Chicago Automobile Trade Association

ADP transferring dealership data to Carfax, CATA learns

November 22, 2010

The CATA has obtained documentation which demonstrates that ADP apparently is transferring information from dealership service records and selling the dealership data to Carfax, a vehicle history compiler.  

The data-mining practice is believed to be taking place in all parts of Illinois with those dealers who have ADP contracts.


Further, the CATA has learned that this type of data mining and subsequent disclosure of dealership data to third parties was done: 1) without the explicit consent of the dealer; 2) without the consent of the consumer; and 3) unbeknownst to the dealership. 

The practice of data hijacking is an example of why dealers are concerned about protecting the privacy of the data that they regularly obtain from their customers.


Dealers must protect customer data pursuant to Graham Leach Bliley and other laws, but some customer data is nonetheless being accessed and transferred to third-party companies by the dealer’s own computer services company.  

That simply is not right.


Other concerns and issues from the dealer’s perspective include:


  • With ADP using a dealer’s customer data for its own purposes, what protection does the dealer have against breach of privacy allegations or litigation by consumers? 
  • If ADP can access service records, it also can clearly access social security numbers, home addresses, credit information and other personal data.
  • Dealers believe that this customer information is the property of the customer and the dealership. What right or license does ADP have to access this information and sell it to third parties? 
  • Are measures in place to insure that ADP or other computer companies safeguard this dealer/customer data from outside hackers trying to randomly access any personal data? And, if this data is hacked into, who is responsible for the privacy breach?


The CATA board of directors feels that computer vendors should be required to obtain the explicit consent of the dealer prior to accessing or transferring customer data; protect the confidentiality and integrity of the dealership’s data; provide a means for the dealership to be able to monitor the information being accessed by the computer company; and have the ability to deny access to specific information. 

In addition, the CATA board firmly believes that the information in a dealer’s computer database is the property of the dealership and should be adamantly protected.


Further, the practice of data mining by computer companies within the industry may be detrimental to franchised dealerships and result in severe penalties.



Copyright © 2010 Chicago Automobile Trade Association. All Rights Reserved.