Personal information stored inside cars presents a potential risk to dealers By Debora Toth, NIADA.com When a driver sells a used car to a dealership, he or she is often reminded to check around the vehicle for personal items – a cellphone, say, or maybe a child’s toy.
Text messages, call logs, home addresses and even medical and financial information are all vulnerable to theft if left behind when a vehicle is sold.
But what about personal data stored in the car’s computer system?
The numbers provide a true sense of the enormity of the problem of what is known as “persistent data.” More than 80 percent of the vehicles currently operating in the U.S. are able to capture personal data, and more than four out of five cars sold last year contain personal data.
How many consumers know what type of personal information is in their vehicles when they sell it? Personally identifiable information (PII) is data that can be used to identify a specific individual. It starts with Social Security numbers, mailing or email addresses, phone numbers and the like, but also includes a wide range of digitally available data, such as IP addresses, login information and more. Much of that data is collected by vehicles, as users connect their smartphones to vehicle infotainment systems and use onboard navigation systems and universal garage door openers.
What’s most concerning is consumers are not as aware of the security risks as they should be. A recent IBM security survey revealed only 8 percent of consumers were worried about protecting car navigation data compared to 64 percent who cared about data security in their mobile devices.
4 | MIDATLANTIC DEALER NEWS | MIDATLANTICAUTODEALERSUNITED.ORG • APRIL 2022
In the automotive industry – especially used car dealerships – that problem has been festering for some time. A few individuals have been ringing the warning bell for years to alert the industry about PII in vehicles. State legislatures in California, New York and Georgia have taken the lead by enacting privacy laws, and more than a dozen other states have bills pending. Federal agencies, including the Federal Trade Commission, are taking a hard look at the issue. In 2017, the FTC co-sponsored a national conference with the National Highway Traffic Safety Administration and asked NHTSA to define its role and responsibilities related to the privacy of data generated by and collected from vehicles. Currently, the issue is still largely undefined by law. Peder Magee, a senior attorney for the FTC’s Bureau of Consumer Protection, said there is no law enforced by the bureau that specifically requires companies to delete or protect the privacy of consumers’
