As service providers collect increasing amounts of data from customers and all of their connected devices, the opportunity to monetize that data grows – but so do threats to their privacy and security.
Simon Hania, Corporate Privacy Officer at TomTom, a Dutch manufacturer of automotive navigation systems, will explain how to walk this fine line during a TM Forum Live! session called Connected cars, location services, big data: How to do business and maintain trust. The session, which is part of the Security & Privacy Forum, will be held at 14:45 on Wednesday, June 4.
Hania recently spoke with Katrin Peranen, Senior Conference Producer, TM Forum Events, via email.
KP: What are some of the new data monetization opportunities that exist specifically for connected cars?
SH: At TomTom we focus on relevant travel and traffic services, which are partially based on crowdsourced data obtained from consenting users in connected cars or using navigation devices and apps while on the road. Typical examples are our Traffic Service, which allows highly accurate prediction of travel times, our Speed Camera service and services related to parking and fuel/charging stations. The services include reports at various levels of detail on how roads are being used and where congestion is occurring at what point in time, which also can greatly assist city planners and road authorities to optimize traffic flows and money spent.
KP: How do you strike the delicate balance of using customers’ data while still protecting their privacy?
SH: There are three elements to this: Explain to the driver what data is being used, for what purpose, who will have access and how long the data is retained; right-size the volume of data and the time period it is kept in association with the purposes for which it is collected; and allow the driver control through easy-to-use opt-in and opt-out capabilities available in the car or in the app itself.
KP: What is required to maintain user trust?
SH: Paramount is to avoid unpleasant surprises. Be honest and open; explain in a user-friendly way what happens and stick to that. Tell what you do and do as you tell.
KP: Where do you see the biggest threats to security and privacy?
SH: Executives bragging about how secure they keep the data from their users, who subsequently experience a security breach because in doing so they attracted more determined attackers. And executives, especially marketing and sales executives on conferences, bragging about their big data plans and how in great detail they can follow the behavior of their users, not realizing they break EU privacy laws and at the same time stir up negative publicity. Their actions can break trust and affect entire industries and their economic potential.
KP: How important is threat intelligence sharing with partners in today’s connected world?
SH: The word ‘intelligence’ has gotten quite a negative connotation, due to the behavior of state intelligence services, so I prefer to avoid the term. But sharing knowledge on threats is paramount to properly assess one’s risks and balance that with cost.
KP: What can companies do to proactively reduce cyber security threats?
SH: Know what data you have and what you use it for. Do a continuous risk assessment – outside in. Don’t forget the risks you are creating for your end users. Minimize data in volume and retention time — what you do not have cannot be compromised.