If you are charging your phone through a USB port or connecting to Bluetooth in your rental car, you may want to think twice. Last week, an FTC article highlighted the dangers of this seemingly innocent conduct, as it creates an avenue for compromising both you and your clients’ sensitive information.
While individuals connect their devices to rental cars to charge their phones, make calls, listen to music, or use their GPS systems, what these individuals fail to consider is that many cars automatically store this information. If the information is not cleared by the renter or the rental car company, anyone who subsequently rents that car has access to this data. Call and message logs, location coordinates, and contact information then remains long after the rental car is returned.
This can be problematic on two fronts: for rental car companies providing the service and for individuals employed by companies with rigorous privacy standards who compromise this personal information simply by connecting their smart phone to the car.
Rental car companies should consider including a disclosure provision that is given to the customer with the initial pre-rental paperwork. After the rental is returned, these companies should have a policy requiring the information is cleared from the system before the car is rented to anyone else. Failure to address this privacy implication can have unintended compliance consequences as privacy becomes an increasingly prevalent focus for regulatory agencies.
For companies handling sensitive information, however, it is equally important to have a provision within the companies’ existing privacy standards that details appropriate protocol for connecting employee devices to rental cars. As the FTC, CFPB, and other regulatory organizations continue to focus on privacy standards for sensitive consumer information, taking action against those who fail to do so, companies would be remiss to ignore this obvious but often unrecognized privacy loophole.
The FTC article and its mirror article for consumers recommend, among other things, disabling automatic settings that sync electronic devices to rental cars or avoiding connecting mobile devices altogether. While wise, it is unlikely that this will solve the privacy loophole in its entirety.
Though no official action has been taken concerning this issue, it is unlikely that this will refrain from becoming a pressing area for concern and investigation in the future. Recognizing this loophole now may help entities avoid unanticipated privacy issues and impending regulatory action.