Police are thrilled about the new world of digital vehicle forensics. But so are hackers.

Cars provide so much data now that it's become easy in some cases to prove guilt or innocence based on the mountains of data extractable from cars. 

Some cars can generate or harvest and then store four terabytes of data per day. Not only do cars now come with increasingly sophisticated telematics -- recording everything that happens with the car -- but in-dash infotainment systems harvest and store person data from your smartphone when you connect!

The same data that would require a password, fingerprint or face recognition to access is available on the car without authentication. 

Many new cars retain 20 kinds of data: 

1. call logs

2. contacts

3. text messages

4. emails

5. pictures

6. videos

7. social media feeds

8. smartphone apps installed

9. Wi-Fi passwords

10. calendar entries

11. smartphone browser cookies

12. web history

13. voice command recordings

14. location history

15. speed

16. acceleration

17. when the lights are turned on or off

18. when the seatbelts were put on

19. when the airbags were deployed

20. your weight

With this information police can reconstruct timelines, know how many people were in the car, get contact information, find out who called whom and much more. Police need a warrant to get the data from your car. But hackers don't. 

Cars are much bigger privacy risks than smartphones because the public has not been concerned about vehicle data privacy and the industry has not prioritised it. 

Also: There is no widespread practice of wiping data when a car is sold or rented. 

A new report yesterday from NBC News laid out some of the risks. 

While car data in Europe is protected by the GDPR -- data stored in cars is considered the property of users -- there are no federal US laws preventing the exploitation of user data stored on cars. (Carmakers have to keep crash-related data private, but that's all.)

McKinsey estimates that should they wish to monetize car owner data, carmakers could make $750 billion per year by 2030. There are currently no laws preventing them from doing so. 

Insurance companies may increasingly demand access to the data your car collects to determine your insurance premiums. 

There’s money in your car’s data. And it’s only a matter of time before carmakers, insurance companies and criminal hackers come to collect it.

I predict that hackers may increasingly buy cars, hack the data, then sell them -- and then figure out how to monetize the hacked data through blackmail, extortion, identity theft or by selling the data on the dark web. Variants on this theme are that hackers could rent cars previously rented by targets, break into repair shops to steal data or hack during test drives of used cars. 

What can you do about it? 

For starters, you can delete the data stored on by your car by using a free app called Privacy4Cars. 

As a society, however, we need laws that protect data on cars. We need tools and best practices for sunsetting data on a schedule, and also for wiping data on cars sold or rented. 

We've ignored the growing threat to privacy and security with the growing amount of data generated and captured by cars. It's time to do something about it.