As a result of recent data breaches affecting Optus and Medibank in Australia, we have been reviewing how we can further protect your customers’ ‘identity data.’ This is specifically data that is commonly used not only when renting a vehicle but also for loan applications, credit card applications or other types of applications that need to verify a customer’s identity. The important pieces of information required are the customer’s DOB, driver’s license and or passport number. 

Rental Car Manager strongly encrypts all your customers’ data including the identity data mentioned above but will now also implement an ‘Identity data retention policy.’ This means that by default identity data will be permanently obscured 6 months after the drop off date for each customer’s booking unless the customer has future bookings. This will be configured as a system parameter, and you will be able to shorten or lengthen this setting as required for your business.  For information on setting the system parameter, please see the Setting the Retention Period for Sensitive Customer Data article. 

Below is an example of how the information will appear in RCM after it has been permanently obscured. You can see that the first and last characters are kept, but the rest of the information will be replaced with asterisks (*).

These changes will take effect from the 15th of November 2022 and will help ensure the strongest possible protection for your customers’ identity data. We strongly recommend setting the ‘Identity Retention Period’ to be as short as possible after completion of a booking to protect yourself and your customers’ data from any possible compromises.