Protecting Sensitive Customer Data | RouteOne

Protecting Sensitive Customer Data


Compliance Posts
Customer Data

From Our RouteOne Security Team.

Your dealership’s credit application system and dealership management system (DMS) contain large amounts of customer data, and your dealership is responsible for maintaining the privacy of this sensitive information.

Compromise of this data may be costly to a dealership both in higher costs and lower sales due to:

  • Fines incurred from violation of federal and/or state laws governing data protection;
  • Lowered trust in the dealership among repeat customers who now shop at the competitor; and
  • Negative media attention causing fewer new consumers to shop at a given dealership.

Protecting your dealership’s sensitive customer data is the responsibility of every employee, every day as it is easier to build in defenses than it is to repair the damage. Defending against bad actors targeting your customers’ data begins with a few key action steps:

Partner management – Require vendors and service providers to act in ways that support the survivability of their customer—you, the dealership.

  • Who has access to the data in your Dealership Systems?
  • How do those vendors use, store, and purge that data?
  • Ask crucial vendors about their own systems’ audit results. If they were not good, what have they done to remediate?


Audit and self-monitoring – Examine how well your dealership follows through with its written policies.

  • How well are your policies implemented and followed?
  • Has your organization reviewed its Identity Threat Prevention Program (ITPP) this year?
  • When was the last time you reviewed your safeguards rules and other policies?

Many of the tasks of the F&I department require processing customer data, but responsibility does not end at the dealership door. Dealerships also must be aware of how the vendors with access to your dealership’s customer data, treat that data. You must protect this information and create safeguards for securing the information.

Did you know?

In the RouteOne platform, you can view a display of the date and time of the last successful user login in the upper left-hand corner of the RouteOne screen. This feature allows the dealer to verify that their User ID has not been compromised. Should your dealership suspect an ID has been compromised by seeing a login time or date not initiated by a known user, that user should immediately contact the RouteOne Service Desk at 866.768.8301 for the next steps.


Consider our Complimentary Compliance Tools

RouteOne’s suite of compliance products and services can help you protect valuable customer data and keep your dealership safe from cybersecurity threats.

  • Activity Alerts - Receive notification of suspicious dealer activity in RouteOne.
  • IP Blocking - Prevents outside users from getting into your system.
  • Permissions - Gain control and assign employee access.
  • Active Dealer User Report - Ensure that only current employees have access to your RouteOne system.

Learn about the rest of our complimentary compliance tools. Also, discover how our premium services, like IDOne can help you verify and validate consumer identities within the RouteOne system.


Get Started Today

Questions? Contact your RouteOne Business Development Manager.  You can also listen to our past compliance webinars and browse through more RouteOne compliance blog posts