Data Privacy Day: Focus for Fleet Managers

In a world where we’re more connected than ever in our private as well as professional lives, phrases like “Big Data” and “data privacy” are now part of everyday conversation. But when it comes to data privacy, there’s a lot more to consider than your credit card information or email logins being stolen.

Data Privacy Day is held annually on January 28 as “an international effort to create awareness about the importance of respecting privacy, safeguarding data and enabling trust.” It dates back to 2008, as a way for the U.S. and Canada to commemorate Europe’s Data Protection Day honoring the first legally binding international treaty dealing with privacy and data protection.¹

We can’t think of a better day for fleet managers and operators to take a moment to reflect on the vehicle and driver data issues that impact the industry, as well as things to keep in mind when it comes to keeping data safe. 

Telematics and driver privacy

Today’s telematics are used to track vehicles and monitor driver behavior. Since the main goal of telematics is to protect company assets, it’s important for fleet managers to ensure drivers understand this goal and see that privacy policies underscore how seriously the company takes driver privacy. Such policies promote transparency, and could include²:

• Specifics around what the telematics system is monitoring
• Highlights regarding how the system positively impacts employee and public safety
• Examples of how the telematics tool helps improve driver safety/efficiency
• Specifics around approved travel, geography, speeding and safety, idling, vehicle maintenance, substance abuse, and more

Connectivity and cybersecurity

Connectivity, particularly in terms of the Internet of Things (IoT), is positively trending in the industry as fleets and managers look to increase productivity, get a handle on operating costs, and become more agile. But when everything from smartphones to in-cab computers to back-end systems is linked via the internet, the risk of a cybersecurity threat increases.³

Whether it’s an inside threat, or a savvy cybercriminal mining for load location or financial information, fleets and companies of all sizes must protect themselves. So what can you do?³

• Update outdated or unsecure operating systems
• Ensure 3rd-party software is secure
• Be sure custom software is written with security in mind
• Keep an eye on outgoing data
• Embrace encryption and multi-factor authentication
• Be leery of suspicious emails/ransomware

The Additional Consideration of ELD Security: Now that the ELD mandate is in effect, a host of new companies offering ELDs have flooded the market. This means fleet managers have a new data security issue to contend with—making sure the ELD devices they deploy are safe from hackers and data breaches.⁴ Here are some points to keep in mind:

• In 2017, IOActive, a global security advisory firm, conducted vulnerability assessment research using several ELDs available over the counter at big-box distributors. What they found “could allow an attacker to pivot through the device and into the vehicle.”⁴
• ELD providers think the vulnerability of data being transferred between the device in the cab, the back office, and the FMCSA’s cloud system for transferring the data to roadside officials is a bigger concern—time will tell.⁴
• For now, “NMFTA strongly recommends purchasers talk to the manufacturer/supplier of their chosen ELD device and ask about cybersecurity, including technical standards or best practices followed (if any), as well as if adversarial testing or third-party security evaluations were performed as part of their product development lifecycle.”⁴

If you do business with or send goods overseas

The General Data Protection Regulation (GDPR)

For international companies that manage fleets in Europe, keep in mind that the GDPR takes effect in May of this year. “The GDPR applies to data processing carried out by organizations operating within the EU as well as organizations outside the EU that offer goods or services to individuals in the EU.” With it, harsher penalties will be enforced against organizations not meeting data protection obligations and everyone in the supply chain who handles/processes data will be held liable, not only controllers.⁵

To prepare, fleet operators might have to entirely overhaul data management processes, including how they integrate with the supply chain. And as connected vehicles become more common, it will be crucial that organizations build cybersecurity considerations into every aspect of the infrastructure.⁵

The European Union Data Protection Directive

Under this directive, in order to transfer personal data from Europe to the U.S., U.S. organizations must voluntarily agree to enter a safe harbor agreement. This means “a U.S. company must self-certify annually in writing to the U.S. Department of Commerce stating it agrees to adhere to safe harbor requirements; if a U.S.-headquartered fleet does not use safe harbor, it risks violating EU privacy laws.”⁶

Today’s a good day for data security

Privacy and data protection will always be top of mind for fleet operators, for the sake of their employees as well as their customers. So in light of Data Privacy Day, take a few minutes to think about what security issues might potentially impact your organization and use the information we’ve shared as a stepping stone to future-proofing data protection procedures. 

­­­­­­­­­­­­­­

Sources

¹ https://staysafeonline.org/data-privacy-day/about/

² http://www.fleetfinancials.com/channel/gps-telematics/article/story/2016/01/tackling-fleet-driver-privacy-issues.aspx

³ http://www.truckinginfo.com/channel/fleet-management/article/story/2017/10/cyber-security-connect-at-your-own-risk.aspx

⁴ http://www.truckinginfo.com/channel/fleet-management/article/story/2017/12/how-secure-is-your-eld.aspx

⁵ http://www.greenfleet.net/features/24082017/legal-duties-around-vehicle-and-driver-data

⁶ http://www.automotive-fleet.com/channel/operations/article/story/2007/05/european-union-data-privacy-laws-complicate-global-fleet-management1.aspx

The information contained in this document may or may not be correct and/or complete at the time of reading and is not intended to be used as a substitute for specific professional or legal advice or opinions. No recipients of content from this documents should act or refrain from acting on the basis of content of the document without seeking appropriate legal advice or other professional counseling. Verizon Telematics expressly disclaims all liability relating to actions taken or not taken based on any or all contents of this document.