The Data Centre on Four Wheels
Modern vehicles are rolling data centres. A typical new car contains dozens of electronic control units (ECUs), infotainment systems with solid-state storage, telematics modules that communicate with manufacturer servers, and advanced driver assistance systems (ADAS) that process and store camera, radar, and lidar data. When vehicles are disposed of, decommissioned from a fleet, or have their IT systems replaced, the data stored across these systems requires consideration.
For fleet operators, rental companies, government agencies, and any organisation that manages vehicles, automotive IT data destruction is an emerging compliance consideration that intersects with both privacy law and e-waste management.
What Automotive IT Systems Store
The data stored by modern vehicle systems is extensive and often surprising in its scope.
Infotainment systems: Navigation history and saved destinations (home address, workplace, frequent locations), paired Bluetooth device records (phone names, contact lists synced from phones), call logs and text message content (when synced via Bluetooth), Wi-Fi hotspot passwords, streaming service login credentials, voice assistant command history, and USB device connection logs including cached music and media files.
Telematics and connectivity: GPS location history and route tracking, driving behaviour data (speed, acceleration, braking patterns), vehicle diagnostic information, SIM card data for connected car services, and over-the-air update logs.
ADAS and camera systems: Stored dashcam or surround-view footage, event data recorder (EDR) information including pre-crash data, calibration data that may include images of the vehicle’s surroundings, and machine learning model data trained on local driving conditions.
Fleet management systems: Driver identification and assignment records, fuel card and expense data, compliance records (hours of service, pre-trip inspections), client or delivery destination information, and communication logs between drivers and dispatch.
Privacy Implications
Much of the data stored in automotive IT systems constitutes personal information under the Privacy Act 1988. Location history reveals where a person lives, works, and travels. Call logs and contacts are clearly personal data. Driving behaviour data may be used to profile individuals. Synced phone data can contain highly sensitive personal information.
When a vehicle changes hands, whether through sale, trade-in, lease return, or fleet disposal, any personal data remaining on the vehicle’s systems could be accessed by the next owner or by anyone who gains access to the vehicle’s storage. This represents a potential privacy breach that organisations must address.
Sanitisation Challenges
Automotive IT systems present several unique sanitisation challenges. Unlike computers where the storage can be removed and independently wiped, automotive storage is typically embedded in control modules that are integrated into the vehicle’s electrical system. Accessing the storage directly often requires specialised tools and knowledge of the specific vehicle platform.
Many vehicle systems use proprietary hardware and software platforms that do not support standard data destruction tools. Each manufacturer has its own infotainment platform (Ford SYNC, Toyota Entune, BMW iDrive, Tesla’s proprietary system), and the data management and reset procedures differ across all of them.
Data is distributed across multiple independent systems within the vehicle. Resetting the infotainment system does not clear the telematics module, and clearing the telematics does not affect the ADAS system. A comprehensive sanitisation requires addressing each system independently.
Sanitisation Methods
Factory reset of the infotainment system: Most modern vehicles offer a factory reset option for the infotainment system through the settings menu. This clears paired devices, navigation history, saved contacts, and media. The specific menu path varies by manufacturer and model year. After the reset, verify that the system returns to the initial setup state and that no previous data is accessible.
Bluetooth device unpairing: Before performing a factory reset, explicitly unpair all Bluetooth devices. This removes the pairing records from both the vehicle and the phone, preventing the vehicle from attempting to reconnect with previous users’ devices.
Connected services deregistration: If the vehicle is enrolled in connected car services (such as Toyota Connected, BMW ConnectedDrive, or Tesla’s services), deregister the vehicle from the previous owner’s account. This typically requires action on both the vehicle and the manufacturer’s web portal or app.
Telematics module reset: For fleet vehicles with aftermarket telematics devices (such as those from Geotab, Teletrac Navman, or Samsara), remove the telematics hardware and clear any associated data from the fleet management platform. For factory-installed telematics, consult the manufacturer’s procedures for data clearing.
Physical removal and destruction: For vehicles that contained highly sensitive data (such as government or law enforcement vehicles), removing and physically destroying the infotainment and telematics modules ensures that no data survives. The modules can be replaced with new units if the vehicle will continue in service, or destroyed along with the vehicle at end of life.
Fleet Disposal Considerations
Organisations that manage vehicle fleets should include automotive data destruction in their fleet management procedures. When vehicles are returned from lease, sold, or transferred between drivers, a data sanitisation step should be part of the standard process.
Develop a checklist specific to each vehicle make and model in the fleet, documenting the location of the factory reset option and the steps required to clear each data-bearing system. This checklist ensures consistency across the fleet and reduces the risk of vehicles being disposed of with data intact.
Vehicles are now part of the IT estate, whether organisations recognise it or not. Including automotive IT systems in your data destruction planning addresses a growing risk that most organisations have not yet considered.