CCC News & Insights

Protecting Your Shop's Data

By Dan Risley, Vice President Quality Repair & Market Development

“How Can I Protect My Data?” 

I get this question a lot personally and I’ve started to hear it repeatedly from industry groups like CIECA (Collision Industry Electronic Commerce Association) and at events like the Collision Industry Conference (CIC).

In this post, we'll talk about some data security best practices and explain how your CCC ONE software can be used to support these efforts.

Look for the 💡 to show some recommendations to help protect your data – I've sprinkled them throughout.

💡 First, you can read our CCC Data Policy HERE. Then, review the data policy and/or End UserLicense Agreements (EULAs) from all your 3rd party partners.


Many collision repairers use Estimate ManagementStandard (EMS) - created by CIECA in 1994 - to transmit data, but EMS is not encrypted, which means the transmitted data is not 100% protected. The challenge there is that with EMS, shops send all the data contained within the estimate as a complete package of information – including the vehicles Vehicle Identification Number (VIN) and a customer's personal data -to partners who don’t need that information or only a subset of the data.

When EMS is used as a stand-alone tool, collision repairers can't limit the data that is shared.

CIECA has since introduced Business Management Suite (BMS) as the standard. BMS allows for greater levels of encryption when used with features like CCC® Secure Share.

💡 Confirm that your shop has moved to BMS.

I'm Still Using EMS – How Can I Protect My Data?

If you have to use EMS, here are some best practices to limit your customer data exposure:

  1. Review the data policies and/or EULAs with all third-party partners you share personal data with to make sure you understand how they manage it.
  2. 💡 Check all the computers in your shop and turn off the EMS extract on any PC that doesn't need to share data to help limit exposure.
  3. 💡 Check the EMS file path on each computer and change it to a different directory. This can assist with limiting exposure if there is a data pump on that computer.

For more information on working with EMS, click here.

Add Extra Data Security by Using

Customers who use to write estimates can now take advantage of a new feature that adds extra data transmission security by letting you redact both the last six digits of a VIN and Personally Identifiable Information (e.g. first and last name, address, city, state, zip, phone, and email.)

The last six digits of the VIN aren't necessary to conduct business with many of your vendors. Not having the VIN, for example, won't affect parts sourcing. Those last digits are specific to that vehicle only – the rest of the VIN identifies the make and model.

💡 To configure this feature, logon at, go to Settings >> Data Connections>> EMS and Workfile Copy.

Enable the "Export workfile estimate data"and then click "+ Add".  Check either box (or both) to prevent this information being sent.

When you don't share those last six digits, you're making it difficult for any bad actors to figure out information about that specific vehicle, estimate, or customer.

CCC understands the concerns and challenges repairers are faced with regarding data privacy and security. It's not just about protecting your customers' personal information; it's about protecting the data in your estimates.