Opinion: Fleets can improve data protection by adopting ‘privacy by design’ approach

By Alain Samaha, president at Teletrac Navman

We are now in the most evolved period of fleet management that has ever existed.

Fleet operators of all sizes have, or are in the process of adopting advanced, AI-enabled technology to address the challenges associated with fleet efficiency, safety, and sustainability.

This advancement in technology naturally offers an increase in available data – brilliant for uncovering business critical information to act from, but greater complexity regarding privacy and data governance.

While data is seemingly the ever-present ‘thing’ that makes the whole world go round, it is also quickly becoming more regulated and a larger target for bad actors – this is something fleet operators need to be hugely cognisant of.

Many fleets now integrate a mixture of cloud-based AI-enabled fleet management platforms plus vehicle and video telematics data into their operations.

Adopting this technology successfully is a huge achievement for any fleet but the steps to plan for such an implementation are just as pivotal.

This is where taking a ‘privacy by design’ approach, coupled with transparent customer and colleague communication, can pay dividends for effective data protection and governance.

Essentially, this is thinking about data protection, privacy rights, and governance at the onset of any solution onboarding, and developing privacy protections into the integration.

Operators need to be identifying the data that a solution, or combination of solutions may provide as well as its use cases – what are the tags and quality metrics that make that data meaningful to collect. This is paramount for any data governance program.

Personal data that has been collected must have value and a rational use, otherwise it shouldn’t be collected.

Adding clarity to the data you want to collect also doesn’t mean you’re ready to go.

With fleet solutions now gathering so much personal data, including driver identity, location, driving behaviour, and footage of drivers from inward-facing dashcams, those affected by the intended data collection need to be consulted to build trust.

The best way to approach this is thinking: what personal data would I be comfortable with someone else collecting?

They need to understand what data is being processed and be given clear information; the key metrics here are being transparent, giving consent options where appropriate, and treating others, and their data, as you would want to be treated.

Why is that important? There’s myriad data privacy regulations.

For fleets operating on an international basis, compliance with all of them is nearly impossible.

Operators need to find the commonalities across the regulations and regimes – they’re all looking to achieve the same goal but may require different things to get there.

Being able to show you are using data appropriately, thoughtfully, and respectfully will be paramount in avoiding issues and penalties.

And privacy by design is not just about the rationalisation of data points being collected.

Making sure you have the right protocols on the back end – e.g. retention schedules, controls over who has access and how they are trained to process data, security controls, and encryption levels – is vitally important to your data protection program.

For example, defining where data is stored and how long for, how and when it gets deleted, or anonymised when no longer needed, will show employees and authorities the data is being utilised properly.

Data privacy and governance is very much a team effort. By building a data-aware culture within a company and bringing privacy by design into the operational philosophy, fleet operators can better serve and protect their customers and colleagues.

AI is changing the landscape dramatically and so the importance of ensuring the right, ‘clean’ data goes into any AI-enabled fleet solution is fundamental to successful AI implementation within your organisation.

Having a data governance and privacy program is all but a pre-requisite to identify what is the “right” data and when it is it “clean” enough for integration in AI systems. 

This is also of vital importance in maintaining regulatory compliance, which is also evolving at pace to keep up with the changing tech.

One thing to keep in mind is that once data is integrated by an AI system, it’s very hard, if not impossible, to remove.

Always remember, what data would you be comfortable with being collected, and consider that as the start of any conversation around solution integration.