National Academies Press: OpenBook

Legal Issues Concerning Transit Agency Use of Electronic Customer Data (2017)

Chapter: II. TRANSIT AGENCIES' AGREEMENTS AND PRIVACY POLICIES GOVERNING THE COLLECTION AND USE OF CUSTOMERS' ELECTRONIC DATA

« Previous: I. CONTACTLESS ELECTRONIC PAYMENT SYSTEM TECHNOLOGY USED BY TRANSIT AGENCIES
Page 8
Suggested Citation:"II. TRANSIT AGENCIES' AGREEMENTS AND PRIVACY POLICIES GOVERNING THE COLLECTION AND USE OF CUSTOMERS' ELECTRONIC DATA." National Academies of Sciences, Engineering, and Medicine. 2017. Legal Issues Concerning Transit Agency Use of Electronic Customer Data. Washington, DC: The National Academies Press. doi: 10.17226/24730.
×
Page 8

Below is the uncorrected machine-read text of this chapter, intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text of each book. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

8advertisers or to other third parties without a card- user’s consent.53 II. TRANSIT AGENCIES’ AGREEMENTS AND PRIVACY POLICIES GOVERNING THE COLLECTION AND USE OF CUSTOMERS’ ELECTRONIC DATA Because of the importance of protecting transit users’ privacy, “transit agencies must clearly commu- nicate how they collect, use, and handle personal information.”54 Transit agencies’ agreements, terms of use, and privacy policies are especially important defenses in whole or in part to any claims for breach of privacy. As noted in Section X.D, some states’ laws specifically require private and public entities that collect data on individuals to have a privacy policy and to inform the public of the entity’s policy. Fifteen agencies that responded to the survey reported having an agreement, terms of use, and/or privacy policy that they use in connection with elec- tronic payment systems.55 Eighteen agencies reported, however, that they do not have an agree- ment, terms of use, and/or privacy policy. Sixteen agencies said that they have a Web site that collects customers’ personal data when they use the site, but 17 agencies do not. The summary of the transit agencies’ responses to the survey includes links to the agencies’ agreements, privacy policies, and terms of use. Appendix D includes copies of agree- ments, privacy policies, and terms of use that some transit agencies provided. An example of a thorough privacy policy is MTC’s policy for its Clipper card. The policy identifies the types of information collected from its Clipper customers and the third parties with whom MTC may share PII. It also explains how customers are notified of material changes to the policy.56 MTC defines PII to include information that identifies or 53 See MTC Clipper® Program Privacy Policy, at FAQ (updated Nov. 12, 2014), hereinafter referred to as “MTC Clipper Program Privacy Policy,” https:// www.clippercard.com/ClipperWeb/privacy.do (last accessed Sept. 24, 2016). 54 Quibria, supra note 2, at 17 (footnote omitted). 55 See, e.g., ORCA Privacy Statement, http://www. soundtransit.org/sites/default/files/orca_privacy.pdf (last accessed Sept. 24, 2016); Miami-Dade County Transit Store, FAQ, https://transitstore.miamidade.gov/home/faq (last accessed Sept. 24, 2016); Metropolitan Atlanta Rapid Transit Authority, Breezecard Privacy Statement, http:// www.breezecard.com/htm/privacy_statement.html (last accessed Sept. 24, 2016); Southeastern Pennsylvania Transportation Authority, SEPTA Key FAQ, http://www. septa.org/key/faq.html (last accessed Sept. 24, 2016). According to the FAQ, SEPTA is launching the SEPTA Key and will be releasing a policy on data retention. 56 MTC Clipper Program Privacy Policy, supra note 53. 57 Id. at 1. 58 Id. 59 Id. at 2. 60 Id. at 1. 61 Id. 62 Id. at 3. 63 Id. 64 Id. at 1. 65 Id. at 3. describes a person or that may be linked directly to a specific individual, such as a person’s name, mail- ing address, business name, alternate contact infor- mation, telephone number, email address, telefax number, credit card number security code and expi- ration date, and Clipper card serial number, as well as a person’s “travel pattern data.”57 Travel pattern data are collected as a result of an individual’s use of the Clipper card and Web site.58 Travel pattern data consist of a Clipper user’s trip start and end points, routes used, and dates and times traveled, but the information either is not associated with a specific individual to create anonymous data or is combined with other data to create aggregate data.59 MTC may provide aggregate data to others to generate statistical reports to manage the Clipper program’s operations.60 The term “aggregate data” is defined in the policy to mean “statistical information that is derived from collective data that relates to a group or category of persons from which PII has been removed,” so that the data only reflect “anony- mous people.”61 Aggregate data contain no informa- tion that could be used to identify or contact Clipper card customers.62 MTC may, however, “remove all PII from data developed as a byproduct of the use of the Clipper® FPS to create Anonymous Data that may be disclosed to third parties. MTC may use Anonymous Data for any of its statutorily- authorized purposes and may make Anonymous Data available to third parties.”63 MTC states that except as otherwise provided in its policy, it does not provide PII collected from customers’ Clipper accounts to any third party with- out a customer’s consent, that PII will never be provided to advertisers, and that MTC will maintain a secure environment for a customer’s personal information.64 The Clipper privacy policy cautions patrons, however, that they are responsible for safe- guarding “passwords, PINs, and other authentica- tion information that may be used to access a Clipper® account.”65 MTC’s policy also informs patrons that MTC uses PII to process enrollments, manage accounts, respond to ques- tions, send customer emails about Clipper® program updates, provide information regarding significant changes

Next: III. PRIVACY RISKS ASSOCIATED WITH TRANSIT AGENCIES' COLLECTION OF CUSTOMERS' ELECTRONIC DATA »
Legal Issues Concerning Transit Agency Use of Electronic Customer Data Get This Book
×
MyNAP members save 10% online.
Login or Register to save!
Download Free PDF

TRB's Transit Cooperative Research Program (TCRP) Legal Research Digest (LRD) 48: Legal Issues Concerning Transit Agency Use of Electronic Customer Data explores the advantages, disadvantages, risks, and benefits for transit agencies moving to electronic, cloudbased, and other computerized systems for fare purchases and for communicating with customers. “Smart” fare cards are now commonplace, and private businesses and transit agencies are using or planning to use smartphones, smart cards and credit cards, and other systems to obtain payment, location, and other personal data from customers.

This digest updates TCRP LRD 14: Privacy Issues in Public Transportation (2000) and TCRP LRD 25: Privacy Issues with the Use of Smart Cards (2008) and covers additional dimensions of collection and use of personal information using new technologies developed since those studies. Appendix A-D are available online only.

  1. ×

    Welcome to OpenBook!

    You're looking at OpenBook, NAP.edu's online reading room since 1999. Based on feedback from you, our users, we've made some improvements that make it easier than ever to read thousands of publications on our website.

    Do you want to take a quick tour of the OpenBook's features?

    No Thanks Take a Tour »
  2. ×

    Show this book's table of contents, where you can jump to any chapter by name.

    « Back Next »
  3. ×

    ...or use these buttons to go back to the previous chapter or skip to the next one.

    « Back Next »
  4. ×

    Jump up to the previous page or down to the next one. Also, you can type in a page number and press Enter to go directly to that page in the book.

    « Back Next »
  5. ×

    To search the entire text of this book, type in your search term here and press Enter.

    « Back Next »
  6. ×

    Share a link to this book page on your preferred social network or via email.

    « Back Next »
  7. ×

    View our suggested citation for this chapter.

    « Back Next »
  8. ×

    Ready to take your reading offline? Click here to buy this book in print or download it as a free PDF, if available.

    « Back Next »
Stay Connected!