Reynolds and Reynolds
What Secure Looks Like
“Simple” Isn't Always Best
Simple tasks aren’t always so simple. Take the definition of “protecting data,” for example. Legislation protects Personally Identifiable Information (PII) but doesn’t always specify how. So dealership employees may be unaware they are in violation when trying to complete what seems like a simple task. In plain language—if a dealership employee needs to send a document like a closed repair order (RO) to a business partner, he or she might be tempted to simply e-mail it. However, e-mail is not a secure medium and is not compliant. In this case, the RO contains PII, so it must instead be encrypted and transferred using a secure protocol, e.g., File Transfer Protocol Explicit Secure (FTPES) or Hypertext Transfer Protocol Secure (HTTPS).

Secure Data Transfer
Dealers who need to share data with business partners often look for ease or convenience without fully considering data transfer security. It sounds convenient to provide third-party business partners with open access to the DMS, allowing them to pull data for themselves. However, this exposes the dealership’s financial and customer data, violating data privacy and protection regulations and increasing risk for lawsuits. The secure, compliant solution is to instead push any needed data out to the business partner, so protected information does not end up in the wrong hands.

Protective Measures
Assuming all is right until something goes terribly wrong is not a safe business practice. Just like insurance—you don’t want to wait until an unpredictable incident occurs to get insurance, because then it’s too late—you want it in place so you’re covered when you need it. Likewise with data, you shouldn’t wait until you’re faced with compliance violations or lawsuits which could result in exorbitant penalties, fines, or court settlements, when simple protective measures could have been in place.

In many cases, Reynolds must interpret legislative requirements to establish industry-standard business practices. This is the primary reason why non-certified inbound third-party DMS access is being eliminated. Data brokers who access and extract data—such as name files, sales history, or deal information—serve as one example. Why? Dealers cannot identify or control the full scope of data being pulled, or what is happening with which files, records, or fields. Reynolds has even seen cases where third parties shut off by dealers have continued to pull data. Efforts of eliminating these types of access minimize risk for dealers.

Dealer Options
Share data securely with business partners using data movement options that let dealers control which business partners have access to what data.