The issue of privacy has been a big topic of conversation in the industry for the last month or so (and even as far back as the March/April 2005 issue of AGRR when contributing editor Les Shaver wrote about his interviews with a number of industry business owners and their concerns with what might be happening with the information they are sharing electronically with various vendors).

Now press reports have come out that ADP admitted it sold information that it had collected on car repair companies. And this happened on the same day last week that an ex-AOL employee was sentenced to jail for selling information on AOL subscribers to a SPAM company.

Automotive Digest reported that ADP Dealer Services, which is one of the two biggest vendors of dealership computer services in the United States, acknowledged it siphoned data from customers' systems and sold it without their knowledge.

According to the report, ADP admitted that a subsidiary extracted repair and maintenance records from dealerships after hours and sold the data to Carfax Inc., a Fairfax, Va., company that provides used-vehicle history reports.

Calls to ADP Dealer Services for comment were not returned.

ADP hasn't said how many dealers were involved in the action, which took place from December of last year through March of this year, but it has stopped pulling data due to dealer complaints. According to Automotive Digest, some dealer groups want states to require dealer consent before vendors pull data.

At issue is who owns the data on dealer computers, with dealers worried about identity theft. According to the report, ADP furnished Carfax with VIN data, which is not protected by federal privacy laws.