The complications of protecting data keep multiplying for dealers.
At the Washington D.C. Auto Show’s public policy panel this year, Federal Trade Commissioner Maureen Olhansusen warned that the automotive industry must step up their game in protecting consumer information or face enforcement actions from the FTC. She cautioned that the amount and quality of information in vehicles will only increase as auto makers develop autonomous and semi-autonomous capabilities and vehicle networking capabilities. One clear concern is accidents caused by hacking vehicles as they are driven. Privacy advocates have another concern: improper access to private data to track vehicle usage and personal communications.
The Commissioner’s warning was directed at manufacturers to either take action to protect consumer data or the FTC would.
But that doesn’t mean that dealers can overlook the challenges that new technologies pose. As capabilities expand to include in-vehicle wifi with the capability of capturing email, texting, and other communications, potential misuse of data by those with access to a vehicle’s systems must be considered. For example, how much information can your techs access? And what is your dealership’s policy concerning that access? As information multiplies and the potential problems from access and improper use multiply with it, a dealership must give serious consideration to beefing up its policies on data access and misuse, including in the service department.
One of the rapid developments in technology has been creation of free or low cost cloud storage capabilities such as iCloud and Dropbox. Your employees probably have access to cloud storage services. What is your policy concerning that?
A recent trade secret misappropriation lawsuit by a company against one of its former executives shows the potential problems. While he was employed, the executive downloaded company information to a company-approved Dropbox account so he could transfer and access files while he worked remotely. When he left to set up his own competing enterprise, the company sued him alleging that he misused the confidential data stored in the cloud to develop his own company. The court found that since the information was in a company-approved cloud storage, and since there was no evidence he accessed the Dropbox files after his employment, there was no evidence of trade secret appropriation. It refused to issue a preliminary injunction against the executive’s operation of a competing company.
What should be your company’s position on cloud storage?
- Should you allow the transfer of any company information to a personal cloud storage?
- If you do, what categories of information will you permit to be transferred?
- If you do, is there any reason will you permit customer information to be transferred?
- What will you require for deleting or returning that information?
- How will you audit and enforce your policy, including what disciplinary measures will you use for violations?
- What rights will your company have to access, retain or destroy data for protection of the company’s interests?
- What rights will you company have to disable a company-approved cloud storage account?