Onboard event data recorders, telematics, and the underlying processes by which the transportation industry is collecting, storing, extracting, aggregating, analyzing, and utilizing data promise to fundamentally transform the manner in which personal injury cases are defended and tried. Recent legislation and cases dealing with such questions as to who owns and can use data collected in a transportation setting foreshadow the legal battles to come. In order to appreciate fully the magnitude of the changes these new technological advances are causing, it is helpful to review what they are.
Event Data Recorders
An event data recorder (EDR) is simply a read-write memory device similar to the black box mechanism found on airplanes. Today, EDRs are being installed in one form or another in almost every new automobile manufactured in the United States.
After years of debate, the U.S. Department of Transportation’s National Highway Traffic Safety Administration (NHTSA), in an effort to promote uniformity, adopted rule 49 CFR Part 563, requiring car manufacturers that voluntarily install EDRs to record 15 discrete automotive performance factors five seconds before and after a crash. These variables include how fast the car was traveling, whether the driver applied the brakes, whether the driver was wearing a seat belt, the time that elapsed before the air bags deployed, and how far the accelerator was depressed. This rule also requires manufacturers of EDRs to make a commercially available tool that would permit third parties to download information from the device.
In an effort to enhance further the use of information gleaned from EDRs and improve vehicle safety, NHTSA proposed a new safety standard in December 2012 that would mandate the installation of EDRs in all new cars, light trucks, vans, and SUVs manufactured in the United States beginning in September 2014. This proposed rule would be added to the Federal Motor Vehicle Safety Standards (FMVSS) and would require all “light vehicles” to be equipped with EDRs that “meet the data elements, data capture and format, data retrieval, and data crash survivability” of the existing regulation.
Thanks to advances in communications technology, the data downloaded from a vehicle is increasingly available to drivers, businesses, and insurers on a real-time basis. This wireless interconnectivity is called telematics. Telematics, as used in the automotive industry, refers to the integrated use of informatics and wireless technology for the purpose of sending, receiving, storing, and acting upon big data via telecommunication devices. Global positioning systems, navigation systems, traffic information, emergency response systems, and stolen-vehicle tracking devices are all relatively recent technological advancements that are premised on telematics. Telematics is no longer a niche product in the luxury vehicle market; it is now a business necessity. Current projections suggest that more than 60 million vehicles will be equipped with a telematics system by 2019.
The sheer amount of data each vehicle will generate is mind-boggling. The average car on the road today, which monitors everything from tire pressure to engine RPM to oil temperature and speed, can produce anywhere from five to 250 gigabytes of data per hour. Advanced concept cars, such as Google’s self-driving vehicle, currently generate about one gigabyte of data every second—the equivalent of sending 200,000 plain text emails or uploading 100 high-resolution digital photos. The collection and preservation of this information will pose significant logistical headaches for those who are charged with the duty of collecting, preserving, and sharing it, as well as for those who will be called upon to develop analytics programs to manage, analyze, and leverage the resulting data.
Telematics is being used in numerous ways to increase efficiencies in the transportation industry. Many automobile manufacturers and business owners are already utilizing telematics to support and improve vehicle maintenance. Some manufacturers are linking electronic control units that are designed to detect, identify, and isolate vehicle faults to telematics units, thereby permitting distant users to gain access to the information and transmit it to drivers and vehicle maintenance operators who can, in turn, perform the necessary repair. This type of data-driven maintenance approach will decrease drastically the long-term cost of vehicle maintenance.
Other manufacturers and owners are installing vehicle and trailer tracking devices to trace workers and equipment and monitor fuel consumption. Still others are developing programs to examine the driving performance of their employees by compiling data relative to an operator’s propensity to speed, brake hard, and otherwise engage in reckless driving behaviors. Some companies have begun to aggregate this information and subject it to proprietary predictive modeling programs in order to identify those drivers who are at high risk for being involved in an accident. Finally, a handful of companies now are developing real-time feedback systems that will permit an owner to intervene immediately and discourage unsafe driving practices.
The insurance industry, not surprisingly, is attempting to harness and leverage this technology as well. Insurers are attempting to exploit big data by creating personalized insurance policies that reflect an insured’s driving patterns and performance. This business model, whether packaged as pay as you drive, pay how you drive, or on a straight usage basis, is poised to revolutionize the concept of pricing in the insurance industry.
Emerging Legal Issues
The insatiable demand for big data by manufacturers, owners, insurers, government, and third parties will fuel a whole host of legal challenges in the area of black box technology and telematics. Courts and legislatures are struggling with such basic questions as who owns the data, who can gain access to the data, and for what purposes the data can be used. When confronting these issues, the legislative and judicial arms of government routinely balance the societal interest in improving vehicle crash and defect investigations against an individual’s interest in protecting his or her own privacy concerns.
Issues pertaining to the ownership of information supplied by EDRs are presently governed by state law. Currently, 13 states, including New York, California, Texas, and Virginia, have enacted legislation governing the ownership and use of EDR data. These states and NHTSA have taken the position that the owner of a vehicle also owns the data collected from an EDR. In addition, all 13 states require the express consent of the vehicle owner or operator or a court order before third parties can gain access to EDR data. Connecticut, for instance, requires law enforcement to obtain search warrants before gaining access to EDR data without owner consent. Oregon conditions EDR data disclosure “to facilitate medical research of the human body’s reaction to motor vehicle crashes” on the confidentiality of the last four digits of the VIN and the confidentiality of the owner’s or driver’s identity. Some states go even further. In Washington, for example, a person who gains access to EDR data without the consent of the vehicle’s owner is guilty of a misdemeanor.
Many states are concerned about the proliferation of insurance programs that seek to link individual insurance rates to information derived from an EDR. Some states prohibit insurance companies from requiring that their insureds grant them access to EDR data. Virginia, for example, bars insurance companies from reducing coverage, increasing premiums, applying surcharges, or denying discounts solely because a vehicle operator or owner refuses to grant an insurer access to EDR data. Similarly, Arkansas forbids insurance companies from requiring EDR data access as a condition for procuring an insurance policy.
Insurers, risk managers, and attorneys also must be prepared to defend against an attack on the integrity of their data collection systems as well as the processes by which the data is stored. One area the industry will be sure to struggle is how to collect and preserve EDR data from manipulation, abuse, and misuse.
The most common way of gaining access to EDR data is through an onboard diagnostic connector, or OBD-II. OBD-II systems allow auto repair technicians to use a standardized digital communications port to obtain information regarding the functioning of a vehicle’s various subsystems. Onboard diagnostic connectors unfortunately may be physically tampered with, thus permitting access to and manipulation of EDR data.
Information stored on an EDR, as well as on a vehicle’s wireless and non-wireless computer systems, is subject also to alteration since it is not routinely encrypted. Modern vehicles use a number of wireless devices, including Bluetooth and cellular connections, that expose the various computer systems in a particular vehicle to hacking. A vehicle’s computer system may be compromised just as easily today through the hacking of a wireless signal as it can through the manipulation of a physical port. Without proper encryption, the integrity of the resulting data can never be established legally. Of even more concern is the fact that, as insurers collect and preserve more and more personal information about their insureds, they face an ever-increasing number of cyber threats from online criminals. Promulgation of universal standards for safeguarding and insuring the integrity of data collected from EDRs as well as other telematics devices will be critical if the industry is to fully utilize and leverage this data.
The authentication, admission, and spoliation of data collected through these new technologies likewise will certainly spawn whole new areas of litigation. Trial attorneys who seek to exploit this data can surely expect to have to establish the reliability and acceptance of the processes by which the data is created, downloaded, and preserved at Frye or Daubert hearings. Similarly, as evidenced in Lorraine v. Markel Am. Ins. Co., they will have to be prepared to establish a chain of custody and lay a proper foundation for the admission of this data once the technology by which it is generated and maintained is recognized as reliable and generally accepted.
Finally, the industry must expect that plaintiffs will attempt to leverage the rules for collecting and preserving electronically stored information articulated by U.S. District Judge Shira Scheindlin in the landmark e-discovery case of Zubulake v. UBS Warburg. In Zubulake, Judge Scheindlin addressed in a series of seven decisions such fundamental e-discovery issues as when the duty to preserve electronically stored information attaches, the scope of the data that must be collected, who should bear the costs of recovering data that is not readily accessible, and what types of sanctions should be imposed for the spoliation of electronic data.
Adoption of a comprehensive data preservation policy today will go a long way toward reducing the size and scope of tomorrow’s spoliation and data breach claims. The takeaway for the transportation and insurance industries is clear: those companies that hope to harness the power of big data must be prepared to meet the legal challenges of this technology head-on or risk being run over by it.