DataTouch launches tool to control software data pumps, what that means for PII protection
By onBusiness Practices | Technology
DataTouch now offers a technology that the company says provides repair shops with control over software data pumps that have been installed on their computer systems.
Called Data Pump Manager, the new DataTouch tool is designed to share only the correct estimate and needed repair information to conduct business with each service provider, according to a company news release.
Pete Tagliapietra, managing director of DataTouch, said the company continues to design data security software that gives shops complete control over estimates, personally identifiable information (PII), and repair information.
“Installed data pumps on a shop computer system do not exert control to copy only the estimate that is relevant to the transaction,” Tagliapietra said in the release. “Each installed data pump typically takes a copy of every estimate that is created by the shop, using the estimating system software.
“DataTouch supports standardization and CIECA standards; however, we want to ensure transactions are secure and third parties don’t proliferate PII. DataTouch software tools put a security blanket around EMS and BMS.”
CIECA will hold a webinar April 25 to share information about its new API standards (CAPIS). Architecture Chair Dan Webster with Enlyte, Mike Hastings and Jeff Schroder with Car-Part.com, Andy Bober with Entegral, and CIECA’s Paulette Reed will participate in the discussion.
Tagliapietra noted with the announcement of Data Pump Manager that it’s well-recognized within the collision repair industry that some companies repurpose the copied estimate information, compile it, and sell it for profit to the detriment of shops, insurance companies, and their mutual customers.
For example, in 2022, Society of Collision Repair Specialists (SCRS) Executive Director Aaron Schulenburg shared that a third-party company reached out to him offering to sell data that they said could be a business opportunity for his member shops. The company suggested using the information to contact customers who recently received quotes from other shops to solicit and capitalize on them having repairs completed at their shop instead. That information included everything from full name, home address, email, and cell number to VIN, insurance carrier, and more.
According to Schulenburg, the company confirmed the word “quotes” was being used as a stand-in for “estimates,” and that the quotes could be from insurance carriers or shops.
In a panel discussion that followed with Silver, Golub & Teitell attorney Steven Bloch, Pete Tagliapietra with DataTouch, and Tom Allen with ConditionNow, Tagliapetra said Schulenburg’s discovery is an example of the “size and magnitude of the problem” that shops are faced with — how is the data being taken?
The answer, according to Tagliapetra, is either data pumps or software controls running on shop computer systems unbeknownst to shop owners and employees that grab and scrape data from every saved estimate, aggregate and compile it then sell it to vehicle history reporting companies for “a nice profit margin.” And the kicker — there’s no way to know what data is being scraped if data pumps or software controls are running.
Tagliapietra recently explained that Data Pump Manager, like the other software security tools offered by DataTouch, interacts with all three estimating systems and doesn’t disrupt the collision shop’s current workflow.
“The owner of the data must have the choice whether or not to opt-out with repair estimates being shared,” he said.
At the upcoming April 17 CIC meeting, the Data Access Privacy and Security Committee will continue its ongoing presentation on vehicle history reports with a panel discussion featuring Experian, which produces the AutoCheck® vehicle history reports. The panel will explore the process to remove data as well as deeper insights into data acquisition.
In January, DataTouch launched VINAnonymize, a technology the company says prevents collision repair estimate information from being used by vehicle identification number (VIN) reporting services, such as Carfax and Experian AutoCheck.
The software is designed to allow a shop user to anonymize a VIN, and in turn, help protect customers’ PII. Data Analyzer and Data Auditor are also offered by DataTouch.
Data Analyzer helps collision repairers identify what data pumps are running on their facility’s computers and Data Auditor helps identify what information and how often it’s being swept from shop computer systems, according to DataTouch.
In January CCC Intelligent Solutions Inc. (CCC) also announced the release of a new data security feature for collision repairers who write estimates on cccone.com. The new feature allows repairers to redact the last six digits of VINs and PII including first and last names, addresses, phone numbers, and email addresses before sharing estimate information via EMS export.
There is no additional charge for the feature. Product Management Vice President Mark Fincher said at the time that CCC is “constantly seeking opportunities to create more value for our customers and help them protect their data.”
In February, an article published by Insurance Thought Leadership, written by insurance solutions and insurtech consulting executives, that the collision repair industry and auto insurance carriers need to take further steps to protect consumer data as technology and privacy crimes advance.
“Our focus in this piece is fairly narrow — namely the unauthorized use of personal information in the auto insurance claim reporting, damage evaluation, and collision repair process,” the article says. “While this is just a subset of the broader data privacy issue, the implications are quite serious and affect millions of consumers, insurers, and their supply chain partner and present exposure to hundreds of supply chain participants.”
Images
Featured image: Logo provided for use by DataTouch