC limit the business partners a shop may choose.

CCC Secure Share website

Collision Industry Conference Open Industry Data Access and Sharing Task Force website

CCC answers to first two sets of task force questions

CIC, July 25, 2017

CIC task force slides

CIC, July 25, 2017

CCC Secure Share presentation slides

CIC, July 25, 2017

Images:

Collision repairers can access CCC Secure Share through the “Configure” menu option. (Provided by CCC)

From left, Mark Algie of 3M; Rick Palmer of ComputerLogic; and Dan Risley of the Automotive Service Association listen to Mark Fincher of CCC during the July 25, 2017, Collision Industry Conference. (John Huetter/Repairer Driven News)

A CCC dashboard prepares users to interact with its new Secure Share program. (Provided by CCC)

This slide for CCC Secure Share vendor QCIQ demonstrates how a shop can control which data is sent to a vendor. (Provided by CCC)

A CCC screenshot shows options related to its Secure Share program. (Provided by CCC)