By Robert J. Wilson, Esquire
This month we’re presenting an immensely important topic on privacy. Issues related to this have long tentacles and originate from many diverse sources including the vehicle you are driving. A good friend of mine, Robert Wilson, General Counsel for ARMD Resource Group, recently wrote an article on this very topic and he was gracious enough to allow me to share this with you. I think you’ll find Robert’s insight on this matter to be quite eye-opening. Read on. — Art Liggio, Driving Dynamics President and CEO
In 1984 Motown released a song by a singer whose stage name was “Rockwell.” The name of the song is the name of this article, “Somebody is Watching Me.” The song became a minor hit and is known for having Michael and Jermaine Jackson doing guest vocals and for the fact that Rockwell was a son of a producer, Motown’s CEO Berry Gordy. For purposes of this article, I would like to draw attention to a portion of the chorus: “I always feel like somebody’s watching me. And I have no privacy…”
So, how does this relate to compliance? The focus here is not on “somebody” watching you, but rather on cars “watching” you. Today’s cars have a treasure trove of data from sensors, onboard WiFi modems, cameras, and even the OBD-II (On Board Diagnostics) ports. Who owns all of this data?
Consider the types of data harvested by your car. A small sample would include trip duration, acceleration, where you drive, who is on your contact list and even camera data. Some in the auto industry see all of this customer-car data as a revenue stream which has been estimated to be worth millions of dollars. If your car has a WiFi modem on board, your data can be recorded and streamed to automakers; likewise, certain apps like Waze or even GM’s Marketplace app monitor where you go, what you buy and even where you eat.
While most of the available data may not fit into the traditional definition of NPI (Non-Public Personal Information under the Gramm Leach Bliley Act which focuses on “personally identifiable financial information”), the information we have described above is still worthy of protection. Most of the type of data your car harvests about you raises privacy concerns but from a compliance perspective, your home address, your home phone number, your email address, your speeding, and all of your personal contacts raise additional issues.
There is a type of software which authenticates electronic signatures provided by a company called DocuSign. DocuSign suffered a data breach in which, according to DocuSign, only a non-core system which was used to provide service related email to clients was hacked. No social security numbers, no names or addresses were accessed. What the hackers did obtain, however, was possibly 100 million email addresses. The hackers then embarked on a malicious phishing email attack directed against those harvested email addresses. If you clicked on the link in the email from “DocuSign” then you can only imagine what would happen.
So, let’s get back to your car. In your car’s computer memory, I am betting that there is a contact list containing hundreds of contacts. Those same contacts, while not traditional NPI, could subject you and all your contacts to a spearfishing attack like what happened to DocuSign customers! Your car’s address book in its computer memory is open to techs in every service department you visit, your car’s records of your driving is open to the techs plugging into the diagnostic port and all of your data collected by your car is possibly open to any hacker through your onboard WiFi modem.
Car data logging and car data harvesting is fertile ground for compliance and privacy issues to arise. Who owns your data stored in various “computers” in your car? Who has the duty to safeguard all this data? What happens if this data is harvested and innocent victims are subject to a malicious phishing attack? Some companies present a “click through” consent screen on your car to enable access to your car’s data through the built-in WiFi modem—is this sufficient? Car data and, more importantly, securing car data is currently one frontier in which the outlines of permissible conduct have not been firmly established. So we know the answer posed by the song and title of this article, it is your car that is watching you…but that begs the question. Who is harvesting your data from your car and how are they using your data?
* * * * *
Important Disclosure: Content provided in this article is intended for informational purposes only and should not be construed as legal advice and should not be relied upon or acted upon without retaining counsel to provide specific legal advice based upon your particular situation, jurisdiction and circumstances. No duties are assumed, intended or created by this communication. No attorney-client relationship is being created by your review or use of this material.
© 2018 Robert J. Wilson, All Rights Reserved. Robert J. Wilson, Esquire (Bob) is a Philadelphia lawyer and is General Counsel for ARMD Resource Group (www.getarmd.com). Bob is the principal of Wilson Law Firm and has over 30 years of experience both as a counselor and as a litigator in State and Federal Courts. Risk management, problem solving and dispute resolution are his core competencies. Bob’s practice is largely in the consumer finance space and he regularly consults with Lenders and contributes articles on various compliance related issues.
Safety & Risk is presented by Driving Dynamics an accomplished provider of impactful driver safety training and risk management services. Continually building and delivering programs based on sound research, proven learning methodologies and expert instruction, we are dedicated to improving drivers’ abilities to stay safe by leveraging risk management tools, principle-based learning and applied techniques. The One Second Advantage™ safety training principle developed by Driving Dynamics is rooted in research that shows 90 percent of all traffic crashes can be avoided when the driver has just one more second to react and knows what to do with that additional second. Driving Dynamics encourages all drivers to Steer Toward Safety™
Website: www.drivingdynamics.com; Blog: www.drivingdynamics.com/blog
Steer Toward Safety and The One Second Advantage are trademarks of Driving Dynamics Inc. All Rights Reserved.