The Insider – New Management
Last month I wrote about a clash of interests as cars become controlled more by electronics and apps than mechanical processes. The availability of mass data, pertaining to both car and driver, who owns it, and what to do with it, raises a host of questions.
Now that cars can receive automatic updates, and interface with smart phones, the potential for malicious interference grows. Car owners already face theft risks from code-grabbing devices that help thieves clone electronic keys, or from alarm and immobiliser systems being disabled remotely by hackers using mobile phones.
But vehicle access points also represent a potential security and safety threat to autonomous connected vehicle systems. And so cyber security has become a key concern for automotive manufacturers, eager to prevent hackers hijacking control of an expensive and potentially lethal asset.
Theft of company and personal data is another concern. If private or company diaries and address books are uploaded to vehicles from paired mobile phones, procedures should be in place to ensure the data is deleted once the car is sold. If a company car is connected to the corporate computer system, there is also a risk that hackers can use it as a proxy server to enter that corporate system.
So it will be paramount to have policies ensuring passwords and other sensitive information is deleted when a vehicle is moved on. Fleets will need to view their vehicles in much the same way as they would any other piece of IT equipment. And it will become crucial to check the security and credentials of any linked third-party devices. For those running grey fleet, the rules will need to cover them as well. When it comes to cyber security, people tend to be the weakest link.
Information revealed via app use will also gives insights about the driver, counted as personal data. That may not be collected without a specified reason, and without an individual’s consent. The information must be accurate, and kept securely. Given the details that people keep in their mobile phones, often automatically uploaded to their cars’ infotainment systems, an organisation could find that it is gathering sensitive information inadvertently.
And what do you do with data which reveals unlawful behaviour, such as speeding or reckless driving? The company still has a duty of care which legally compels them to intervene.
We will need to clarify exactly what information is available, how it can be accessed and where it can be used. As asset managers, fleet managers need to be confident that someone in the organisation has its data protection adequately covered.
But of course it’s not just the information we can get via the vehicle, but how the vehicle can take control away from the driver. The emergence of ADAS (Advanced Drive Assistance System), the collective name for features such as lane departure and autonomous emergency braking, with an array of sensors, radar, mirrors, and cameras, will have a significant impact on repair and maintenance costs, not just in terms of parts replacement but also in recalibrating windscreens, bumpers and mirrors following damage. It’s almost a case of ‘be careful what you wish for’.
Windscreens can show displays and defrost themselves, but they don’t chip any less easily and replacement costs can be the thick end of a thousand pounds. Fleets will need to budget for these higher costs and the industry, especially the fast-fit industry, is already working hard to upskill their workforces.
For all the initial potential pitfalls, I can see that properly managed, there are real opportunities available from the new technologies in terms of reducing accidents, and cost efficiencies, so it’s an exciting time.
Finally, I leave you with this thought. When I was reading about the five principles proposed by VDA (see last month’s issue) for an all party solution to data management, I came across an additional comment. It stated that information specified as being useful for the improvement of road traffic safety would be made available to [initially German] public authorities specifically for that purpose.
So, does that mean that in time you could get speeding tickets sent through automatically if data released to a third party showed your vehicle had exceeded the speed limit, without a speed camera or police officer ever being involved? Just think about the implications of that.