Customer Data Retention Policy
As a result of recent data breaches affecting Optus and Medibank in Australia, we have been reviewing how we can further protect your customers’ ‘identity data.’ This includes data that is commonly used not only when renting a vehicle but also for loan applications, credit card applications or other types of applications that need to verify a customer’s identity. Rental Car Manager strongly encrypts all your customers’ data but will now also implement an ‘Identity data retention policy.’ This policy has Two Tiers of retention depending on the sensitivity of the data:
- Tier 1 is for more sensitive data and involves the retention of the customers DOB, driver’s license and passport number. By default, the retention of this data will be set to 6 months, meaning the data will be permanently obscured 6 months after the drop off date for each customer’s booking unless the customer has future bookings. This retention period can be lengthened or shortened depending on the requirements of your business.
- Tier 2 is for less sensitive data and involves the retention of the customers Email Address, Mobile Number, and Address Information. By default, this data will be set to Alway Retain, meaning that the information will never be obscured. However, you are able to set a retention period for this data that will act the same as described above.
These Tiers are configured by two different system parameters, and this is where you will be able to set the retention periods as required for your business. For information on setting the system parameters, please see the Setting the Retention Period for Sensitive Customer Data article.
Below is an example of how the information will appear in RCM after it has been permanently obscured. You can see that the first and last characters are kept, but the rest of the information will be replaced with asterisks (*).
These changes will help ensure the strongest possible protection for your customers’ identity data. We strongly recommend setting the ‘Identity Retention Period’ to be as short as possible after completion of a booking to protect yourself and your customers’ data from any possible compromises.
Important Articles
Related Articles
New - Customer Data Retention Policy
As a result of recent data breaches affecting Optus and Medibank in Australia, we have been reviewing how we can further protect your customers’ ‘identity data.’ This is specifically data that is commonly used not only when renting a vehicle but also ...New - Tiered System for Customer Data Retention
The Identity Data Retention Policy was implemented to prevent the compromise of customer information. This is done by permanently obscuring Identity Data after a set retention period. A recent update has been made to improve this Retention Policy by ...Setting the Retention Period for Sensitive Customer Data
Purpose The Retention Period for your customers Identity Data determines how long you retain their identity data before it is permanently obscured. Note that once the data is permanently obscured, it can no longer be viewed - this is irreversible. ...Data Export API's
Overview Rental Car Manager offers an API to export certain datasets. There is a cost to set up these APIs, please contact RCM support (support@rentalcarmanager.com) for more information. The information for how to start using this Export API can be ...GDPR Customer Management
Purpose RCM has provided specific functionality to cater for GDPR (General Data Protection Regulation) in the EU. This is an extension of the current Customer Management capability within RCM, and uses the same customer records. The functionality ...