Today's criminals who target auto dealerships may be after
more than just cars.
Your dealership's personal customer
information is even more valuable to identity theft
fraudsters than your inventory of cars. With personal customer
information identity theft fraudsters can commit crimes by
impersonating your customers and running up huge tabs on your
If identity theft criminal were to access your customer files,
this could result in a legal, financial and public relations
catastrophe for your dealership. Some of the negative implications
Customer loss of confidence;
Public relations damage control costs;
Reduction in client goodwill; and, ultimately,
Reduced dealership profitability and/or losses
If you are not adequately protecting your customers'
personal data you would be wise to make it a priority to remedy
this risk. Identity theft is the fastest growing crime in Canada.
Police are particularly concerned with "inside" jobs,
since it is much easier to bribe a trusted employee who has access
to personal customer information than brake into a car
If the legal, financial and public relations ramifications of
not protecting personal customer information are not bad enough,
current Canadian privacy legislation (the federal Personal
Information Protection and Electronic Documents Act (PIPEDA))
requires that all businesses put systems in place to ensure that
customer information is secure, accurate, gathered with consent and
not used beyond a stated purpose. The PIPEDA legislation (or
similar provincial versions) applies to all Canadian
An Identity Theft Risk Reduction Strategy
To minimize the risks associated with identity theft, we
recommend the implementation of a five stage personal customer
information security strategy:
An analysis of the processes for gathering, handling, storing
and disposing of electronic and paper data;
A review of the protection of your information technology
systems, such as firewalls and audit trails;
An assessment of the role and level of security of individuals
who have access to personal customer information;
A communication plan regarding your information security
policies and procedures to your employees, clients and the public;
A contingency plan regarding the appropriate procedures to
undertake if there is a breach in the security of your client's
This personal customer information security strategy is best
implemented in consultation with a highly trusted senior level
officer (potentially the dealership owner him/herself) who will
bear the ultimate responsibility to oversee and continually manage
the security of the dealership's personal customer
Ari Kashton, CA●IFA/CBV, CFE, is a senior manager
in the Business Valuation and Litigation Support division of
Soberman LLP in Toronto. He specializes in investigative and
forensic accounting, including, fraud investigation, investment due
diligence, damage quantification and expert testimony.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).