Above: With precision farming equipment, a dealer having to handle farm customers’ data is unavoidable. To minimize liability and capitalize on data service opportunities, dealers should spell out their policies as they relate to data privacy, ownership and security, even if only for the bare minimum of transactions.
For ambitious dealers, the collection, processing and analysis of precision farming data has shown significant promise as an added revenue source. But even for those who are less inclined to directly pursue this area of precision business, at least minimal handling of customers’ data is virtually unavoidable.
If you ask, Derick McGhee, integrated solutions manager at Heritage Tractor in Baldwin City, Kan., data handling is an aspect of precision farming that needs to be embraced to not only protect dealers, but to stay relevant.
“Most of the components we are selling now are all designed to capture data, so electing to not support the data and use support agreements to protect it doesn’t seem like an option,” says McGhee. “I understand that it’s a challenge, but we’d be naive to think that data handling isn’t going to be a huge component of our industry long-term. If we don’t embrace it now, I guarantee that there are other manufacturers and companies out there that aren’t scared of it.”
With both necessity and innovation pushing dealers to embrace data management services, it’s becoming imperative for dealers to spell out their policies as they relate to data privacy, ownership and security, even if only for the bare minimum of transactions.
Colorblind Issue
Some dealers who’ve anticipated these pitfalls have responded by drafting privacy agreements for their customers to sign. Developing custom policies and agreements can be challenging and the implementation and training around data security can seem overwhelming.
The Western Equipment Dealers’ Assn. (WEDA) studied the data sphere’s biggest sticking points and assembled model forms that address them. In late 2014, they created a set of documents primarily for John Deere dealers to address privacy and data security in connection with Deere’s FarmSight initiative.
Lance Formwalt, who leads the Equipment Dealer practice group at Seigfreid Bingham in Kansas City, Mo., serves as general counsel for WEDA and represents individual farm equipment dealerships and several other North American dealer associations, was tasked by WEDA to evaluate and design documentation that addresses secure data handling procedures for its dealership members.
“At the rate that data is changing, there are going to be continuous challenges. The important part is just getting the conversation started…” — Derick McGhee
“During the process, we determined that this issue is colorblind,” says Formwalt. “It doesn’t matter if you’re selling green, blue, orange, yellow or red equipment, you’ve got to be thinking about the issue of data privacy.”
After initially working with Deere dealers, Formwalt and WEDA began meeting with dealers representing AGCO, Kubota, Case IH and New Holland to help set up the same document structure.
Formwalt found the need for a strong privacy policy on data management was necessary regardless of what line the equipment dealers were selling. He also found there were plenty of other organizations trying to wrap their arms around the same issue.
“The Farm Bureau has been very active in this arena — talking with its members about the contracts coming from ag tech providers, issues relating to privacy and the access to the information that they have,” says Formwalt. “There are a lot of groups within the ag equipment industry that are paying close attention to these issues right now.”
“It doesn’t matter if you’re selling green, blue, orange, yellow or red; you’ve got to be thinking about this issue of data privacy...” — Lance Formwalt
Even if day-to-day dealership operations haven’t been enough to motivate management to adopt a strict and comprehensive data management policy, it’s likely that dealers will feel a new raft of pressure from manufacturers hoping to protect their brands.
“It’s like a McDonald’s franchisee selling a bad hamburger,” says Formwalt. “The headline isn’t Mr. So-and-so sold a bad hamburger, it’s that McDonald’s made 20 people sick through food poisoning. If you’ve got a sign on your store that’s associated with the brand and there’s a problem, there’s a concern that it’ll be stuck with the brand.”
Although Luke Bennett, AMS specialist at Oregon Trail Equipment, a Deere dealership in Beatrice, Neb., has decided to take a tenuous approach to handling farmers’ data. He knows manufacturers are beginning to require dealers to adopt tighter privacy policies and procedures.
“From my perspective, what some third parties are able to do for farmers with their data almost makes it difficult for the dealer to even get involved,” says Bennett. “I’m trying for a bit of a hands-off approach, but I also know we’re being told that we have to be equipped to manage farmers’ data.”
Data Privacy & Confidentiality
For Bennett, the expense of implementing and constantly managing a useful and effective data policy is challenging. Still, he sees having to address privacy and data management as inevitable for his dealership. The first step he’s taken is to clearly define basic confidentiality for his staff in the dealer’s employee handbook.
“For instance, it’s important to tell our service techs that if they hop into a combine with a customer and they’re looking at the display, they shouldn’t say things like ‘The farmer down the road was doing 15 bushel an acre better,’” says Bennett. “That’s just a basic example, but it gets them thinking. Most of it is common sense stuff, but we need to have it in the handbook.”
Formwalt says employee confidentiality agreements are essential, and a staff handbook isn’t a bad place to start. Extra effort should be made though to ensure employees understand and agree to the policy.
“If the agreement is in a handbook, it should be called out and staff should have to sign that page,” says Formwalt. “Having employees agree to keep customers’ data confidential is one of the most basic and important steps a dealer can take.”
An internal policy for handling customer data is becoming a must have for dealers. Concise data agreements can protect dealers from liability and ensure terms are clearly understood.
McGhee, who started implementing the form documents designed by Formwalt and WEDA in 2014, agrees that building a broad departmental consensus is key to making confidentiality second nature and an intentional way of handling business at the dealership. He feels that opening the line of communication will help the precision department adapt to changing technology.
“We started internally with understanding and communicating to our employees as to what the expectation level was,” says McGhee. “It’s not a fun conversation to have with a customer or staff member, but if you approach it correctly, it’s not a horrible conversation either.
“I don’t think it’s something we have completely figured out yet, and it’s going to take years. At the rate that data is changing, there are going to be continuous challenges. The important part is just getting the conversation started.”
While getting the staff on board is crucial, dealers should also consider third parties. For instance, IT professionals servicing dealers’ computers may have access to sensitive data, making that interaction worthy of attention. Also, scenarios in which information is shared with agronomists, co-ops, crop insurers or other vendors must also be accounted for.
“If dealers implement a privacy policy that restricts their ability to disclose customer information, it means they need to get the customer’s permission before they disclose any information to third parties. Having a short document for them to sign off on to document that permission can also add some protection for dealers,” says Formwalt. “If a dealer is just passing along information, they don’t want to step into any extra liability if, for instance, an agronomist were to mishandle or misinterpret that information.”
Safeguards & Security
A strong privacy policy is a way for dealers to make a confidentiality promise to their customers, but it’s hard to keep those promises without a well thought out security plan.
“We’ve run into situations where we call the co-op to get the customer’s data and they say ‘No’...” — Bruce West
A vague assurance to handle data with care and delete it when any work is complete will offer only cold comfort. Adopting a more formalized, actionable approach that’s set up around a few core principals will better address security.
“Dealers have to do some actual legwork when it comes to security,” says Formwalt. “It’s wise to adopt a staff-wide mindset of, ‘Hey, this is important, everyone hop aboard and help me put this program in place. We’re going to design it, we’re going to implement it and we’re going to live it.’”
Hacking and identity theft are hot topics in the field of data security, but Formwalt suggests that more mundane sources of data loss may be where dealers face the most risk. Having a protocol in place to standardize the response to things like a precision specialist losing a phone, flash drive or laptop or an employee stealing, will make decisiveness automatic.
“Dealers should even watch out for dumpster diving. If they’re not shredding, they’re vulnerable,” say Formwalt. “There are also service providers to consider. Do they have weaknesses in their systems? Do they have obligations to you to keep your information confidential? Even a basic copier has a hard drive that stores electronic copies of every single document run on that machine. What happens when it’s time to get a new one?”
It’s fairly easy to find out from a manufacturer how to wipe the memory on a given copy machine, and it’s even easier to shred paper, but without making it a store policy, these basic measures may get overlooked.
If a dealer does experience a data breach of some sort, deciding on a course of action in advance may help limit the damage and keep the business on the right side of the law. Forty-seven states currently have data breach identification laws, Formwalt notes.
“That means if a dealer loses someone’s personal information, they’ve got some obligation to notify them,” he says. “These are the kinds of laws that are tripping up the Targets and the Home Depots of the world.”
Luckily, Formwalt says that these issues, involving personal information such as social security numbers, are a more common affliction for businesses that do a tremendous volume of retail transactions, putting dealers in a category of somewhat diminished risk. Additionally, insurance coverage is available to further offset risk from loss of this type of information.
Data: Who Owns It?
During interviews with dealers for this story, “the farmer’s data belongs to him” was a common refrain to questions about data ownership. However, Formwalt says it’s unlikely that this sentiment alone will be enough to both protect dealers from potential pitfalls and allow for business opportunity.
“I don’t think most dealers are trying to claim ownership over farmers’ data, so I don’t think that’s the most important question,” says Formwalt. “What dealers ideally want to do is be able to have adequate commitments to their customers, but have the ability to use the data in ways that can benefit their business.”
Formwalt indicates the most appropriate way to do this is to get permission to use the customer’s information for the dealer’s business purposes. But it’s also important to create limits on disclosure unless the information is in an aggregated or anonymized format.
One reason this is important is that these policies can help set dealers up for success relating to revenue streams that they might not even be aware of currently. Formwalt references Machinery Link’s use of data captured from leased combines as an example of using data gathered in one setting several years ago that was re-purposed to build a mapping program that is now being offered through an affiliated company.
Offering services to farmers that require the use of their data is a potential revenue stream to many dealers, but even getting possession of this data may be difficult, regardless of the dealer’s stance on ownership.
Bruce West, owner of West Enterprises, a precision farming dealership in Geneseo, Ill., has already faced issues related to using his customer’s data.
“We’ve had problems in our area with co-ops pulling soil samples and thinking they own the test result data even though the farmer has paid them for it,” says West. “We’ve run into situations where we call the co-op to get the customer’s data and they say ‘No.’
“Even after telling the farmer to request that the co-op send it to us they still say no. They say that it’s their data. So we’ve had to charge farmers to re-pull the samples ourselves. They weren’t happy about that.”
Contracts in which data ownership is clearly spelled out remove the guesswork from this, says Todd Janzen, attorney and chair of the American Bar Assn.’s Agricultural Management Committee. In a situation without contracts, ownership is ambiguous.
“If there is no written contract, the farmer could say they own the data since it was generated on their land,” says Janzen. “The co-op could also claim ownership, since the information could be proprietary to the co-op.”
Janzen says the only way to be sure, is to have farmers and co-ops establish who owns farm data in their agreements.
Of course, dealerships have no control over any of these data agreements. But, as West’s example shows, dealers are likely to encounter the ensuing scuffle over who owns the data. West feels that a white paper he recently modified and adopted makes farmers aware of the responsibility they have for their own data.
“The policy uses language that says the farmer owns the information that they generate as far as we’re concerned, but it proceeds to say that it’s their responsibility to talk to their landlord, if there is one, or the co-op, or whoever, so everyone understands who owns what data,” says West.
He says that they haven’t arrived at the point where they’ll require farmers to sign the agreement yet. Having a clearly posted policy on their website though gives them something to reference in conversations with customers.
Putting Policy into Practice
Implementing a dealership-wide policy that addresses data privacy, security and ownership may sound like bathing in a waterfall of legal forms, but a well-designed system of agreements can quickly become just another piece of the landscape.
With precision farming equipment, a dealer having to handle farm customers’ data is unavoidable. To minimize liability and capitalize on data service opportunities, dealers should spell out their policies as they relate to data privacy, ownership and security, even if only for the bare minimum of transactions.
McGhee has found that since implementing a set of form documents at the dealership, the payback has been in freedom to pursue data-related precision business without risk and with marketable peace of mind that customers and dealers alike can rely on.
“We’re fortunate that we’ve never had any major issues or legal problems that stemmed from handling data,” says McGhee. “I think what we have found is that by protecting ourselves with the right policies and forms, we can keep ourselves out of potentially uncomfortable situations. Customers’ understand what we’re going to do with their data, and we are clear on how we’re going to manage it.”
As Formwalt notes, whether a dealer purchases a package of form models that fit their needs or design their own policy and procedure, the onus is on getting the language right. Once a dealer has built its policies, posting them online and referencing them in subsequent documents can help limit the amount of paper involved in each transaction with customers.
To form a truly cohesive strategy, some policy items can be addressed with simple, well-worded agreements. But others, like security, require action. The fact remains though, that with the increasing prevalence of precision equipment capturing useful and valuable information, there is no turning away from these issues.
None of the dealers interviewed for this story felt data liability was something they wouldn’t have to worry about in the future. Formwalt’s research points in the same direction and ignoring the looming debate may insulate dealers from it slightly, but not for long.
“In terms of governmental regulation, the U.S. has been pretty hands-off in this area,” says Formwalt. “They’ve generally said, ‘We’re not going to tell you that you have to have a privacy policy. But if you do, we expect you to live up to it.’ That is going to change.”
The precision concerns customers have aren’t the same as they were a decade ago, and bringing dealerships’ business philosophy in line to match the changing atmosphere may be the best way to get ahead of the curve.
“Historically, the European Union and Canada have been much more active in regulating privacy and the use of information, but the U.S. is starting to catch up,” says Formwalt. “Regardless of what manufacturers or customers say, dealers have some legal privacy and data issues that they need to get out in front of. The landscape is going to keep changing, and I think it’ll make everyone stand up and pay attention to this issue.”