Welcome to 2020, the year that data rights take center stage; not just in the fleet world, but in the digital world as a whole. On Jan. 1, the California Consumer Privacy Act went into effect in the state. It basically boils down to the right for consumers to demand that companies delete all information on you that they have. How that happens and what it means for data rights and compliance going forward is still to be determined.
As a fleet manager, you’ve had a larger say in how your data is used as you negotiated end-user license agreements (EULAs) with your service providers compared with the general consumer population. (Depending on the size of your fleet, of course. Many small and mid-sized fleets haven’t had much weight to throw around to change unfavorable EULA terms.) As service providers have leveraged massive amounts of truck data to develop advanced offerings, EULA terms have evolved for everyone.
At Fleet Equipment, we’ve harped on the importance of reviewing your EULAs to protect your data rights, but here’s a new wrinkle: The data covered in one EULA that is integrated with another service provider is subject to that new EULA.
Confused? FE is here to help.
Consider location data. Your truck OEM has access to your truck’s location data via on-board telematics. Let’s say you also run a third-party telematics provider like Geotab, Verizon Connect or Trimble, to name a few. That service provider would also have access to your trucks’ location data. You’ve reviewed those two EULAs and are confident your location data is secure (protecting sensitive information that may relate to your lanes and clients). Now let’s say you want to integrate your data with a repair service software. You’ll integrate the data via APIs and streamline the data to enable your truck service partners to work smarter—but how does that new company handle location data?
Location data isn’t directly related to fault codes, but many companies pull that data in to enable fault code intelligence. Did you ask about it? Is it protected at the level that meets your expectations? Is your stomach dropping right now?
“I think everyone in this industry is exploring how to use data to make more informed decisions more effectively, and the way we all get there together is by constant communication,” said Noel Hopkins, Cummins director of digital and connected product planning. “Obviously, we have many lines of communication, but when it comes to what we can do with this data to help customers, whether it’s fleets or service providers, we want to continue that dialogue because we won’t get there alone.”
Technology makes communication quicker and more available, but rarely easier. Establishing trusted relationships with technology providers is just as important as the relationships you have with the rolling hardware OEMs and suppliers you depend upon.
If you’re having trouble getting the data security and privacy conversation rolling, here’s a good place to start:
“What I would recommend saying is: ‘I want to see your security documentation,’ said Scott Sutarik, Geotab’s associate vice president of commercial vehicle solutions. “And then ask: ‘What are you doing to keep my datasets secure?’ Vehicle location, driver behavior, shipping lane data, customer data—at the end of the day, data security is something you have to think about when you’re working with an OEM telematics provider or an aftermarket telematics provider.”
“Know what data your providers are keeping,” reiterated Julie Ragland, Navistar senior vice president and chief information officer. “Then you can talk about what security certificates and third-party security validation practices they keep.”
Standard security certificates have strange monikers like NIST 800-53.
“They have that? That’s good. Do they have FIPS 140-w? That’s really good too. Do they have ISO 27001? That’s good too,” Sutarik said rattling off security certificate jargon. As the fleet manager, you don’t have to know what those certificates do, but you do have to know that they mean your provider takes data security seriously. If those questions are met with blank stares, you might want to consider switching service providers.
Data security is important—it keeps your information out of nefarious hacker hands—but it won’t impact how your data is used according to EULA. Your data can be secure within the provider’s organization, but if they turn around and sell your data, they are within their right if it’s outlined in the EULA. Your best resource for navigating EULAs is your legal counsel. Many firms have lawyers that specialize in EULAs and the weird, confusing language therein. You don’t have to be the expert, but you have to find the person who is, communicate and get them involved as in all things business, equipment and data.