Personal data left on defleeted cars prompts security concern

DRIVERS leaving personal information on their company car’s hard drive at the end of its fleet life is a major issue and has prompted the Vehicle Remarketing Association (VRA) to compile a four-point plan and issue a best practice guide to members.

 

Drivers are ultimately responsible for erasing personal data from their car before handing it back to the leasing company, rental company or dealer, says the VRA, which says master hire agreements should inform customers of their obligations.

 

The technological evolution of satellite navigation, phone kits and entertainment systems means every day more personal driver information is stored on a car’s hard drives, from their entire phone book to personal addresses. However, frequently drivers fail to erase the data before handing the vehicle back.

 

To protect members from passing on a driver’s personal data when they sell a car theVRAis recommending a series of measures to adopt to help avoid possible consequences of passing on a driver’s personal details and the risk of contravening the Data Protection Act. They are:

  • Ensure that wording is included in customer contracts and master hire agreements informing their customer’s drivers of their obligations
  • Signed confirmation must be received by the vehicle owner as part of the vehicle de-hire process that all data has been removed from the vehicle
  • Action ‘Delete All’ or ‘Factory Reset’, or similar functionality as part of their remarketing process before a car is sold
  • Encourage individual companies to conduct a Privacy Impact Assessment

 

‘We have yet to see major instances of any personal data being misused if it is inadvertently left on a car’s satnav or in-car system, but this won’t be the case for ever. We have seen, for example, an instance where a car buyer traced the previous company car driver to his home address to ask more details about the used car he had just purchased at auction,’ said John Davies, theVRA’s chairman.

 

‘But if a driver’s phone has personal details of, for example, a politician or public figure and the sat nav includes details of how to find where they live, this could be a real  security  concern,’ he added.

 

On discussion with members early in 2012 some companies had already adopted their own policies and others had talked to customers about the issue, but theVRAsays its guide will help all members to consider the issues and decide what steps are appropriate for them to take.

 


Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>