Industry Advice Ask Mike: What Are Some Key Considerations for Protecting Personal Data in Total Losses?
with Mike Anderson
This month, we “Ask Mike” to share his thoughts on the protection of consumers’ personal information in total loss vehicles. We at Hammer & Dolly hope you find the following exchange useful, and we encourage you to reach out to us if you have a question for Mike on this or any industry-related matter that he can answer in a future issue.
Hammer & Dolly: The protection of personal data is always important, especially these days when our cell phones are scanned 50 times a day for one reason or another. What are your primary concerns with personal data with respect to collision repair, particularly when it comes to total loss vehicles?
Mike Anderson: Nobody’s car is just a car these days. It’s common for people to have everything from their phones to their garage door openers connected to them. Perhaps their iTunes account is synced to the car through their phone, and their home address could be stored in their car’s GPS. When that vehicle becomes a total loss, all personal information needs to be removed from it. Shops should refer to the owner’s manual or the electronic service manual for the OEM procedures. That’s a not-included item, but I believe most consumers would want to pay to have their personal information removed if the insurer doesn’t pay.
I once read about someone who purchased a used vehicle and made purchases through a music app that the previous owner had installed. That should never happen.
When you quality-control inspect a vehicle after it’s repaired, how do you ensure that a phone is synced to it? You want to have the customer confirm that everything is synced properly before they leave. The shop should perform a post-repair scan and a functionality test to make sure there isn’t anything still unplugged or disconnected. I recall being at a shop when a customer brought their car back because their phone wouldn’t sync. More shops need to be thinking about these issues. It’s not a matter of just checking the lights and door locks.
Let’s say you’re working on a vehicle owned by a high-ranking government official or a military officer. They’re not going to want their data out there to where someone could learn where they live. That consideration is more critical now than ever before.
H&D: And just because a car is a total loss doesn’t mean it’s not returning to the marketplace in some way down the line.
MA: Yes, you still have a lot of people buying vehicles through auctions. They’re rebuilding them and putting them back on the road with salvage titles. Someone could be driving a vehicle that contains someone else’s data. I’m not saying this would happen, but someone could theoretically break into a car and know exactly where the owner lives and retrieve passwords and other sensitive information that had been synced through the user’s phone.
H&D: Based on what you’ve seen at shops across the country, how deep is this concern? How widespread is the lack of protection for personal information during vehicle repairs or total losses?
MA: I’ve only heard of one or two instances, but that doesn’t mean it’s not happening. It’s something every shop should be mindful of now and in the future. You can’t turn on the news anymore without learning about some sort of cybersecurity attack. People shouldn’t store passwords on their phone, but I suspect a lot of people do. Even if the chances of someone accessing that information through a vehicle are slim, there’s always a possibility if you leave the door open to a potential attack.
H&D: The bottom line is that a vehicle owner’s personal information is as much their property as the vehicle itself, and shops should treat it as such. You wouldn’t let the customer leave their wallet on the front seat, so you should not allow their personal information to be left stored in their car.
MA: Asking the customer, “Would you like us to erase your personal data?” should be a critical step in the total loss process. Even if that’s not an included operation, I know that I, as a consumer, would pay to have that data erased.
H&D: I’d suspect most consumers would expect that their data would be removed anyway, especially in 2025.
MA: Honestly, I don’t think most consumers even think about it. Most of them aren’t in accidents too often, let alone have a total loss. It’s not top of mind for them; most of them are likely just thinking about getting another car. That’s why we have an obligation to bring it to their attention and tell them what they don’t know.
H&D: If you were a shop owner today, what would be some of the legal landmines you’d be concerned about with respect to this issue?
MA: I’m not a lawyer, but if you charge to do this but don’t do it properly and the customer later gets hacked, I would have to think there could be some liability there. You definitely want to confirm you’re doing it the proper way.
The answers to these questions are simple, but they’re ones that shops should consider more deeply.
Want more? Check out the November 2025 issue of Hammer & Dolly!