How industry can tackle data privacy

Though most headlines involving the auto industry and COVID-19 have told stories of market disruption, there was another area impacted by the pandemic: data privacy.

As the abrupt shift to remote work exposed new vulnerabilities and security risks, advancements in technological innovation, data privacy regulation and consumer demand for privacy protections continued apace. The percentage of those permanently working from home is predicted to double this year, and, as sales are not expected to rebound to pre-COVID-19 levels until at least 2023, auto companies will have to navigate new security and compliance matters with constrained budgets.

Here are four best practices to keep top of mind.

1. Implement comprehensive system security and access controls. After the widespread shift to remote work, companies realized that remote access capability and access controls to enterprise systems were major constraints. Legacy systems, especially, were prone to problems with availability, scalability and performance.

Looking ahead, companies likely will continue to prioritize short-term spending on security for remote workers. But companies also may consider deploying technologies that can be quickly adopted, such as cloud solutions and security services vendors. Remote connectivity should further facilitate security practices, including over-the-air updates and patches for vehicle software and electronic components. Enabling multifactor authentication and updating security monitoring capabilities and log management rules to ensure full visibility are other best practices.

2. Assess security hygiene for remote work. The rapid shutdown early in the pandemic meant that not all of a company's departments were set up for a remote work environment. With employees still working from home — and some set to do so permanently — companies should require employees to install corporate security software onto any personal device prior to connecting to the corporate network. They should also establish or review remote-access firewall rules.

3. Institute data privacy and compliance best practices across different jurisdictions. Today's privacy landscape is ever-evolving. As requirements converge, what happens in the European Union will impact what happens in the U.S. For companies that have widespread operations, understanding how their operations fit into these privacy schemes — and how to maintain a robust program adaptable to specific jurisdictions' requirements — is crucial for regulatory compliance and consumer trust.

And remember: While a robust privacy program may comply with certain notice requirements and consumer rights implemented by privacy laws, it does not protect a company from unauthorized uses or disclosures. Companies should continue to implement security practices that provide the best cybersecurity protection.

4. Make it a priority to meet changing customer privacy expectations. Consumers are becoming more aware of the risks of certain technologies in their automotive products, as shown by niche industries selling Faraday cages for key fobs. By making privacy and security a priority in their products — and making that prioritization clear to consumers — companies will be able to leverage that reputation as they branch out into autonomous vehicles and components.