Cover Image

Not for Sale

View/Hide Left Panel
Click for next page ( 77

The National Academies of Sciences, Engineering, and Medicine
500 Fifth St. N.W. | Washington, D.C. 20001

Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement

Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.

OCR for page 76
76 Smartcard Interoperability Issues for the Transit Industry may be dynamically loaded onto cards in a secure manner after they have been issued to cus- tomers,) no such system is commercially available at a marketable price. Until systems permitting the dynamic loading of applications are further developed and tested, adding an application to an existing smartcard system will only be possible with the manufacture and issuance of new cards. 6.2.2 Data Ownership and Access Rights Substantial value is associated with data related to customer characteristics. The data referred to in this discussion include all types generated and collected in operating the fare payment system--both related to customers (transit riders) and the agency. Any contract for a smartcard fare payment system must define the following clearly: Rights and Responsibilities--Associated with data generated through processing transactions; with the process of issuing, loading, and reloading transit-only cards; and with whether or not the transit application resides on a card with other applications. Data Management--Assurance that any card-holder or card-activity data and financial and operational data from an agency are held securely so that they can be accessed by and released to only those authorized. Confidentiality and Privacy Issues-Associated with personal (card holder) data created during fare payment system operations; data that can be linked to an individual card holder at any time are to be considered confidential and should not be released in any manner without card holder consent. For an agency-owned system, data ownership follows existing rules and regulations as they apply to public agencies. Some data, such as capital and operating expenditures, are subject to the Freedom of Information Act. However, personal data generated during fare payment systems operations should be excluded and only released in the most compelling circumstances to the proper authorities. For example, in the Hong Kong program, most cards issued are anonymous-- approximately 10 percent are personalized (registered). If customers are not reasonably confi- dent that privacy is protected they will be unlikely to accept this new form of fare media. When a smartcard fare payment system is bank-sponsored, consortium-owned data ownership ultimately becomes a cost issue. Data ownership is an intangible benefit for which quantifying a value to a particular organization is difficult. The value of the data depends on how the data will be used by the capturing entity. In the most aggressive scenario, such data may be sold outright to an organization interested in targeting customers riding transit or using a specific transit mode. Regardless of the ownership model, data ownership has to be defined before entering a con- tractual relationship. However, data ownership requirements cannot be finalized until a fare pay- ment system concept is complete. The fare payment systems concept defines what data are generated and where in the system. During fare-systems operations, the fare payment system may generate temporary files, which a contractor may argue are proprietary and are an integral func- tion of the application software. A contractor may argue that the agency has no right to the files. Therefore, data ownership becomes a subject of negotiation once fare payment system services and equipment requirements have been finalized. 6.3 Identification of Stakeholders and Their Roles and Responsibilities As the smartcard program progresses and the system design is established, the location of the data at the different tiers in the architecture becomes evident. The stakeholder will vary depend- ing on the location of the data and how and where it is generated. Each stakeholder that needs to