Current Issue

Back to ARA Magazine

DATA SECURITY: THE NEW CURRENCY

“In God we trust.
All others must bring data.”
By Caryn Smith

It is not a new topic, and often it’s misunderstood, but it is one that has some automotive recyclers taking a second look. Data is the new currency – the most valued of all information. As they say, information is knowledge and knowledge is power. Data is the writer of the future, and the story gets told pretty accurately based on data’s previous predictable patterns.

Your electronic data, personal and business-related, contains the digital DNA of you, your business, your circle of influence, i.e.: friends, family, peers, employees … dare
we say … customers. For each of these groups, your data includes personal preferences, buying habits, financial information, and more, for the whole bunch – but most of all of you, and your company.

Every business owner, at minimum, should understand how data works. What is done with the knowledge is your preference.

Unfortunately, there is no magic wand to make this all stop. Technology drives life and business. Data is here to stay, and will only get more invasive and even step on more toes of our rights to privacy. The unanswered societal question is, who owns the data and what do they do with it once it is passed willingly? The good news is, for now, it still is your data, either for your business or yourself. And there are measures all of us can take to protect what is ours.

A Mainstream Example
The easiest way to explain data is to share an example. Have you ever wondered how Facebook gets its massive company value? It’s a free platform, after all. It’s not so much from advertising and post boosts. It’s biggest asset is user data. Marketers pay a pretty penny to obtain this information we all give so freely, which feeds the “personalized” marketing experience. When you look at a website or product, and then you notice it now popping up in your feed, you’ve been marketed.

A mainstream example of the value of data was explained in a 2018 Inc. magazine online blog by Jeffrey Barrett, CEO of Barrett Digital. “How is data is changing competition? Uber’s new credit card isn’t a play to get in the financial space. They want your restaurant data and they are willing to give you 4 percent cash back to get it,” he observes. “Why? So they can know what you like and create ‘ghost kitchens’ [restaurants with no brick-and-mortar presence] for Uber Eats. Uber can create dozens of pop-up restaurants on the app to serve people using one commercial kitchen and a couple of chefs. Cutting down on overhead it’s a potential game-changer in 2018 and beyond.”

This is a clever idea, using your data to determine your restaurant habits in a marketplace, to then determine a cuisine in demand, say burgers, to then plan for Uber Eats ghost kitchens. Then, to approach a local restaurateur to add that delivery burger brand to its operation. The restaurant adds revenue without expanding, and Uber Eats profits with a burger location on the app, without opening a restaurant.

Yes, that is brilliant! But what does this have to do with automotive recycling?

What is Data to You?
Let’s start with a definition. Wikipedia says data is information that has been translated into a form that is efficient for movement or processing. It may be in the form of text documents, images, audio clips, software programs, spreadsheets, or other types of data.

Your data comes in many forms, says Ginny Whelan, Executive Director, ARA’s Educational Foundation. Whelan has been talking about data issues for the last ten years, seeing this trend coming. If you believe that you don’t have anything to protect, she advises, “think again. If your company is regulated by any governmental or other regulatory standards, for example, your data is valuable. How do you handle credit card transactions, customer information, employee information. This is all data.”

What is included in data:
• Product information, including inventory purchases (vehicles), inventory, and source code
• Financial information, including market assessments and your company’s own financial records
• Customer data, including confidential information you hold on behalf of customers or clients
• Customer Sales Data
• Employee Records
• Credit Card Information
• VIN Information
• Price Structures
• Purchasing Records

“Data is all around us,” says Fred Ianterno, Executive Director of CIECA, which develops and promotes electronic communication standards that allow the Collision Industry to be more efficient. “Everything we do creates a data trail, from online financial transactions to Google searches.”

“Data is used to drive decisions. For instance, we all move from one place to another and businesses can track their drivers with GPS coordinates. That is a valuable tool with many benefits, and that is data about your business. But, imagine if someone, a competitor, was able to see all your driver’s regular routes, and able to see who your customer is and what you are selling to them. That is the power of data and why it needs security.”

Technology changed the way everything is done in the automotive world. It has made many things so much easier. We are headed for a future that is making what used to happen in years, happen in months. “What was once a labor intensive job of estimating a collision repair is now replaced with photos of damage, that triggers measurements by reaching back to data on previous crashes, and an accurate prediction of what it will take to fix that vehicle, all before the vehicle has left the scene of the accident,” says Ianterno. “Five to 10 years ago, no one would have thought about that possibility.”

“And, who would have thought today you can drive a car over a ‘mat’ with sensors that can figure out what the damage is under the vehicle that you can’t see? Collision repair shops now have ‘computer tech’ job descriptions for their team. These employees don’t sit and program, they run data-driven diagnostics. AI and virtual reality hasn’t played a role yet, but it will. What is unimaginable is being developed today.”

“The important thing to recognize about data, whenever we sign onto something new, a system, we sign over some rights of privacy to use the features. It can’t be avoided, but knowing this is important,” he says.

Securing your data is an important aspect of securing your business value. “Your financial data, books, personnel information, general business data, customer database, inventory, competitive edge, products and services pricing and volume, this is all data that needs secure protection.”

Securing Data from Two Types of Loss
The first kind of data loss is accidental. Your hard drive crashes, a computer is stolen, a file is corrupt and won’t open. Or worst case, your facility is hit with an extreme weather event (hurricane or tornado) or a fire. Once disaster strikes, you can’t go back, and fully recreating your data is near impossible. “People tend to ignore or assume data is safe,” says Ianterno. “It makes good business sense to have a loss prevention plan. People tend to ignore back-ups, such as cloud solutions or software solutions. For under $100 you can secure a single PC, and not do anything else.”

The other one is more complex; people hacking into your computer or network. There are anti-virus and firewalls for use by the average person that runs a small business. For larger companies, there is cloud technology that has very good security associated with it. When working with cloud solutions, which is computing power that does not reside in your physical location, you should ensure they have proper security and liability that comes with the service. These systems are trustworthy and worth the financial investment.

How Recyclers Don’t Protect Their Data
Protecting your data means protecting its confidentiality, integrity and availability, says Whelan. “The consequences of a failure to protect all three of these aspects include business losses, legal liability, and loss of company goodwill. Auto recyclers do not fully understand how their parts/ inventory data is being used when they
click on the agreed button to assign their inventory to an internet selling platform. Your data in someone else’s hands.”

There is a rising awareness of the need for cybersecurity, with ransomware on the rise, locking up servers and corrupting files. Some auto recyclers have experienced this hacking disaster. Seeking more knowledge about security and data, Dan Marks, Marks Auto Parts, has been taking action steps to secure his network and information. “Updating computers and systems can be expensive,” he says, “but losing all your computers and data with it is worse. I learned the hard way. We had ransomware hacks where they came through on old router that I didn’t even know had an open port previously used for tech support. It can happen to anyone.”

At the minimum, Marks suggests all recyclers, even the smallest of facilities invest in security technology, and have an up-to-date firewall, protecting customers’ data. It is a huge liability to expose other people’s data that you hold in your systems. Also, do you share your data with third parties, including contractors, partners, or your sales channel? What protects your data while it is in their hands? Do they somehow pass it on to others?

• Your data is important and crucial to the operation of your business.
• Your data has value and needs to be protected.
• Data generated by your operation is YOUR intellectual property and is proprietary.
• Data is a tangible asset.

“Be straight forward about your concerns when discussing your data with your vendors and others who have access,” says Marks. “When subscription renewal time comes around, ask your vendors about their policies. Read your contracts, and know what rights you are giving them and what rights you are retaining before you agree. There is always room to negotiate in most situations. You have to trust your vendors, but you also need to protect yourself with proper recourse, if it is needed.”

A Different View of Data
In the last few years, the protection of collective industry data has been a growing concern for some auto recyclers. Individually, an automotive recycler’s data doesn’t have any real monetary value, except as a business asset. But, collectively, it has immense value.

“We should consider our data as our industry intellectual property and be careful with it,” says Marty Hollingshead, Northlake Auto Recycling and ARA’s Secretary. “As a business model, we use many service providers who ping our servers on a regular basis to help us with our goal of selling recycled auto parts. I am not saying we need to stop this, but I am suggesting we all be more careful on who has access and how will people use it once we allow access to our servers for information. Once they get in, realistically, the average guy doesn’t know what they are taking out of there and what they do with it.”

“Data has great value. All you have to do is look at Google and Facebook, two companies that have no real product to sell. Yet, Facebook is worth $629 billion and Google is worth $739 billion as of early January 2019. That is $1.368 trillion for companies who mainly handle data,” says Hollingshead.

As we inch towards blockchain solutions, someone will have to be the holder of information from the auto parts industry. In the future, an independent party may be needed as a conduit to distribute and watch over the data. That is yet to be determined. This data could be a key negotiating tool for the industry’s future as an auto parts provider, as the industry owns billions of dollars in genuine OEM parts.

“We have to trust somebody to distribute our information,” says Hollingshead. “It makes sense currently to put that trust in the yard management systems we utilize in our businesses. Yet, I also want to know what anyone I contract with is doing with my data. I know I probably can’t change it, but as the owner of the data, I believe I should know what is being done with it, if anything.”

“As owners of salvage parts data, we should have protections and knowing what is being pulled and given to third parties,” says Marks. “Being aware of what you are sharing. We need to be sure, as an industry, that no one is mining our collective data and writing us out of the industry. If a company I engage services from doesn’t acknowledge this is my data, and it is confidential in nature, that is a red flag. Adding contractual language that offers me recourse if my data is used inappropriately without my knowledge is all I am asking from my services providers as contracts are renewed.”

“We need a gatekeeper,” suggests Hollingshead. “Who that will be is to be determined. All I want is to raise awareness for auto recyclers and begin to think about the power of our industry related to its immense collective data. There are data sharks out there who manipulate and misuse data. Our value should be protected.”

Caryn Smith is the editor of Automotive Recycling magazine and has been covering the industry for over 20 years.

Editor’s Note: The thoughts and ideas herein are soley those of the contributors, not necessarily of the ARA.