In 2020 alone, data/privacy breaches accounted for 36% of all automotive cyber incidents: a number destined to grow as cars become “smarter” and more connected. With enhanced technology comes increased liability for dealerships, auto finance, auto insurance, fleets, mobility players and OEMs. There are new and emerging ways for dealerships to protect their customers and their business from this growing liability threat. Dealerships may also discover that the rising attention to privacy can present opportunities to better serve their clientele and to offer services addressing the protection and peace of mind they demand. It’s important to understand the risks at hand and how they relate to the automotive sales business.
Have you ever synced your phone to your car? For most American consumers, the answer is “yes!” — not just for added convenience, but because all states have varying restrictions on the use of phones in vehicles. Did you know disconnecting from Bluetooth does not delete your personal Information (PI) that was captured by (and stored in) the vehicle’s infotainment system? You must manually go into each vehicle’s settings and click through prompts, unique to each car’s make, model, year, trim, etc. to entirely delete this data. Forget to do it (or fail to follow every step correctly) and your PI will be left behind indefinitely.
Most dealerships don’t realize that their largest database of PI is not in the service department or the F&I office — it’s for sale on their lot! A recent study discovered that consumers could find the PI of previous owners at 88% of reputable franchise dealerships — just by test-driving a vehicle or two. Some dealerships claimed to have a policy and a process to remove this PI yet were found out of compliance with their policy 75% of the time.
These cars for sale all contained many personal details: contacts, call logs, location history including the home address, garage door codes and even text messages. Leaving this data behind represents a potential danger to any dealership’s reputation and is ripe with multiple layers of potential legal liability, from federal (ex: The Privacy Rule), to a variety of state privacy, data security, data breach, record disposal, biometric laws, etc. The first lawsuit on this specific in-vehicle PI issue consumed over a year in the courts and cost hundreds of thousands of dollar to settle — with one plaintiff.
The National Independent Automobile Dealers Association (NIADA) recognized these challenges and rated privacy as the second-highest regulatory risk for dealers (after recalls). PI stored by vehicles is a quickly growing regulatory and consumer priority, and legislation only tightens in favor of consumers. While privacy on cell phones and laptops have been the historical focus, the “third screen” — the modern car — continues to garner attention from consumers, media and legislators at both the federal and state level.
Should dealers reactively wait until they see someone else targeted for not properly protecting consumers’ PI, or should they take a proactive stance? Our studies show the latter approach has major benefits. When the consumers in our study found PI in the vehicles for sale, the Net Promoter Scores for those consumers dropped dramatically, and 76% of consumers refused to purchase the vehicle after realizing the risks to their privacy. At the same time, consumers are interested in a range of privacy-centric solutions — showing that dealerships should set up a program that reduces risks, generates more leads and sales while protecting consumers.
Our company was created to help resolve these data privacy issues with a solution that consumers wanted and businesses needed. In the past year, we have become the de-facto standard for the wholesale channel, extending our protections and opportunities via an implemented subscription program in the retail channel. If you wouldn’t hand your unlocked phone to a stranger, what safeguards do customers need when they trade in or purchase a vehicle from your lot?