As with many other industries, protecting our customers’ data is vital to the development of connected experience technologies. We are mindful that there is always some level of risk associated with connectivity, but we believe those risks are outweighed by benefits such as increased safety and helping customers maintain optimal vehicle performance, as well as improved efficiency and convenience. We utilize privacy and cybersecurity by design, meaning that we seek to address these issues when developing new connectivity functions and services. GM understands that our customers’ trust is essential to our business, and we remain committed to meeting their expectations for privacy and cybersecurity.
In fact, GM has enjoyed a head start, compared with others in the industry, on addressing privacy and cybersecurity issues, thanks to nearly two decades of OnStar’s telematics services and connectivity. This experience, for example, has enabled us to leverage long-standing relationships with suppliers and network providers to address vehicle cybersecurity, as well as to implement defensive security strategies in a proactive manner.
How We Approach Privacy
GM puts the customer at the center of everything we do and is proud to be one of the first to commit to the automobile industry Consumer Privacy Protection Principles (CPPP). Though CPPP were set forth by the Alliance of Automobile Manufacturers in 2014, GM already had a set of similar principles in place that were self-implemented in 2009 and were based on globally recognized fair information privacy principles. In relevant part, these principles are based on:
- Transparency – Vehicle owners are clearly informed as to GM’s policies for data collection, including data use and sharing practices.
- Consent – GM does not disclose vehicle data or share vehicle data without a vehicle owner’s consent unless required by court order or exigent circumstances such as imminent loss of life.
- Protection – GM vehicle owners should expect protection of their personal data and that GM will take responsible measures to meet this expectation.
How We Approach Cybersecurity
We also take a layered approach to in-vehicle cybersecurity and are designing many vehicle systems so they can be updated with enhanced security measures as potential threats evolve. These efforts are led by our product cybersecurity organization, which now has more than 70 dedicated professionals. This team consists of internal experts who work with outside specialists to actively minimize risks of unauthorized access to vehicles and customer data.
This team also leads GM’s participation in industrywide efforts to develop and implement defensive measures and strategies to reduce cybersecurity risks. Our Chief Product Cybersecurity Officer, for example, is vice chair of the recently created Automobile Information Sharing and Analysis Center (Auto ISAC), which allows automakers to share potential cybersecurity threats. Auto ISAC celebrated an achievement this year in the passing of the Cybersecurity Information Sharing Act of 2015, which will help prosecute and prevent cybercrimes and allow automakers to share information about potential breaches. Industry initiatives, such as Auto ISAC, and risk management systems based on the National Institute of Standards and Technology Framework for Improving Critical Infrastructure Security, are key to providing automotive companies with appropriate guidelines, standards and best practices, while maintaining the flexibility needed to make rapid adjustments in a fast-changing technology environment.