On April 6, 2007, OSA released a draft of the Automotive Retail Data Security
Guidelines - Third Party Providers. The guidelines address the access and use
of dealer data by dealer-authorized third parties. These guidelines include
recommendations to establish the appropriate contractual, physical, electronic,
and procedural controls and safeguards to protect against unwarranted disclosure
and to enable secure access, transport, storage and use of dealer data.
On May 1, 2007, a conference call was held to review the guidelines and gather
feedback. Over 50 companies participated on the call and feedback was
gathered. The group was particularly concerned that the guidelines not
duplicate existing standards. If other standards and certification exist that
meet the data security needs of automotive retail those should be adopted rather
than adding another layer of standards and certification. A comparison of some
of the data security standards can be found
here.
A revised draft was created based on the feedback on the May 1 call. Thanks to
feedback from a broad range of industry participants the final guidelines meet
the original goals as well as the requirements of an industry seeking not only
open access but all the appropriate safeguards for their data.
On June 15, 2007 v1.0 of the Automotive Retail Data Security Guidelines - Third
Party Providers were released. OSA is developing a certification process using
the guidelines as a foundation.
Other Data Security Guideline References
Following are links to other data security guidelines for reference purposes.