James Leese, chief customer officer at Cox Automotive UK, explores the steps car owners and companies should take to protect themselves as personal data use increases.

As the internet and connected technology has evolved over the last three decades, privacy has unsurprisingly become a bigger issue in people’s minds. Most aren’t comfortable with sharing sensitive information and are taking additional steps to ensure their personal data is kept safe.

In the automotive world, we’re only just catching up to this trend of connectivity. Increasingly smarter vehicles have become commonplace over the last decade, giving us the ability to pair smartphones to control infotainment and other systems.

There are many reasons to James Leesebe excited about the new era of connectivity in our personal vehicles. The ability to connect our phones to our cars has opened up a wealth of convenience such as live traffic and navigation information, hands-free phone calls, music streaming, and digital keys.

However, with greater connectivity comes a greater need for our personal information. This data must be stored somewhere, in this case, directly within the car. Personal information such as names, addresses and navigation history are permanently stored, and in some cases, full phone books and personal messages. As a result, personal vehicles have become a treasure trove of personal data.

Despite an increasing desire to keep personal data safe, it appears many people are still unaware of the risks their vehicles can pose. A recent survey by Which? Found that more than half of drivers had synced their phone to their car. Of those, 51% had not tried to un-sync their phone before selling the vehicle. Even more alarming is that 31% said they had not made any attempt at all to remove their personal data from the vehicle.

It appears there is a real lack of information and guidance provided to car owners and users on how to keep their personal data safe. In most cases it’s not just a case of un-syncing the phone, but of also wiping various systems within the car such as the sat-nav, which often need the car’s handbook for instructions.

For private sales, it means that people could willingly hand their personal information over to strangers. Not a nice thought, but in reality not something that would cause much harm in most cases.

However, for businesses it poses a bigger problem. The General Data Protection Regulation (GDPR), introduced in 2018, put greater responsibility on companies to keep their customer’s data safe or risk hefty financial penalties of up to 4% of global annual turnover. This is a particular problem in the used car market, where some vehicles have changed hands multiple times. Any company hoping to retail a vehicle therefore opens themselves up to a multitude of data breaches and penalties if proper procedures aren’t followed.

Ultimately the responsibility falls on the business to ensure all data is kept safe, and rightly so. But it is a minefield, and inevitably some breaches can fall through the cracks.

For those looking to sell used vehicles through auctions, remarketing companies can help. For example, Manheim’s DataCleanse service ensures that all personal information and data is wiped from the vehicle and redacted from any documentation before it is sold at auction. Shockingly, before the launch of the DataCleanse service in 2019, Manheim found that 51% cars audited prior to auction had data breaches including sat-nav history, phone data and invoices with personal information, highlighting the importance of services like this.

Since the introduction of GDPR, companies have certainly become more vigilant to the importance of data handling processes internally, but for many working in the automotive industry, it appears that they are not adequately informing their customers on the steps they should also be taking.

Additional help has to come from the companies who own the vehicles. Rental and lease companies should provide guidance to users on how to wipe their data before handing the car back. Similarly, dealers should ensure that systems on part-ex vehicles are reset and all data wiped before they are put on the forecourt. This would go a long way to help keep companies safe from fines, and to put customer’s minds at ease.