Ensuring that vendors are protecting data is Chris Cleveland's "No. 1 priority" as compliance director at Galpin Motors in California, particularly when negotiating contracts.
But the subject is not always top of mind for dealerships, he told me. They often do not ask their vendors how they use, process or share dealerships' customer data, or how they implement safeguards. He says they should.
"I don't think dealers have traditionally monitored or forced their vendors to be as compliant in the space of privacy and security as they need to be," said Cleveland, also CEO of ComplyAuto, a company that uses software to help retailers comply with data privacy regulations. Going forward, he said, "I think that is going to be something dealerships should take very seriously."
This year, I wrote about how dealerships should consider vetting vendors' security practices when negotiating or signing new contracts, particularly in the wake of high-profile data breaches involving dealership software providers.