For automotive dealers there is a singular question that should be asked when talking to a vendor about software, whether it be a Windows-based application or a web-based application:
How do I know that my data will be secure. And this is interesting because even if it is a simple CRM system that does not allow the housing of sensitive/PII data (think: date of birth, social security number, credit card number, drivers license number, etc) – I cannot tell you how many times I have come across simple products where salespeople populate the comments field with sensitive/PII data.
Ergo the need to protect all data if you are going to type it in and store it.
Here are some buzz words, expressions and questions: Encryption. The comments field. Do you store my CVV (from your credit card)? What compliance do you hold to and what certifications do you have? Have you ever been breached? Have you ever been the target of an investigation into a potential security breach?
So, again, the question to ask is “How do I know that my data will be secure”. If you are not comfortable with the response you should not be comfortable with the product.