Inverness, Ill. — Open Secure Access (OSA), a coalition of companies that believe dealers should control access to the data they own and determine how it is used, released a draft of Automotive Retail Data Security Guidelines. A finalized set of guidelines are scheduled to be released by mid-year. The guidelines address the access and use of dealer data by dealer-authorized third parties. These guidelines include recommendations to establish the appropriate contractual, physical, electronic, and procedural controls and safeguards to protect against unwarranted disclosure and to enable secure access,transport, storage and use of dealer data. The draft guidelines can be found on the Open Secure Access website at

Dealers have the responsibility to protect the data stored in their systems. At the same time, it is critical that dealers are free to direct the use of their data and choose the most powerful tools and partners available to drive the profitability of their businesses. To help dealers make informed decisions about the security of their partners' solutions, OSA will work with a broad cross-section of industry participants to create Automotive Retail Data Security Guidelines and a certification program to validate adherence to these guidelines by third parties.

"Dealers should be confident that the data that leaves their dealership is protected," said Allan Stejskal, president of OSA. "Broadly accepted guidelines that address how to do that and a certification program will give dealers the confidence they need to choose partners on whom they can rely to protect their data."

OSA members worked together to create the draft of the Data Security Guidelines. OSA now plans to work closely with dealer groups; dealers; industry groups such as STAR (Standards for Technology in Automotive Retail), NADA and AIADA; auto manufacturers; dealer management system providers, as well as the providers of other software and services to the dealer community to refine the guidelines. Based on the feedback from the industry, OSA will release finalized guidelines by mid-year. The next step in the process is to develop a certification program using the guidelines as a foundation.