Customer information (name, address, email, phone number) is privileged information. When this information is inadequately secured, your company or dealership could be risking millions of dollars and your company’s reputation. Take the biggest retail hack in history as a lesson: Target. In 2013, 40 million credit card numbers, and 70 million addresses, phone numbers, and email addresses were stolen because employees did not follow an established data security procedure. Today, Target is still suffering the results of this breach, with gross expenses totaling $252 million and counting.
It’s not just security breaches that we should be concerned about, but also the adherence to customer requests. If a customer requests that your dealership not contact him or her via phone, email, text or direct mail, it is your responsibility to adhere to those requests and share this information with your marketing agencies. Communicating this request to all marketing agencies is particularly important if communications are sent over multiple platforms because your reputation, and financial security, is at stake
Don’t Victimize Your Database: The Dos and Don’ts of Data Privacy
- Keep your Marketing Company Up-To-Date: This includes updates to customer information, as well as updates on “do not contact” customers. This keeps your good reputation intact, as well as avoids potentially expensive legal issues. Both dealerships and vendors can be fined at the state or federal government level for not adhering to these requests.
- Check for Accuracy: Always double-check the accuracy of information you receive from customers because this affects the relevancy of your marketing communications. Consumers may become very concerned about receiving information for a vehicle that is not relevant to them. In today’s world, a mistyped email address could mean you are sending information to someone who has never done business with you. Consumers often assume their identity was stolen because they do not own the vehicle in the communication, and possibly never have. This is an easy way to get a bad reputation among consumers, or with people inside and outside your current customer base.
- Don’t Email Customer Information: Never put full customer contact information in an email to someone because you never know where that email will get forwarded. Once the email is sent, the contents are no longer in your control, and you cannot guarantee its correct usage.
- Consider a VIN Private Information: This information is highly specific to a customer; in essence, it is a car’s social security number (SSN). Just as any SSN should not be publicized, a customer’s full VIN should not be either.
- Don’t Share Downloaded Lists: If you purchase, download or receive a list of customers - don’t share it. Use it only for the time it is valid, which is usually 30 days. Customer information is in constant-change. On average, every month two percent of your email list is outdated, and up to 33% of your marketing contacts are outdated after one year due to change of residence, new email address, or change in job.
- Ask for a Preferred Contact Method: This can save money and your reputation.
- Be Aware of All Communications: You should be aware of all communications leaving your dealership to avoid over-communication, conflicting messages, or sending too many similar messages. When you provide relevant, timely, communications and do not over-communicate to your customers, this secures your access to their private customer information and lessens opt-outs from your communications. Have a strategy in place to establish what communications are sent and when, and discuss this strategy regularly with others in your dealership.
- Be Familiar with State and Federal Laws, Rights, and Restrictions: If your dealership is close to a state border, you should be aware of their resident state restrictions and the state requirements as well. Familiarize yourself with state laws for maintaining opt-outs, as those requirements can change annually. Every state has existing EBR (Existing Business Relationship) requirements- know your rights for contacting customers. Even if a customer has opted out, you still have communication options. FCC (Federal Communications Commission) allows customers to opt out of communications; however, if you have an existing business relationship with a customer, you do still have a right to talk to that customer.
- Use Secure Methods for Transferring Customer Lists: To protect your customer’s private information, as well as your dealership, get familiar with Secure File Transfer Protocol (SFTP).
Data security is a top priority for GSM. We understand that data privacy is the most important part of marketing when handling dealer and customer data. For that reason, we stay current on best practices so our dealers can have peace-of-mind.