Over the last year, technology innovations in the automotive industry continued to be a boon for both drivers and manufacturers alike. However, with big gains in technology come big data, and 2019 delivered the next big wave of data privacy and security laws to regulate it. As these laws and consumer expectations continue to evolve, industry executives should keep the following best practices top-of-mind.
The number of new privacy laws and their varying scope makes compliance particularly challenging for companies with diverse or widespread operations. Implementing and fostering a strong unified privacy and security program can help navigate this web of regulation, creating a strong foundation that can provide consumers the security they demand – while still maintaining the flexibility needed to adapt to particular jurisdictions and regulations.
Companies should incorporate data privacy and security review into their due diligence when engaging with vendors or other third parties, especially those that deal with consumers’ personal information. For instance: Are third parties’ data privacy and security practices aligned with your company’s? Are they compliant with relevant compliance standards? Is your company transparent with consumers about third party relationships?
In adding additional protections and control for consumers, privacy laws create operational and technological burdens on companies. For example, notice and request for information requirements may require additional employees and training, and companies’ systems and technical practices may need to be updated to implement and support required protections like data anonymization and aggregation. Companies should stay up to date on emerging privacy and security issues, as well as technological innovations – and prepare their operations accordingly.
As consumers become more aware of data privacy, companies should not only make these issues a priority – but make that priority obvious to consumers. It’s crucial that companies be transparent about their privacy policies and practices, and engage with consumers’ questions or concerns.
While compliance with data privacy regulation is necessary, it may not always be sufficient to merely protect data. Third parties may continue to pose cybersecurity risks, and while compliance with notice and opt-out/ opt-in requirements implemented by privacy laws may give consumers more control over and information about authorized uses or disclosures of their data, it does not protect them from unauthorized uses or disclosures. Companies should continue to work to implement security measures and practices that provide the best cybersecurity, including eliminating vulnerability early at the design stage and continuously monitoring for new or inevitable security threats.
This set of best practices can help your company lead the pack in this evolving area. For more detail on these and other key issues facing the auto industry, check out Foley’s white paper on the “Top Legal Issues Facing the Automotive Industry in 2020.”