You may recall that last month I warned of the problems that insurance related recording equipment may cause when clients test drive a customer’s vehicle.
The old adage “loose lips sinks ships” historically means “unguarded talk may give useful information to the enemy.” To our clients however it could give useful information to their customers who may, in turn, “go public” with the recordings.
A situation subsequently arose where a client had a customer’s car in for repair. Our client saw that recording equipment was in use and disconnected it. Two minutes after he did so, the customer was on the phone complaining. Saying that he wanted to be able to see what was being done to his car.
Our client said it needed to be disconnected in order to repair the vehicle but the question we were asked is whether a customer could otherwise insist on this. In the writer’s opinion, the answer is simple: NO
Notwithstanding the unease of staff working on the car there is an over-riding obligation on clients to comply with data protection laws. The ability of in car recordings to record both visuals and more importantly audio, exposes your business to the risk of data protection breaches.
The fact is that when a vehicle is being repaired on your private land it is simply not within the gift of members of the public to be allowed to record goings on. The purpose of the in car camera is essentially to either record driving or to establish fault in the event of any accident. It is for use for insurance purposes only.
It is of limited value to the customer’s stated view that he “wants to see what repairs are being done” because in most cases repairs will be undertaken under the bonnet or under the car and thus outside the vision of the recording apparatus.
The greater concern is that recording audio in particular could inadvertently breach data protection laws. A customer (or employee’s) personal data could easily be picked up by a recording device and be ripe for misuse by the person behind the recordings. For example, the door of the car is open whilst a mechanic undergoes repairs. In the background a colleague is talking on the phone to a customer and in doing so repeats the address and mobile number of the customer and ends with “thank you Miss Smith”. This personal information is picked up on the recording device and is then available to the owner of the vehicle. That in itself causes you problems but imagine if the car owner then decides to contact her with the information your garage held and has disclosed………
For fraud prevention also – if a staff member is repeating the payment details of a customer over the phone, which is picked up on the recording device – could have a significant adverse effect.
For data protection compliance you ought therefore, to remind customers that they must disconnect any recording equipment and notify their insurers accordingly and that if they leave the vehicle with you without having done so, you will disconnect it yourselves.
On average 55 vulnerabilities are identified daily.
What can I do?
Review your organisations priorities and ask ‘can we afford a breach?’. What do I do during an incident? Who do I involve? When do I involve the ICO?
If you’re unable to answers these questions, you need help from the experts.
HOWEVER I do feel that where the vehicle is test-driven before or following repair, the recording apparatus must be re-connected. For no longer should there be any inadvertent data protection breaches but the driving element being recorded protects the car owner and your staff should there be any accident suffered. It may also help prove that the repairs were carried out satisfactorily. Just remember, staff that test drive cars should always do so in the same way they would as if the owner was in the car with them – because there may well be the possibility that someone may actually be watching!