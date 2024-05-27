The fact that data can be extracted from car infotainment systems for investigations raises questions about privacy issues (Data extracted from car’s system used to nab speeding motorist in first such case here, May 24).

Such privacy issues are a matter of public concern as raised during the furore over the collection of data by the TraceTogether system during the pandemic. That system used Bluetooth technology that could be switched off.

Ensuring the security and privacy of data collected through the in-car system involves a multifaceted approach that includes both technical and procedural measures, which the authorities should clarify.

Does the in-car system come with data encryption? All data collected, stored, and transmitted should be encrypted using strong encryption algorithms. This includes data in transit over networks and data at rest in storage.

The police have said only authorised officers can extract the vehicle data, and all extracted data will be for the purpose of investigations. Limiting access is good but what are the protocols to ensure a strong authentication mechanism such as multi-factor authentication to prevent unauthorised access?

What is the personally identifiable information collected? The collection of sensitive information should be minimised to reduce the risk of exposure.

The authorities must and should have regular audits and monitoring procedures to ensure there is no unauthorised access or suspicious activities.

Motorists also need to know whether any incident response plan is in place to respond to any security incidents or breaches quickly.

There is no indication on whether police officers will be regularly trained on security best practices and the importance of protecting sensitive data. Also, how and when is motorists’ data deleted when no longer needed?

Motorists need to know their privacy is protected.

Richard Cheng