ABOVE: (L to R) Lance Formwalt, attorney with Siegfried Bingham, Todd Janzen, attorney with Plews Shadley Racher & Braun
Alongside the benefits of evolving technology and increasingly in-depth data collection, come increased risks that can create tension between dealers and their customers. To allay potential customer concerns, dealers and manufacturers must answer these questions: Who owns the data? Who can access it today and in the future?
“The products and services dealers are selling today have changed so much,” Lance Formwalt, an attorney with Siegfried Bingham, told attendees at the Precision Farming Dealer Summit. “The entire concept of precision ag over the last 10-15 years has resulted in a lot of great technology and it’s creating a lot of information that’s making growers more money in their businesses. But customers are also recognizing that there are some negative consequences to having so much information floating around.”
Formwalt and Todd Janzen, an attorney for Plews Shadley Racher & Braun, both specialize in agricultural law. They say there are no clear answers on how to handle and protect customer farm data in terms of legal regulations at this point. For this reason, it’s important that dealers take data privacy protection into their own hands and create internal policies that mandate how dealers treat their customers’ data and protect themselves from possible liability charges associated with data privacy protection. In addition, dealers must create transparent contracts with customers laying the ground for how data will be managed by the dealership.
What’s at Stake?
While there may not be a lot in the way of legal restrictions for agricultural data protection, Formwalt says it’s coming down the pipeline and other groups in the industry are already talking and preparing for regulations.
“Just to name a few, the Growers Information Services Cooperative, a co-op in Texas with 38 member states, is trying to create a secure data bank for producers to store their information and possibly monetize that data in the future,” he says. “The Farm Bureau is actively developing data principles focusing on data privacy and security. In addition, various producers, seed companies and equipment manufacturers have formed a group called the Open Ag Data Alliance to help find solutions for data, focusing specifically on how to move and share it. The point is there are groups all over the place with different focuses and agendas that are shaping policy on how we manage agricultural data.”
Takeaways
With no formal legal regulations on protecting farm data, there are no right or wrong answers on what to include in privacy policies. The key is to make your data protection agreements with customers transparent.
Getting data protection policies on paper is the first step. Next, dealers need to train employees and educate customers on the policies or the words on paper mean nothing.
Think of protecting farm data like you would a trade secret and protect it by the same measures used in other industries.
Manufacturers also have a concern in data security and Formwalt says John Deere has been putting pressure on its dealers to develop data privacy policies. “For the manufacturer, if an issue arises in data protection at the dealership level, it reflects poorly on all of John Deere or Case IH or New Holland. It’s a brand issue,” he says. “It’s like if you are served a bad burger at McDonald’s. It’s not just the reputation of that one store that’s tarnished, it’s the entire brand.”
As we integrate increasing levels of precision farming and create more data through farming, Formwalt says dealers need to be aware of their level of liability. This applies to data privacy, but also to the liability dealers may have when technology purchased at the dealership doesn’t meet customer expectations.
“We are seeing more consequences for dealers coming out of customers’ expectations of what the technology and data will do for them,” he says. “We are seeing yield claims for yield lost because they planted too much here or the variability was off there. These are things producers couldn’t even think about doing before. But now that we’re offering data services, we have to consider the [possible] liability involved. If a repair goes wrong or you give bad advice, you could be exposed to liability charges.”
To protect the dealership from these, Formwalt says it’s essential to account for liability in data privacy policies and insert a clause limiting it in the dealership’s customer agreements. “Limit your liability to something like a refund of what the customer paid. You still need to take care of the customer, but it prevents dealers from facing a six-figure claim that isn’t covered by insurance.”
Understand Types of Data
To understand how to protect data, dealers first need to understand that there are different categories of data. Each category requires different levels of protection.
Dealers are already obligated to protect personal information by law, including the customer’s name, address and financial information. Then there’s business information, which can include a customer’s agronomic data, yield information, prescriptions and machine data. This includes when the machine needs an oil change and how much fuel is being consumed.
“Customers are recognizing that there are some negative consequences to having so much information floating around…”
Janzen says it’s important to know the differences between these data categories because each comes with different protection expectations from the customer. “No one wants their personal information getting leaked and farmers are fairly secretive about their production and agronomic data, but they care less about their machine data,” he says.
While there are laws already in place to protect customers’ personal and financial information, Janzen says there aren’t yet laws about how to protect agronomic and farm data. To get an idea of how to protect farm data, Janzen suggests thinking of it legally as a trade secret.
“Every state has laws protecting trade secrets at some level,” he says. “A trade secret is something that a company wants to keep secret that may not easily be derived or reverse engineered, like the secret formula for Coca-Cola. If farm data is going to be something that’s respected and protected in a legal sense, then you have to treat it as a trade secret and protect it.”
Data Protection Policies
“If you’re collecting information about your customers or their businesses, you have legal obligations to do something about it,” Formwalt says. “When implementing a data security plan, most people think we’re trying to stop hackers from stealing information, but data security plans are actually a lot more comprehensive.”
Data security plans should consider all aspects of the dealership relating to how information is collected, where it’s stored and who has access and ownership of it. Formwalt says dealers need to consider what happens when a laptop is lost or stolen, an employee steals information or someone finds a copy of the data.
“You have to realize when you photo copy data, that information is stored on the computer of the copy machine, for example,” he says. “When you trade out that copier for a new one, all of the data on the hard drive goes out the door along with the machine unless you have policies in place at the dealership to make sure that information is wiped clean before the machine leaves the building. Another example is if you have an IT person or company working with the dealership, you need to be aware of what information they have access to. You need to address who has access to customer data and what they’re allowed to do with it.”
While data protection policies should be comprehensive, Formwalt also says you shouldn’t, and can’t, try to create the Fort Knox of protection policies. “You’re not going to go out and spend hundreds of thousands of dollars trying to protect every conceivable loss of data that could occur. Dealers need to look at how sensitive the information is, how much they have and what the cost is going to be to protect it. The key is not to over promise protection to your customers,” he says. “You cant’ promise that all of their data is always going to be secure. You’re setting yourself up for issues with that. Your policies need to have some caveats to protect you.”
“If a repair goes wrong or you give bad advice, you could be exposed to liability charges…”
Formwalt says dealers need to put appropriate policies and procedures relating to data protection in writing and collaborate with lawyers on the appropriate legal language for the policy. Privacy policies need to include a physical contract that is given to customers and guidelines on what data the dealership collects, what is done with it, where it’s going to be stored and how the dealership is going to secure it. The entire privacy policy and program needs to be understood by all employees.
Customer Data Contracts
The first step to protecting customers’ farm data, or trade secrets, is to create a contract with customers that addresses some of the common concerns with data protection, such as who owns the data, who can access it and who has the rights to the data later on. These contracts should be signed when the customer hires the dealership to work on a machine or when equipment is sold to the customer.
“You need to make it clear to the customer that when you go out to service their combine, the dealer doesn’t own the information the combine is generating unless otherwise stated in the contract,” Janzen says. “It also needs to be explained that just because a technician may be able to access a farmer’s data, for the purpose of uploading it for example, that technician does not own the data.”
These contracts need to be transparent. Janzen says because there are no laws on how to protect farm data at this point, there are no right or wrong answers for what should be included in the contracts. The important thing is that customers know what happens with their data and they give their consent.
The other important part of customer data contracts is to give the farmer adequate notice if the policies change. Farmers need to have the opportunity to accept or deny any changes to their contracts.
Implement a Privacy Policy
All of the dealership’s employees and technicians need to understand the privacy policy and customer contracts. If they don’t, Janzen says the policies don’t do anyone any good.
“Employees need some access to customer information and farm data to do their jobs and you need to have confidentiality agreements with each employee so they can’t go around sharing it,” Formwalt says. “This is part of putting the policies and the paperwork into effect. Dealers need to walk employees through the privacy policy step by step and take some time training them on it. It doesn’t cost an arm and a leg to do, but it does take time. We suggest putting training videos together to walk employees through the basics of data security and what you’re trying to accomplish.”
Implementing the privacy policy will usually fall on the shoulders of the precision farming department in the dealership because they already have detailed knowledge of the technology and industry, but Formwalt says dealers should also include a high level executive at the dealership in the process as an authority figure who can give direction to the project.