The public transport network of a region inhabited by more than 4 million people is run by a complex interplay of public and private actors. Large amounts of data are generated by travellers, buying and using various forms of tickets and passes. Analysing the data is of paramount importance for the governance and sustainability of the system. This manuscript reports the early results of the privacy analysis we are performing as part of the design process of the clearing system of the Emilia-Romagna region, in Italy, which will compute the compensations for tickets bought from one operator and used with another. In the manuscript it is shown by means of examples that the clearing data may be used to violate various privacy aspects of users and operators. As a possible solution, the privacy by design approach and its applicability to the described scenario is analysed, with the aim of integrating robust data management practices from the grounds up, instead of applying late and possibly ineffective countermeasures to existing processes.
PRIVACY ISSUES IN A CLEARING SYSTEM FOR A REGIONAL-SCALE PUBLIC TRANSPORT NETWORK
CALLEGATI, FRANCO;CAMPI, ALDO;PRANDINI, MARCO;
2014
Abstract
The public transport network of a region inhabited by more than 4 million people is run by a complex interplay of public and private actors. Large amounts of data are generated by travellers, buying and using various forms of tickets and passes. Analysing the data is of paramount importance for the governance and sustainability of the system. This manuscript reports the early results of the privacy analysis we are performing as part of the design process of the clearing system of the Emilia-Romagna region, in Italy, which will compute the compensations for tickets bought from one operator and used with another. In the manuscript it is shown by means of examples that the clearing data may be used to violate various privacy aspects of users and operators. As a possible solution, the privacy by design approach and its applicability to the described scenario is analysed, with the aim of integrating robust data management practices from the grounds up, instead of applying late and possibly ineffective countermeasures to existing processes.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
