Data was the word on the minds of many dealers at the National Automobile Dealers Association (NADA) Convention & Expo in New Orleans this January. Some were looking for vendors to target specific data fields for marketing purposes. Others were more interested in solutions that will help them safely store and protect customer information. All were on a mission to promote and protect their stores.

Organizers knew that big data would be a focal point at this year’s conference. The NADA issued an addendum to the dealer data guidance it issued this past August. In it was a sample contract the NADA is encouraging dealers to review and “if applicable, to present the addendum to service provider vendors for signature.”

“The issue today is dealers have all this sensitive data, but to do business, they really have to share it or allow folks to have access to it in some way or form,” says Bradley Miller, the NADA’s associate director of legal and regulatory affairs. “By necessity, it’s going a lot of places. The problem is the very complicated set of rules with respect to how you can share this information, and it’s not easy to do.”

Miller and the association recommend that dealers consider putting an agreement in place with technology vendors who are accessing their customers’ personal information. “What it says is the vendor can’t take any more [data] than they need; they can’t do anything else with it except provide the service,” Miller explains. “To an extent, folks felt a little more free rein in the past with respect to this data. The hope is that will change.”

More Than Necessary
If this idea hits close to home for any vendor, it’s TrueCar. The third-party retailer came under fire in 2012 when dealer advocates, led by Auto Dealer Monthly contributor Jim Ziegler, questioned exactly what information TrueCar was taking from dealers’ dealer management systems (DMS). Some accused the company of extracting more data than it let on and using transaction data to set prices.

In response, TrueCar released a list of the exact data fields the company receives. “There is absolutely a lot of confusion and misperceptions and a lot of blog-fueled non-truths about what we do with data. So we had to get in front of that and contractually, it’s very clear: This is what we’re taking, this is how we secure it,” Stewart Easterby, TrueCar’s executive vice president of operations told Auto Dealer Monthly on the show floor.

January’s event marked the company’s first year as an exhibitor. “Others in this space do not have that level of transparency about either what they’re taking or what they’re securing. We believe data is a good thing. There are some who feel that dealers sharing data is bad for dealerships. We disagree very strongly. We believe dealers who share data … have more insights into customers and manage their business more efficiently. Data is a good thing if it’s used responsibly.”

(Won’t) Sign Here
Not everyone in the industry, though, believes third-party vendors would sign a contract like the one NADA has proposed. Brian Pasch, CEO of PCG Digital Marketing, thinks the contract lacks a clear explanation of each party’s needs and responsibilities.

“None of them will sign it, because it’s not comprehensive,” Pasch says. “I think the industry needs to start a better conversation about educating vendors about what is acceptable and what isn’t acceptable. It’s a very complicated conversation. I think vendors need to define what data they are accessing and what they are doing with it. That’s important.

“Also keep in mind that the average dealer doesn’t understand the deep ramifications that benefit them by sharing data. The fact that dealers depend on Polk data or Dataium data to make predictions are all parts of the benefit of big data. I’m not saying their financial information should be shared by anyone. I’m just saying the metrics that they are worried about are actually helping them sell more cars.”

Some of the major car-shopping information sites could be open to signing the NADA’s proposed agreement with their dealer clients. For instance,’s vice president of inside sales and dealer development, George Kang, believes putting an agreement in place is a good idea. “We agree that keeping personally identifiable information (PII) private is important and agree that some form of agreement between dealers and vendors is needed to ensure privacy,” he says.

Kevin Filan is AutoTrader’s vice president of customer marketing and industry relations. He says the company takes its responsibility to protect car buyers’ information very seriously. “In its materials describing the proposed data access addendum, NADA acknowledged that there is no ‘one-size-fits-all’ approach in deciding what protections dealers should put in place to safeguard their customers’ personal information,” he says. “We look forward to working with NADA, our dealers and other industry stakeholders to help address these important issues.”

Other major car-shopping sites like and TrueCar did not respond for comment on whether dealers have contacted them to work out an agreement using the NADA’s form. Miller stresses that the message to vendors is not that dealers should refuse to share data with service providers. “[Dealers] love your services; they want to get them, but you have to make sure the contracts reflect what the regulations require and what you’re doing.”

Without mentioning any specific companies, he added that one of the main reasons the NADA is pushing for data security is recent reports of vendors “exceeding what the dealer realized was happening” in terms of extracting data. “It’s just easier to get more than take the time and figure out what you need to get less,” Miller explains. “As a result, I think it’s just the path of least resistance. I don’t think, in most cases, people are trying to do something nefarious.”

Tightened Restrictions
Several months prior to the release of the sample vendor contract, the NADA issued a 14-page memo to its 17,000 members on vendor access to data. The guidance acknowledged there are a “number of entities who wish to gain access” to transaction data stored in dealer management systems (DMS), and warned dealers that the “[Federal Trade Commission] may consider any third-party ‘access’ to [non-public personal information] to be ‘sharing’” — even if the dealer’s vendor never actually accessed the data.

Since last summer, the FTC appears to have taken a greater interest in protecting customer information. In fact, FTC analysts testified on data security before a U.S. Senate banking subcommittee in early February, providing an update on the agency’s efforts. “Data security is of critical importance to consumers,” Jessica Rich, director of the FTC’s Bureau of Consumer Protection, said at the time. “If companies do not protect the personal information they collect and store, that information could fall into the wrong hands, resulting in fraud and other harm.”

Rich reminded businesses that the FTC enforces various statutes and rules that are applicable to those that collect and maintain consumer data. The FTC completed its 50th data security settlement in late January when it settled charges against a medical transcription company that executed “unreasonable data security measures.”

The NADA’s Miller believes stricter legislation for data security is to be expected. “There are all sorts of proposals on Capitol Hill for increases in restrictions, privacy rights; there’s been some activity in the nonautomotive world with data brokers. … The federal government really views this much more broadly and really considers any of the information that dealers have from their customers to be something they really need to treat with care and not share.”

Miller adds that, despite the warnings from NADA, “There are relatively simple ways to fix all of this. One of the very easiest is to make sure the contract language is tightened up. You really just have to get control of the contractual relationship and understand who is in your system. [Dealers] need to really be intentional about control over this.

“I know it’s hard. That’s why it takes some time, but that’s why it’s important for them to understand what value they may be letting go out the door.”

About the author

Stephanie Forshee

Senior Editor

View Bio