Published on Friday, 10 June 2011
Computer technology has led to phenomenal improvements in automobile quality, safety and performance. It has also created major challenges for automakers and dealers in dealing with issues of privacy.
Two recent, high-profile stories about massive data breaches, at Sony Corp. and Honda Canada, illustrate how vulnerable our personal information is in the digital age. The fallout from both cases is still being felt.
In the case of Honda, 230,000 customers' names, addresses and vehicle identification numbers were stolen from the company's websites, a story in the Toronto Star reported.
Privacy experts familiar with the case believe that this stolen information could be used for "phishing." Phishing is a term for e-mail fraud conducted for the purposes of information or identity theft.
Computer hacking is not confined to public and private companies either. In February, hackers successfully penetrated the computer systems of the federal government.
The damage caused by security breaches is often intangible and difficult to calculate, but not insignificant. The affected company suffers a loss of competitive advantage and a loss of business, negative media attention and the prospect of litigation.
All automobile manufacturers and their new car dealers have privacy policies about the collection, storage and use of customer information.
New car dealerships and auto manufacturers frequently review and upgrade their privacy policies. They constantly improve their practices and systems, and incorporate new safeguards to protect their clients' personal information.
In 2001, the federal government introduced the Personal Information Electronic Documents Act (PIPEDA). PIPEDA establishes rules that companies and organizations must follow in the collection, use and disclosure of personal information when engaging in commercial activities.
Under PIPEDA, individuals have the legal right to access and request correction of personal information that these companies and organizations have retained in their databases.
Last year, Industry Minister, Tony Clement, introduced a bill called the Safeguarding Canadians' Personal Information Act (C-29), which features amendments to the Canadian private sector privacy law.
In my opinion, Canadian companies, organizations and governments have done an adequate job in protecting private information, but we have entered a new era where hackers and criminals are gaining the upper hand.
According to a study by Telus and the Rotman School of Management, the percentage of IT security breaches in Canada rose 29 per cent in 2010.
The study also reported a "growing trend toward targeted and sophisticated attacks."
I'm no computer security expert, but it seems to me that Canadian companies, governments and law enforcement agencies need to take a more aggressive stance in protecting personal information. Current laws and attitudes are too lax.
Computer crimes are serious offences but I don't recall any high-profile arrests or convictions in Canada in recent years. Large-scale security breaches make the headlines for a week, and then they disappear.
Without the threat of serious penalties or punishment, hackers and criminals will continue to act with impunity and thumb their noses at the law.
Until now, the automobile industry has focused on protecting online personal information. But as vehicles become more integrated with computers and mobile technologies, another potential threat is waiting to be exploited.
What if a vehicle's internal computer networks could be breached? What if the braking system or engine could be compromised and manipulated by a clever computer hacker?
Maybe asking these questions and starting a public dialogue will motivate interested parties to step up their efforts to crack down on this unlawful activity.