Data security is among the paramount concerns relating to telematics. Obviously, telematics devices capture, store and transmit a huge amount of data across a range of different areas - including location tracking, driver performance and vehicle condition - and it is of the utmost importance that this data remains firmly safe and secure. Telematics providers are of course well aware of this and are taking various steps to provide effective data security.
WHICH PHYSICAL SECURITY FEATURES SHOULD I LOOK FOR FROM VEHICLE TELEMATICS DEVICES?
The on-board telematics device you choose will need a combination of protective security features. You should look for an anti-tamper alert - which produces an instant alert as soon as any attempt to tamper with the device is detected - and a tamper-proof cable connection, which again produces an anti-tamper alert at any attempt to remove its cover.
Backup internal antennas also allow the telematics unit to continue collecting and broadcasting data even when either or both of the external antennas have been disabled. A rechargeable internal battery will also allow the unit to continue operating normally when external power is disabled. These are some of the most important security features your chosen telematics devices ought to have.
HOW CAN I BE CONFIDENT THAT MY TELEMATICS SOFTWARE IS SECURE?
This is a crucial factor to take in to consideration. For example, all Teletrac Navman Director data and data processing takes place on our secure servers. No confidential information is held within the browser interface. We use industry standard Data Security Architecture design including CSA and FedRamp, as well as undertaking regular network penetration testing. We are formally registered and compliant with the Data Protection Act and EU Data Protection Directive.
Teletrac Navman clients can determine which users are permitted to access their data and their precise level of access, creating a username and initial computer-generated password which must be changed at first login. The client can add or remove users, change access levels and determine other factors such as password strength and password duration.
WHAT LEGAL PROTECTIONS HAVE BEEN PUT IN PLACE TO PROTECT PERSONAL DATA GATHERED BY TELEMATICS DEVICES?
In May 2016, European parliamentarians adopted the General Data Protection Regulation (GDPR), a package of legislation aimed at tightening up regulations surrounding the protection of personal data. This has a direct bearing on telematics in a number of ways. Firstly, it clarifies and strengthens the definition of personal data, so that more data which is collected falls within that remit. Data which can be used to identify individuals - including GPS data - is categorised as personal data under the new legislation.
What's more, the legislation - which is due to come into force in May 2018 - will apply to all firms doing business in the European single market and so UK firms will continue to be bound by it even after Brexit.
HOW CAN I BE SURE THAT DATA REMAINS SECURE AS IT'S TRANSMITTED ACROSS THE NETWORK?
At Teletrac Navman, data created by our on-board telematics devices is transmitted in tiny GPRS packets across our private VPN network. This is far more secure than the traditional method of sending data across a public network, and has the added benefit of being unaffected by congestion on the public network. This is the kind of security feature you should be looking for when choosing a telematics provider. In conjunction with the kind of physical anti-tampering security features as outlined above, this will go a long way to ensuring that your sensitive telematics data is kept safe and secure.
WHAT ARE TELEMATICS PROVIDERS DOING TO ENSURE SECURITY IN HOSTING?
Teletrac Navman's hosting company provides exceptional levels of protection, holding both ISO27001 and Cyber Essentials Plus certification. Data stored within our Director fleet management system is protected from migration outside of defined geographic areas - within the EU, in the case of the UK. The hosting cerntres we use are anonymous, with no external identification, and have physical security in place 24/7.
Director data is hosted in three geographically disparate EU hosting centres, and any failure results in a fully automatic move to an alternative centre with no service disruption. Servers are fully backed up on a daily basis, and the system is monitored constantly by Teletrac Navman IT support staff. You must ensure that security precautions of this ilk are in place when you select a telematics provider.
CYBER ESSENTIALS CERTIFIED
In addition, telematics providers can obtain Cyber Essentials certification, a government-backed scheme to help businesses bolster their protection against cyber attacks. The certification ensures that certified businesses have technical controls in place for 5 key technical areas, Boundary Firewalls, Secure Configuration, Access Control, Malware protection and Patch management. All telematics businesses bidding for government contracts must be Cyber Essentials certified.