Today's criminals who target auto dealerships may be after more than just cars.

Identity Theft

Your dealership's personal customer information is even more valuable to identity theft fraudsters than your inventory of cars. With personal customer information identity theft fraudsters can commit crimes by impersonating your customers and running up huge tabs on your customers' credit.

Dealership Risks

If identity theft criminal were to access your customer files, this could result in a legal, financial and public relations catastrophe for your dealership. Some of the negative implications include:

  • Lawsuits;
  • Financial damages;
  • Reputation damages;
  • Customer loss of confidence;
  • Public relations damage control costs;
  • Reduction in client goodwill; and, ultimately,
  • Reduced dealership profitability and/or losses

If you are not adequately protecting your customers' personal data you would be wise to make it a priority to remedy this risk. Identity theft is the fastest growing crime in Canada. Police are particularly concerned with "inside" jobs, since it is much easier to bribe a trusted employee who has access to personal customer information than brake into a car dealership.

Privacy Legislation

If the legal, financial and public relations ramifications of not protecting personal customer information are not bad enough, current Canadian privacy legislation (the federal Personal Information Protection and Electronic Documents Act (PIPEDA)) requires that all businesses put systems in place to ensure that customer information is secure, accurate, gathered with consent and not used beyond a stated purpose. The PIPEDA legislation (or similar provincial versions) applies to all Canadian businesses.

An Identity Theft Risk Reduction Strategy

To minimize the risks associated with identity theft, we recommend the implementation of a five stage personal customer information security strategy:

  1. An analysis of the processes for gathering, handling, storing and disposing of electronic and paper data;
  2. A review of the protection of your information technology systems, such as firewalls and audit trails;
  3. An assessment of the role and level of security of individuals who have access to personal customer information;
  4. A communication plan regarding your information security policies and procedures to your employees, clients and the public; and,
  5. A contingency plan regarding the appropriate procedures to undertake if there is a breach in the security of your client's personal information.

This personal customer information security strategy is best implemented in consultation with a highly trusted senior level officer (potentially the dealership owner him/herself) who will bear the ultimate responsibility to oversee and continually manage the security of the dealership's personal customer information.

Ari Kashton, CA●IFA/CBV, CFE, is a senior manager in the Business Valuation and Litigation Support division of Soberman LLP in Toronto.  He specializes in investigative and forensic accounting, including, fraud investigation, investment due diligence, damage quantification and expert testimony.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.