The California Consumer Privacy Act (CCPA), General Data Protection Regulation (GDPR), Stop Hacks and Improve Electronic Data Security (SHIELD) Act, and other privacy laws are making customers more aware of the value of their data. 

Data breaches have always had a significant impact on dealerships’ reputations, but emerging legislation and increased media coverage have taken that impact to a new level.

Privacy laws are changing the practices of digital marketers, requiring dealerships to closely examine their data collection policies and contact lists to maintain compliance and safeguard their reputations. 

Let’s go over the importance of data security for auto dealerships, and how to comply with the California Consumer Privacy Act in terms of digital marketing.

Why it matters

Non-compliance can result in fines and lawsuits, but there are also other consequences to be aware of.

The nature of the auto dealership market is that dealers sell essentially the same products at similar price points, so it’s easy for consumers to substitute one dealer for another. 

The main differentiator in this market is reputation — it’s what most consumers (59% of them!) use to select a dealership. About 84% of consumers say that they would not purchase another car from a dealership whose data has been compromised.

That means reputational damage from a data breach has the potential to destroy a dealership.

Considering the increasingly common targeting of dealers by cybercriminals, and the unsophisticated technical approach most dealers take to protect their systems and data from these bad actors, cybercrime is shaping up to be a business-ender for the unevolved dealer.

CCPA-compliant digital marketing

It’s possible to maintain your dealership’s reputation and still get the word out to customers with digital marketing — you just need to have the right tools and approaches in place. As part of creating your dealership’s CCPA code of ethics, consider the following components.

Well-managed permissions and subscriptions

It’s more important than ever to appropriately assess and manage your permissions and subscriptions. Conduct contact list audits, update privacy statements, and confirm subscribers on a routine basis to make sure you don’t unintentionally violate data privacy laws. 

In addition to in-house record keeping, use CRM software and email marketing platforms to keep everything up to date. Your dealership IT services provider can recommend software and help you implement a system that works for you.

Security-focused employee practices

What would happen if a hacker gained access to your CRM? It would be a disaster, to put it mildly. Thousands of customers’ personal information would be in the wrong hands, and your dealership would be held responsible. 

Unfortunately, cyber attackers frequently use unsuspecting employees make it past dealerships’ defenses. Employee negligence is the main cause of data breaches, and phishing attacks are particularly common.

Because employees are so often targeted, they’re a vital line of defense against cyber attacks — you can’t afford to have ill-informed or poorly-trained staff. 

To lower the risk of human error, ensure that your employees are trained to identify potential attacks, and conduct periodic phishing tests to evaluate employee knowledge and behavior.

Further reading: The Human Firewall: Protecting Your Dealership from Cyber Threats

Secure technology

Employees aren’t the only thing standing between cyber attackers and your dealership’s digital marketing information — technology is also a huge part of the equation. Here are 3 things you can do to keep your dealership’s tech (and your customers’ data) more secure:

1. Don’t allow personal devices. Not all employee devices are kept up to date in terms of security settings and software, and smartphones and tablets are much easier to steal than desktop computers. Eliminate BYOD wherever possible.
2. Use two-factor authentication. Weak passwords are easy for hackers to crack, so it’s important to have another layer of security.
3. Implement account management controls. The worst-case scenario is for a cyber attacker to gain access to an account with privileged access to customer data. Reduce this risk by implementing additional security requirements for privileged accounts, and making sure employees only have the level of access they need to do their jobs.

For more details on technology best practices, consult the CIS 20 Controls list.

The tools and approaches we covered here are only a fraction of what you should do to comply with the CCPA. To continue fostering positive relationships with customers, you have to go above and beyond the law to protect their data.