Skip to main content

Privacy Risks in Unexpected Places: CISO Perspectives with Merry Marwig

N2K NetworksNovember 3, 202535 min158 views
27 connections·40 entities in this video→

The Evolving Definition of Privacy

  • πŸ’‘ Privacy is not just about security measures like encryption but also about controlling personal information and how one is perceived.
  • βš–οΈ Legally, privacy can be defined as "intrusion upon seclusion," but its practical understanding is constantly evolving with technology.
  • 🌍 The Universal Declaration of Human Rights, Article 12, addresses privacy, prohibiting arbitrary interference with one's privacy, home, or reputation.

The Automotive Data Landscape

  • πŸš— Modern vehicles are increasingly becoming "computers on wheels," collecting vast amounts of data beyond just driving information.
  • πŸ“ Sensitive data collected can include identifiers, biometrics, precise geolocation, preferences, and even communications data like call logs and text messages.
  • ⚠️ This data often persists even after the car is turned off, posing a significant risk if not properly managed.

Challenges with Notice and Consent

  • πŸ“„ Privacy policies are often written at a post-graduate level, making them inaccessible and unread by most consumers.
  • ⏳ For example, understanding a car's privacy notice can take over six hours, leading to a lack of informed consent.
  • πŸš— In rental car scenarios, users rarely read these notices, inadvertently surrendering privacy rights.

Corporate Data Leakage Risks

  • 🏒 CISOs must consider how corporate data can leak through sources outside their direct control, such as rental vehicles.
  • πŸ“ž Data persisting in rental cars can include contacts, call logs, and even sensitive client information, posing a risk to the next user.
  • πŸ”‘ The lack of proper data sanitization in rental vehicles is a significant security and privacy gap.

The Role of CISOs and Organizational Responsibility

  • πŸ” Security professionals need to work with procurement and GRC teams to define data handling policies for fleet and rental vehicles.
  • πŸ“ Key requirements for CISOs include demanding simplified data disclosures from rental companies and ensuring media sanitization processes are in place.
  • πŸ›‘οΈ Companies that own or rent vehicles should be responsible for data sanitization, similar to how computers are refurbished.
  • 🚨 A real-world example highlighted how a military contractor's sensitive personal and professional data was re-identified from an unsanitized company car, underscoring the severity of the issue.
Knowledge graph40 entities Β· 27 connections

How they connect

An interactive map of every person, idea, and reference from this conversation. Hover to trace connections, click to explore.

Hover Β· drag to explore
40 entities
Chapters15 moments

Key Moments

Transcript130 segments

Full Transcript

Topics14 themes

What’s Discussed

PrivacyData CollectionAutomotive IndustryCISOData SecurityInternet of Things (IoT)Geolocation DataPrivacy PoliciesConsent FrameworkData SanitizationCorporate DataRental CarsTelematicsData Sharing
Smart Objects40 Β· 27 links
PeopleΒ· 7
CompaniesΒ· 7
ConceptsΒ· 19
ProductsΒ· 3
MediasΒ· 2
EventΒ· 1
LocationΒ· 1