Unforeseen Privacy Risks: Cars, Data, and CISO Challenges
N2K NetworksNovember 3, 202535 min29 views
26 connectionsΒ·40 entities in this videoβThe Evolving Definition of Privacy
- π‘ Privacy is not just about security measures like encryption but also about understanding evolving data collection practices.
- βοΈ Legally, privacy can be defined as an "intrusion upon seclusion," but a broader understanding involves how individuals want to be perceived and control their information.
- π The Universal Declaration of Human Rights, Article 12, addresses privacy as protection against arbitrary interference.
Data Collection and the "Information Company"
- π Automotive companies, like Ford, are increasingly becoming "information companies" by collecting vast amounts of data from connected vehicles.
- π Data is a means to an end, leading to information and then intelligence, which businesses use to anticipate consumer needs and guide strategic decisions.
- π Everyday examples like grocery store loyalty programs and Google's ad targeting illustrate how passive data collection builds comprehensive user profiles.
Privacy Risks in Rental Vehicles
- π± Connecting personal phones to rental car systems can lead to contact lists and call logs being stored on the vehicle.
- β³ Data stored in rental cars often persists even after the car is turned off, posing a risk if not properly sanitized.
- π Privacy notices for cars are often lengthy (over six hours to read), making informed consent difficult for consumers.
Data Types and Corporate Concerns
- π Precise geolocation is a sensitive data type, with rights to control it varying by state.
- π Other collected data can include names, emails, social media handles, biometrics, preferences, and communication logs.
- π’ For corporations, fleet cars and rental vehicles represent a significant, often overlooked, data leakage risk outside of direct IT control.
The Role of CISOs and Corporate Responsibility
- π CISOs must work with procurement and GRC teams to define data handling policies for fleet and rental vehicles.
- π Key demands for rental/fleet companies include simplified data disclosures and media sanitization processes with certificates of deletion.
- π Cars are now computers that store data, often unencrypted, making them vulnerable endpoints that fall under a security team's purview.
Real-World Data Breach Example
- ποΈ Researchers were able to re-identify a military contractor using data left in an unsanitized company car, revealing personal details, movements to military sites, and family information.
- β οΈ This highlights the severe risks of data persistence in vehicles and the potential for malicious actors to exploit this information.
Knowledge graph40 entities Β· 26 connections
How they connect
An interactive map of every person, idea, and reference from this conversation. Hover to trace connections, click to explore.
Hover Β· drag to explore
40 entities
Chapters15 moments
Key Moments
Transcript128 segments
Full Transcript
Topics13 themes
Whatβs Discussed
PrivacyData CollectionInternet of Things (IoT)Automotive PrivacyRental CarsData SanitizationCISOData SecurityGeolocation DataTelematicsPrivacy PoliciesInformed ConsentCorporate Data
Smart Objects40 Β· 26 links
ConceptsΒ· 23
ProductsΒ· 5
CompaniesΒ· 7
PeopleΒ· 3
LocationΒ· 1
MediaΒ· 1