Expert Panel: Leasing
Making sense of the vast amount of data produced from telematics can often be daunting, resulting in opportunities being missed and actions not being taken. Our expert panelists share their advice on how to make sure valuable fleet information is not getting lost
Around sixty-five per cent of businesses and organisations now use telematics, according to last year’s RAC Telematics report. And in a technology-driven world, this is set to increase. Whilst this is no doubt having a positive affect for fleet operations in terms of improving efficiencies, safety and reducing costs, increased data can also pose a challenge to companies – ‘data overload’.
Making sense of the vast amount of data produced can often be daunting, resulting in opportunities being missed and actions not being taken.
Rhys Harrhy from ALD Automotive explains the problem: “Today companies are faced with a sometimes overwhelming amount of information, feeding in from a number of different systems, in different formats and from different devices. Processing this data can often feel like a full time job and many businesses understandably lack the appetite, time and resource to dedicate to it.”
So what advice do our panelists have for fleet managers in this situation?
According to David Cooper from Arnold Clark Vehicle Management, the first step should be for fleet managers to clearly define the challenges that they face and what they are trying to achieve with any form of telematics.
Another initial step, according to Rob Mills from Daimler Fleet Management, is to understand what is actually useful information, and what is simply fleet data. Rob explains: “A well-run fleet will produce data that confirms that the fleet is being well run.
That in itself is useful data however real life fleet information should highlight areas of concern when drivers and/or vehicles are not performing to an acceptable standard, and where areas such as fleet risk and fleet performance need to be looked into further.”
ALD’s Rhys Harrhy agrees with this, and adds: “Rather than a catch-all approach that looks to measure every bit of data, companies will benefit more from working out what information is most important to them in achieving their objectives and focusing their efforts in these areas.”
Once an organisation knows what it wants to achieve from telematics, the way the information is presented is crucial if it is to be any benefit. Chris Salmon from SG Fleet says: “
A good supplier should be able to create summary data views and allow the fleet manager to look at exceptions rather than having to scan through reams of data – it is the exceptions that need the focus.”
Rhys Harrhy from ALD Automotive adds that “telematics systems that can aggregate information and present it in a simplified and digestible format will be invaluable to fleets struggling with a data overload”.
The risk of doing nothing
What happens if telematics data flags up dangerous driving from a member of staff, and the company turns a blind eye and does nothing? All panelists strongly agree that doing nothing is a huge risk, from a safety, legislative and cost point of view.
Chris Salmon from SG Fleet says: “From a corporate duty of care perspective, if an organisation ‘knows’ about a driver who is driving poorly or dangerously, then they have to act. At best they are suffering increased costs through fuel usage and pushing up their carbon footprint, but at worst they run the risk of injury to one or more of their employees with associated costs or injury/damage to third parties. Ultimately there is the very real risk of a corporate manslaughter conviction.”
Chris is referring to the Corporate Manslaughter Act, which means companies can be found guilty should their staff be killed whilst driving for work, if there is evidence that there was a “gross breach of duty of care”. What’s more, in February 2016, tougher sentences were introduced for those found guilty of the crime.
Companies and organisations must therefore demonstrate that they are actively assessing the risks involved with driving for work, such as driver hours and journeys, and make sure they act on any information that flags up safety issues.
David Cooper says: “Any evidence of poor driving taken from telematics data should be taken very seriously, even if there is no specific legal obligation to report this. Companies must act on any data showing poor driving and the absolute minimum response should be further staff training and close monitoring of the situation.”
David adds: “Police have the right to seize telematics data using a court order. If this reveals any evidence that a driver posed a risk to others and no corporate action was taken, this will have serious consequences.”
Rhys Harrhy from ALD Automotive says: “Using the data to identify opportunities for training and improvement will help them to reduce the risk of accidents caused by poor driving, while enabling them to demonstrate a duty of care to their drivers. This is particularly relevant now that companies can face Corporate Manslaughter charges should a death occur as a result of a lack of duty of care.”
Rob Mills from Daimler Fleet Management also emphasises the need for companies to educate drivers on the dangers of driving while at work. He says: “When drivers are speeding or operating recklessly, they are wasting fuel and increasing the risk of a crash, which on top of the potential loss of life and injury consequences, the cost in monetary terms could be huge, where one single accident could easily cost million’s for the company at fault.”
New data protection rules
Another change affecting the fleet industry is the new General Data Protection Regulation (GDPR), which replaces the Data Protection Act, and will include the data gathered from telematics. It comes into force in May 2018 and applies to everyone that handles and processes data, across the whole supply chain.
The new rules give more rights to the individual in terms of access to data and consent of usage. Individuals must give consent to share their data and it must be given in an “unambiguous” way – meaning a tick box would not do. Explaining to drivers why data is gathered and exactly how it will be used is therefore crucial to gaining consent. The data an organisation holds on customers is also covered under the GDPR.
Rhys Harrhy from ALD Automotive says: “Transparency really is key when it comes to telematics and fleet managers must be absolutely clear with their drivers from the outset about why they are collecting specific vehicle journey data. This should involve the implementation of a clear policy that details exactly what data is collected, which data is shared with their employer and for what purposes the data will be used – e.g. to monitor and reduce CO2 emissions across the fleet, or as a tool to accurately measure fuel costs, for instance.
“Employers also have an ongoing responsibility to ensure that the need to collect data about their employees remains relevant, so regular reviews of the policy should be implemented in line with company objectives.”
Chris Salmons picks up on the subject of consent, saying: “Employees will need to explicitly authorise the use of data which can identify them. It is therefore likely that such authorisations will have to be revisited and the wording refreshed to comply with GDPR.”
Rob mills warns that the Information Commissioner’s Office (ICO) has already been looking closely at data breaches and issued a number of fines relating to consent. He says: “Given the reputational damage and sanctions the GDPR will bring, it is important fleet operators act soon to ensure compliance going forward.”
David Cooper from Arnold Clark says: “Fleet operators should familiarise themselves with GDPR and ensure that all key stakeholders are appropriately briefed on their responsibilities. Fleet managers are, in part, responsible for ensuring that a data subject is given the appropriate level of protection in line with the principles of data protection.”
Chris Salmon from SG Fleet highlights another potential challenge with regards to GDPR compliance. He says: “Particular attention will be needed to ensure all personal data is removed from vehicles and their hosted services at the end of a contract / vehicle use by that individual, which is very tricky. Sometimes the individual is the only person who is able to do this, so some emphasis has to be placed on them.”
Smart vehicles are increasingly becoming available and allow drivers to access maps, travel information and new digital radio services. But while smart cars and vans offer new services for drivers, it is feared would-be hackers could target them to access personal data, steal cars that use keyless entry, or even take control of technology for malicious reasons.
To help prevent this from occurring, the Department for Transport has announced new guidance for engineers so that new smart vehicles will have tougher cyber protections from hacking.
Hacking is a relatively new challenge for fleet operators, and we ask our panel what sorts of problems this crime could cause fleet operators.
Rob Mills from Daimler Fleet Management says: “Hacking is becoming more of an issue for fleet operators. Cyber criminals could target vehicles and then block the tracking devices on the vehicles so they can’t be traced when stolen.
Another example is once systems are hacked, criminals are also disrupting delivery schedules, with vans disappearing from the tracking system, then appearing in locations they aren’t actually in. This can be a huge issue for delivery companies.
There are also examples of criminals taking control of vehicles by sending data to the internet‑connected entertainment and navigation systems via a mobile-phone network.”
Chris Salmon from SG Fleet explains some other issues that can arise from hacking. “Other than vehicle theft, a criminal could track the vehicle to determine usage patterns, such as when a driver leaves home, therefore knowing when property is unoccupied for a burglary. A hacker could also cause accidents by forcing the failure of a vehicle. What’s more, a competitor could track your activities and in-vehicle communications and use it to their advantage.”
In order to safeguard fleet operations against vehicle hacking, David Cooper from Arnold Clark urges fleet operators to have clear policies in place to ensure that every connected device is regularly updated and that all staff are properly briefed on the correct procedures to keep data secure. He adds: “All parties involved, from fleet operators to leasing companies, must work together to ensure all systems are secure across the board.”
Rhys Harrhy from ALD Automotive says: “Whilst the onus is on the manufacturers to ensure the protection of data and vehicle security/vehicle hacking, fleet managers should continue to adopt best practice when it comes to data security. This will include simple things like ensuring the confidentiality of passwords and encrypting data files.”
David Cooper highlights other ways companies can prevent data breaches, such as “being cautious of plugging USB drives into your computers or smart vehicles, not connecting to unknown Wi-Fi hotspots, only using trusted connections, and ensuring that your device software gets regular updates and patches”.
Chris Salmon advises to treat vehicles like computers by “updating firmware and software when advised, keeping security information safe, and changing authentication regularly”.
David Cooper from Arnold Clark Vehicle Management explains what companies can do to protect any systems they develop. He says: “Fleet companies can prevent hacking technically when developing new systems by following the ‘data protection by design and default’ model, which is advocated by Article 25 of GDPR. This model promotes the idea that security should be the main priority when developing new systems and each component of development should be scored according to risk.
If the risk seems high then additional measures are employed to mitigate those risks to an acceptable level.”
Expert final thoughts
More than ever, fleet managers will need to be aware of the challenges that the propagation of data brings with it and they should look to work with trusted providers who take data security seriously.
Whilst the onus is on the manufacturers to ensure the protection of data and vehicle security/vehicle hacking, fleet managers should continue to adopt best practice when it comes to data security.
This will include simple things like ensuring the confidentiality of passwords and encrypting data files.
Anything that is connected to the internet is vulnerable to hacking and that includes smart vehicles.
It’s vital that fleet operators have clear policies in place to ensure that every connected device is regularly updated and that all staff are properly briefed on the correct procedures to keep data secure.
All parties involved, from fleet operators to leasing companies, must work together to ensure all systems are secure.
To keep pace with the modern digital landscape and increase in consumer rights, the General Data Protection Regulation (GDPR) will provide a much needed enhancement to existing data protection and privacy legislation in the UK.
As such, the changes are complex and likely to require significant enhancements to the way business is conducted and personal information is processed.
Given the reputational damage and sanctions the GDPR will bring, it is important fleet operators act soon to ensure compliance going forward.
Under the GDPR, employees will need to explicitly authorise the use of data which can identify them.