Personal information stored inside cars



        presents a potential risk to dealers



        By Debora Toth, NIADA.com

        When a driver sells a used car to a  Text messages, call logs, home addresses  In the automotive industry – especially
        dealership, he or she is often reminded to  and even medical and financial information  used  car  dealerships  –  that  problem
        check around the vehicle for personal items  are all vulnerable to theft  if left behind  has been festering for some time. A few
        – a cellphone, say, or maybe a child’s toy.  when a vehicle is sold.      individuals have been ringing the warning
                                                                                  bell for years to alert the industry about PII
        But what about personal data stored in the  The numbers provide a true sense of the  in vehicles. State legislatures in California,
        car’s computer system?               enormity of the problem of what is known  New York and Georgia have taken the lead
                                             as “persistent data.” More than 80 percent  by enacting privacy laws, and more than a
        How many consumers know what type of  of  the vehicles  currently  operating in  the  dozen other states have bills pending.
        personal information is in their vehicles  U.S. are able to capture personal data, and
        when they sell it?                   more than four out of five cars sold last year  Federal agencies, including the Federal
                                             contain personal data.               Trade Commission, are taking a hard look
        Personally identifiable information (PII) is                              at the issue. In 2017, the FTC co-sponsored
        data that can be used to identify a specific   What’s most concerning     a  national  conference  with  the  National
        individual. It starts with Social Security   is consumers are not as      Highway Traffic Safety Administration
        numbers, mailing or email addresses, phone                                and  asked  NHTSA  to  define  its  role  and
        numbers and the like, but also includes a   aware of the security risks   responsibilities related to the privacy of
        wide range of digitally available data, such   as they should be.         data generated by and collected from
        as IP addresses, login information and                                    vehicles. Currently, the issue is still largely
        more.                                A recent IBM security survey revealed only  undefined by law.
                                             8 percent of consumers were worried about
        Much of that data is collected by vehicles, as  protecting car navigation data compared to  Peder  Magee, a  senior  attorney  for  the
        users connect their smartphones to vehicle  64 percent who cared about data security in  FTC’s  Bureau  of  Consumer Protection,
        infotainment systems and use onboard  their mobile devices.               said there is no law enforced by the bureau
        navigation systems and universal garage                                   that specifically requires companies to
        door openers.                                                             delete or protect the privacy of consumers’



        4  |  MIDATLANTIC DEALER NEWS  |  MIDATLANTICAUTODEALERSUNITED.ORG  •  APRIL 2022