Privacy4Cars White Papers

Your enterprise risk management framework may overlook a significant data security vulnerability: cars. Corporate and personal data persistently stored in company-owned, rental, and employees’ personal passenger vehicles creates substantial exposure risks for your organization.

This comprehensive whitepaper explores why CISOs and security leaders must extend their security frameworks to include corporate vehicles, and provides actionable strategies for mitigating these emerging risks.

✓ Understand the data security and privacy risks posed by today’s vehicles
✓ A sample security policy for personal data management and disposal in vehicles
✓ Executive case studies and infographics to help you advocate for resources
✓ Integrating Vehicle Security & Privacy into your GRC Framework
✓ Information about Privacy4Cars, the leading vehicle privacy/security firm offering data disclosure and deletion solutions and more

This report includes an executive summary, the text of Aidan Eardley KC’s legal opinion, infographics, sample letters Privacy4Cars sent to automotive businesses affected by this King’s Counsel opinion, and resources such as sample policies, disclosure statements, and agreements.

This whitepaper and legal analysis clarifies GDPR obligations of automotive-related Controllers to delete personal data in vehicles, including dealerships, leasing, motor finance, motor insurance, car rental/car sharing companies, manufacturers, fleet management, and more have in regards to the personal data collected and stored in vehicles (e.g., navigation and smartphone data). It clarifies the roles and responsibilities of certain Processors when it comes to data deletion. It also clarifies the need for a documented procedure, robust process and relevant software to be used, relying on the knowledge and judgement of individuals is unlikely to meet requirements to demonstrate GDPR compliance.

The legal analysis of Aidan Eardley, King’s Counsel should be reviewed by legal counsel in the automotive industry operating in the United Kingdom and European Union.

This report includes an executive summary, the text of Aidan Eardley KC’s legal opinion, infographics, sample letters Privacy4Cars sent to automotive businesses affected by this King’s Counsel opinion, and resources such as sample policies, disclosure statements, and agreements.

New Jersey A4723 Requires motor vehicle dealer to offer to delete personal information in motor vehicles to all consumers when they take possession of their vehicle, whether it is a lease return, a trade-in, or a vehicle they purchased and stocked in inventory.

You can find more information, including a copy of the law, the letter we sent to substantially all franchise dealerships in New Jersey informing them of the legal changes, and a video explaining how Privacy4Cars’ AutoCleared^TM solution makes it easy to adhere to and log compliance with this law on our dedicated webpage:

Important letter summarizing Illinois Senate Bill SB800 sent to lienholders from Privacy4Cars.

Originally sent as certified letter November 3rd, 2023.

This letter summarizes key requirements for lienholders that repossess vehicles in Illinois to delete Personal Information from them, utilizing a standardized electronic solution approved by the American Recovery Association.

The letter details the findings of the Illinois General Assembly, who is subject to the law, enforcement aspects, and implications for lienholders.

Academically-reviewed paper by Eric Johnson, Partner, Hudson Cook LLP, and Andrea Amico, CEO, Privacy4Cars.

Originally published on Conference on Consumer Finance Law (CCFL) in the 2022 volume 76 numbers 1 & 2.

This paper reviews how vehicles may collect and allow access to consumer’s Personal Information (PI) and the legal implications, issues, and action automotive dealerships, banks, auto finance companies, credit unions, and other financing sources, but also insurance companies, rental car, and fleet companies should consider. The paper describes the main types of PI collected by vehicles, and how this information is regulated at the federal and state level, and lists a number of legal precedents in courts, including 9-figure settlements.

The paper further explores the duties and responsibilities of companies in regards to consumer PI captured by vehicles, and suggests a series of actions these companies should take, first and foremost of which should be establishing a robust and auditable process to delete data from vehicles.

On June 9th, 2023, the Federal Trade Commission revision of the Safeguards Rule will come into effect.  Entities regulated under Gramm-Leach-Bliley are required to develop, implement, and maintain a comprehensive system to safeguard consumers’ Nonpublic Personal Information (NPI, or PI) they come into possession of. This white paper provides a detailed analysis of the Rule update and its effect on auto dealerships, and specifically focuses on how to safeguard the PI (including sensitive geolocation and phone data) that is frequently stored in vehicles dealerships own, including lease returns, loaners, trades, etc. While this white paper does not constitute legal advice, dealerships can find valuable insights to design, implement, and augment their own compliance program, including sample language for disclosures, notices, and record keeping documents.

For the first time in history, suppliers to dealerships, auto finance companies, and other entities regulated under Gramm-Leach-Bliley will also have to comply with a particular section of that regulation starting on June 9th, 2023: the updated Safeguards Rule. In this white paper we specifically address those suppliers who have custody or otherwise have physical access to vehicles owned by GLBA-regulated entities (such as recovery agents, auto auctions, vehicle inspection companies) play a role in the overall Safeguards compliance. While this white paper does not constitute legal advice, remarketing and dealership suppliers who handle vehicles can find valuable insights to design, implement, and augment their own compliance programs.