Personal data residing on vehicles being sent through the remarketing process is growing as more and more information is held in cars’ systems.
David Tomes from Auto Intelligence warned delegates at October’s VRA Conference that it was vital to address this problem area after VRA chairman John Davies stated earlier this year: “We have yet to see major instances of any personal data being misused if it is inadvertently left on a car’s satnav or in-car system, but this won’t be the case forever.”
Tomes said with 60.1% of cars worldwide due to be connected to the web by 2017, and closer to 80% in Europe and North America, firms should develop a privacy impact assessment that determines the nature and types of in-car data, assessment of risk of leaving data on systems, efficacy of measures taken to mitigate identified risks, and policy development to reduce the possibility of data breach.
Breaching privacy could affect a firm’s reputation and customer confidence, while you can be fined £500,000.
Tomes added while this fine was unlikely to be imposed, the risk lies in damages to an individual. “These risks are going to grow more with the connectivity of cars,” he said.
As concerns grow, the VRA has introduced best practice on the topic advising that signed confirmation that all data has been removed from the vehicle must be received by the vehicle owner as part of the de-hire process, as well as ensuring that a ‘delete all’ or ‘factory reset’ option is actioned as part of the remarketing process before a car is old.
It adds that wording in customer contracts and hire agreements should inform customer’s drivers of their obligations.
Follow BusinessCar on TWITTER.