April 6, 2001
CIC Task Force Meeting Minutes, February 1, 2001
1. Anti-Trust Statement read. 2. Task Force Goals and Activities- Goals
Review and access licensing requirements, data transmission restrictions and other activities to determine the best means of preserving open communication standards while maintaining security and privacy for the collision industry and its customers. The task force will conclude upon submission of findings and recommendations to the Collision Industry Conference. - Activities
The Task Force activities need to clearly define the issues, submit recommendations through CIC, and other bodies such as CIECA, to promote an industry best practice that details procedures addressing the main concerns of all segments. It will be up to individual participants, groups and companies to implement these practices.
Discussion indicated the EMS standard was developed to facilitate movement of data from the collision estimating system to the shop management system. It also can be used to order parts and is a universal format used within the industry. The 124 format could be used to export data but the implementation guide has not been completed and is not the best tool at this time. It was agreed that any data format would be good as long as it is a standard used by everyone. Currently there are multiple versions of the EMS standard being used but EMS is not widely used by insurance companies. 4. Primary Issues
- Privacy of confidential shop, insurer and customer information.
- Definition of the fair use of copyrighted data contained within the EMS transaction.
- Security of data during transmission by third-party vendors employed by business partners.
- Inhibiting practices that would serve to restrict the data transmissions.
These issues cover a wide scope therefore we narrowed the discussion to three areas that appear to be the focal points of recent media attention. We discussed securing the data, using licensing agreements to monitor the flow of data and potential OEM data issues.
5. Responsibility for Securing DataThe group discussed responsibilities for securing data and the responses varied significantly.
- Several participants felt trading partners were responsible for privacy and security of data communications between their companies.
- Responsible use of data was discussed. Irresponsible use of data would need to be defined and understood. (Applications sharing data in a manner not intended.)
- One view indicated that the use of the data, aggregating versus pass through communications, was a determining factor for data security.
- One participant felt the originating estimating system should be responsible for securing the data and that their business partners were also responsible. This issue of controlling versus securing output was discussed.
The issue of data ownership was discussed and responses varied as shown below:
- The body shop is the sole owner.
- The customer, shop and insurance company own the data.
- Consumers, OEM, information provider and insurance companies own data.
- Ownership can be established by contractual agreements between business partners by the restrictive language.
- Information providers license insurers to use data for vehicle repairs and to settle claims.
- Depends upon use of data.
- Information provider owns data produced as final work product from estimating system.
- The information provider owns intellectual property.
- Concern was expressed regarding the time period that may transpire in completing licensing agreements between the information providers and third party communication/hosting companies.
- It was felt that some business partners would be amenable to licensing agreements that stipulate how data is to be used.
- One participant indicated usage and license agreement restrictions were being used to prohibit data from being used against the principals.
- Licensing is being used to protect intellectual property.
Discussion regarding OEM related issues was postponed due to lack of documented issues. We plan to have one of our Task Force representatives attend the next OEM Round Table meeting to present issues. Additionally, we will invite OEM representatives to the next Task Force conference call. Names of OEM contacts will be submitted.
9. Information Provider Ship AgreementsDuring our meeting, information providers were requested to submit a copy of their company's standard shop agreement. After the meeting, one of the Task Force participants contacted me to express anti-trust concerns regarding pricing and contract information. For this reason, I advised all information providers not to submit agreements.
10. Gramm-Leach-Bliley Act TITLE V--PRIVACYDuring our meeting, we discussed the new privacy act. We are attaching a copy of the privacy provision of the Gramm-Leach-Bliley Act that was referenced during the conference call. There is a link to the information on the Library of Congress' website which contains the entire act.
11. Action ItemsPlease be prepared to discuss the following items during our next meeting:
- What are the methods of securing data transmitted from the body shop, through a third party to the insurance company?
- Which of these methods (discussed in A) can be implemented without inhibiting data transfer services?
- What are the elements of licensing agreements that would restrict data transfer services, used only as a communications vehicle?
- What are the elements of licensing agreements that would restrict data transfer services used for communications and data aggregation?
- The Task Force needs to discuss issues involving OEM data.
It appears it would be beneficial and supportive to have task
force participants submit their company's official written position regarding
these issues.
Back
to Reports List Back to Data Issues Task Force
Page Home