Sign up to save your podcasts
Or
Share Data Is Hazardous Material: How Data Brokers Telematics and Over-Collection Are Reshaping Cyber Risk
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Data Is Hazardous Material: How Data Brokers Telematics and Over-Collection Are Reshaping Cyber Risk
The FTC has issued an order against General Motors for collecting and selling drivers’ precise location and behavior data, gathered every few seconds and marketed as a safety feature. That data was sold into insurance ecosystems and used to influence pricing and coverage decisions — a clear reminder that how organizations collect, retain, and share data now carries direct security, regulatory, and financial risk.
In this episode of Cyberside Chats, we explain why the GM case matters to CISOs, cybersecurity leaders, and IT teams everywhere. Data proliferation doesn’t just create privacy exposure; it creates systemic risk that fuels identity abuse, authentication bypass, fake job applications, and deepfake campaigns across organizations. The message is simple: data is hazardous material, and minimizing it is now a core part of cybersecurity strategy.
Key Takeaways:
1. Prioritize data inventory and mapping in 2026
You cannot assess risk, select controls, or meet regulatory obligations without knowing what data you have, where it lives, how it flows, and why it is retained.
2. Reduce data to reduce risk
Data minimization is a security control that lowers breach impact, compliance burden, and long-term cost.
3. Expect that regulators care about data use, not just breaches
Enforcement increasingly targets over-collection, secondary use, sharing, and retention even when no breach occurs.
4. Create and actively use a data classification policy
Classification drives retention, access controls, monitoring, and protection aligned to data value and regulatory exposure.
5. Design identity and recovery assuming personal data is already compromised
Build authentication and recovery flows that do not rely on the secrecy of SSNs, dates of birth, addresses, or other static personal data.
6. Train teams on data handling, not just security tools
Ensure engineers, IT staff, and business teams understand what data can be collected, how long it can be retained, where it may be stored, and how it can be shared.
Resources:
1. California Privacy Protection Agency — Delete Request and Opt-Out Platform (DROP)
https://privacy.ca.gov/drop/
2. FTC Press Release — FTC Takes Action Against General Motors for Sharing Drivers’ Precise Location and Driving Behavior Data
https://www.ftc.gov/news-events/news/press-releases/2025/01/ftc-takes-action-against-general-motors-sharing-drivers-precise-location-driving-behavior-data
3. California Delete Act (SB 362) — Overview
https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=202320240SB362
4. Texas Attorney General — Data Privacy Enforcement Actions
https://www.texasattorneygeneral.gov/news/releases
5. Data Breaches by Sherri Davidoff
https://www.amazon.com/Data-Breaches-Opportunity-Sherri-Davidoff/dp/0134506782
View all episodes
By Chatcyberside
5
22 ratings
The FTC has issued an order against General Motors for collecting and selling drivers’ precise location and behavior data, gathered every few seconds and marketed as a safety feature. That data was sold into insurance ecosystems and used to influence pricing and coverage decisions — a clear reminder that how organizations collect, retain, and share data now carries direct security, regulatory, and financial risk.
In this episode of Cyberside Chats, we explain why the GM case matters to CISOs, cybersecurity leaders, and IT teams everywhere. Data proliferation doesn’t just create privacy exposure; it creates systemic risk that fuels identity abuse, authentication bypass, fake job applications, and deepfake campaigns across organizations. The message is simple: data is hazardous material, and minimizing it is now a core part of cybersecurity strategy.
Key Takeaways:
1. Prioritize data inventory and mapping in 2026
You cannot assess risk, select controls, or meet regulatory obligations without knowing what data you have, where it lives, how it flows, and why it is retained.
2. Reduce data to reduce risk
Data minimization is a security control that lowers breach impact, compliance burden, and long-term cost.
3. Expect that regulators care about data use, not just breaches
Enforcement increasingly targets over-collection, secondary use, sharing, and retention even when no breach occurs.
4. Create and actively use a data classification policy
Classification drives retention, access controls, monitoring, and protection aligned to data value and regulatory exposure.
5. Design identity and recovery assuming personal data is already compromised
Build authentication and recovery flows that do not rely on the secrecy of SSNs, dates of birth, addresses, or other static personal data.
6. Train teams on data handling, not just security tools
Ensure engineers, IT staff, and business teams understand what data can be collected, how long it can be retained, where it may be stored, and how it can be shared.
Resources:
1. California Privacy Protection Agency — Delete Request and Opt-Out Platform (DROP)
https://privacy.ca.gov/drop/
2. FTC Press Release — FTC Takes Action Against General Motors for Sharing Drivers’ Precise Location and Driving Behavior Data
https://www.ftc.gov/news-events/news/press-releases/2025/01/ftc-takes-action-against-general-motors-sharing-drivers-precise-location-driving-behavior-data
3. California Delete Act (SB 362) — Overview
https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=202320240SB362
4. Texas Attorney General — Data Privacy Enforcement Actions
https://www.texasattorneygeneral.gov/news/releases
5. Data Breaches by Sherri Davidoff
https://www.amazon.com/Data-Breaches-Opportunity-Sherri-Davidoff/dp/0134506782
More shows like Cyberside Chats: Cybersecurity Insights from the Experts
View all
No Agenda Show
5,968 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
370 Listeners
The DSR Network
1,797 Listeners
Conspirituality
2,073 Listeners
What Rough Beast
64 Listeners