Premiere Services last month announced it would be LKQ’s exclusive provider of remanufactured infotainment systems in the U.S. and Canada.
The July 1 news release stressed that the company would return the previously owned parts to “factory specifications” and eliminate personal information held within.
“We are excited to work with LKQ and support their mission of bringing innovative and value-based solutions to the market,” Premiere Service CEO Mark Puente said in a statement. “Mobile electronics parts are now critical to the proper functioning of a vehicle and accordingly have become some of the single most costly parts on a vehicle. The LKQCE program helps address these cost concerns. Additionally, many consumers are not aware that these systems contain and retain expansive personal data that can lead to identity theft when not safe-guarded. LKQ’s leadership in this area is second to none and we are proud to be part of a product line that is growing and changing the course of collision repair.”
“As the cost of mobile electronics components grows exponentially, the LKQCE program powered by Premiere Services enables LKQ to provide our insurance carrier and collision repairer clients with fully certified parts that are guaranteed to work upon delivery and are supported by a limited lifetime warranty; reducing costs and creating efficiency across the industry,” LKQ sales and marketing Vice President Terry Fortner said in a statement. “The LKQCE product line also supports LKQ’s efforts to not only safeguard personal data, but also to provide environmentally sensitive solutions.”
Protecting consumer data
Even if a shop declines to use remanufactured parts (some OEMs have issued positions against them), the LKQ and Premiere Services comments are worth reviewing as a warning and reminder to evaluate one’s own handling of sensitive customer data.
A significant amount of personally identifiable information (known as “PII”) might indeed be accessible within an infotainment system during a repair — or remain there after a vehicle is totaled and flatbedded away.
Asked if Premiere Services often saw information left within the components it restored, director of business development Phil Langley on Monday wrote that “the resounding answer is ‘Yes’.”
“We find evidence of PII on the majority of systems we bring in and remanufacture,” Langley continued in an email. “We are in the process of specifically tracking the preponderance of PII and hope to share that with the industry here soon. Though, our major initiative is to eliminate PII of course. I can share with you the results of a survey I was personally involved with at a salvage facility in late 2017. During that survey, a team of us randomly walked an entire line of salvage vehicles and identified the percentage of vehicles that had evidence of digital PII. Out of 135 vehicles completely at random, we uncovered that 62% of the vehicles has some measure of PII resident on the vehicle, ranging from recently called numbers all the way to name and address information…and more. At the time, nearly 2 years ago, 32% of the vehicles had what we would call critical PII: name and address-related information.”
He said he “found most alarming” the rise in vehicles with integrated door openers that could be paired with address information to “very easily” open a home’s garage door.
Langley said it’s possible that even a seemingly successful data wipe might actually have overlooked information found on a vehicle hard drive.
“We went so far as to even look at the underlying file structure of the equipment to determine that even if the primary screen had had the PII ‘wiped’, the actual data was still resident on the vehicle hard drive,” he wrote.
He said that while apps might teach “how to wipe the data from the display screen … most do not drill deeper into eliminating the underlying data from the systems’ hard drives.”
Privacy4Cars.com founder Andrea Amico offered a similar assessment last year, warning the Connected Car Insurance USA audience that a car could contain garage codes, home address, previous destinations, and details about calls and texts.
According to Amico’s presentation, a 396-vehicle study he did with the International Automotive Remarketers Alliance found personal information present 39 percent of the time in salvage vehicles’ phone/Bluetooth systems and 27 percent of the time in their GPS/navigation systems. Another study found personal information in 99 percent of more than 600 rental vehicles, and 86 percent of nearly 100 vehicles at a United Kingdom auto auction.
Shops should pay attention to Langley and Amico’s findings and their own liability regarding such matters. How sure are you as a shop owner that your employees aren’t accessing consumer data off the infotainment system and selling it off? How sure are you when you ship off a totaled car to parts unknown that a customer won’t mistakenly blame you for a breach of its data committed downstream?
Body shops and PII
The risk here could intensify for some repairers in California and other states who copycat its Assembly Bill 375.
Collision Industry Conference Data Access, Privacy & Security Committee Co-Chairman Frank Terlep (asTech) said other legislatures are examining the topic as well, presenting a slide listing Hawaii, Maryland, Massachusetts, Mississippi, New Mexico, New York, North Dakota and Rhode Island.
Under California AB 375, businesses doing $25 million or more in sales are by law in 2020 held to higher standards regarding customer data, the committee pointed out July 24. (Businesses that don’t make that kind of money but still handle 50,000 consumers a year also would qualify.)
Attorney Patrick McGuire told the CIC audience he was already getting calls from shops with concerns about PII under the California law. “It’s very broad,” he said.
A weak point in safeguarding that information could be one’s “lowest-paid employees” with access to data on-site in locations including an infotainment system, he said.
McGuire also recommended restricting access to such information whenever it had to be collected. For example, if only the front office needs that data, ensure nobody else in the shop can do so.
Premiere Services, July 1, 2019
Collision Industry Conference, July 24, 2019
An infotainment system on a 2019 Kia Optima SX is shown. (Provided by Kia)
A Uconnect 4C 12-inch screen on a 2019 Ram 1500. (Provided by Ram)