Navigating the data privacy landscape

If customer data is not protected then the journey towards better, less polluting public transport solutions is likely to be delayed, warns Alexis Suggett of Cubic Transportation Systems
July 24, 2023
By Alexis Suggett
© Freezeframe71 |
© Freezeframe71 |

In this digital age, society is becoming more mobile and distributed than ever before – a reality also demonstrated by the increasing importance surrounding data privacy and protection. Across the public transportation ecosystem, for instance, forward-thinking agencies are leaning on mobile applications to modernise and simplify users’ payment and reward-earning capabilities. Indeed, the way transport organisations collect, analyse and act on passenger data in all its forms has changed dramatically compared to just a few years ago.

Digital innovation’s impact on privacy

Taking a step back, where does this growing requirement for data protection and privacy come from?

Among the key determining factors has been the huge investment in digital transformation by transport service providers across the globe. Transport networks everywhere have embraced the benefits that the modernisation of legacy technologies and antiquated manual processes can deliver.

As a result, users have seen some significant changes in the way they consume transport services – a process many consider to be crucial for the future prosperity and relevance of the industry as a whole.

But digital transformation isn’t just about efficiency and automation. It also offers a way for service providers to use contemporary technologies to significantly enhance the passenger experience, environmental performance and equality of access.

In particular, the growing adoption of Software as a Service (SaaS)-based technologies is giving transport providers the tools to design and implement innovative and affordable information-driven passenger experiences. In practical terms, this has seen integrated payment solutions rolled out across a wide range of communities, with services designed to meet the needs of varying consumer demographics and requirements.

For instance, in Milwaukee, US - a city of more than half a million people - the County Transit System is being built around a SaaS-based fare collection solution. This has been designed to meet the needs of transit riders across the community, including those without smartphones or who don’t have a bank account. Enabled by this powerful back-end technology infrastructure, riders can use a variety of ways to pay for their journeys, ranging from contactless cards and a mobile phone app to a dedicated smart card or cash.

Elsewhere, Canada’s BC Transit, an integrated system conveying nearly 60 million passengers annually across 88 transit systems in 130 communities, is implementing coordinated payment services to improve regional customer experience.

Its approach is to focus on making the travel experience safer and more convenient – a capability which is increasingly in demand across major cities and rural communities worldwide.

Behind these various opportunities and challenges sits one factor they all have in common: the collection and use of data. Armed with enhanced levels of data-driven knowledge and insight, transport service providers have been empowered to roll out a huge range of enhanced services, innovative features and convenience. But with this increased use of customer data, it is essential that transport agencies ensure the various data cycles they rely upon are protected to prevent the risk of data loss and fraud.

Clearly, organisations across the transport ecosystem will collect, analyse and use different types of customer data to meet different objectives. For instance, city authorities everywhere now routinely analyse footfall and travel trends to optimise service provision, improve environmental performance and minimise overcrowding.

Similarly, ticketing processes have been changed radically by digital transformation. Until relatively recently, many passengers would still pay for their tickets with cash, meaning service providers had little or no insight into individual customer habits, let alone the ability to tailor services and pricing.

Today, using a website or app to purchase tickets almost inevitably means the service provider has recorded where and when the consumer has travelled before, alongside the type of services they typically use. Given these and a range of other data-led insights, the provider can offer more targeted and personalised options, improve the speed and convenience of the purchase process and, ideally, boost the overall end-to-end passenger experience. Without the ability to collect data on a passenger-by-passenger basis, almost none of this is possible.

Balancing privacy, cybersecurity and expectations

In today’s highly mobile and distributed communities, it’s hardly surprising that data privacy has risen significantly up the overall business and regulatory agenda. The near-ubiquitous adoption of mobile apps across today’s transport networks, for instance, has led to them becoming de facto travelling tools. As more travel apps are downloaded, more user data is collected - and the opportunities and risks associated with its retention and use increase.

At the same time, new and more detailed data privacy regulations have arrived, bringing with them a greater range of data-related responsibilities for organisations in every sector. For example, GDPR has now been in place for nearly seven years. More recently, various new regional privacy laws in the US have extended the requirements and potential penalties for organisations that misuse or fail to protect customer data. Regulatory pressure and momentum continues to grow, with privacy laws now so pervasive and important that many organisations have dedicated teams to handle all the various requirements.

The growth of transit-related rewards programmes offers an interesting data privacy case in point. If a consumer uses a mobility or transportation app, they may well be offered real-time access to a range of discounts, loyalty schemes or other incentives that can add value to their experience or help build loyalty. In each case, however, the user has to agree to share some of his or her data, such as location, travel history or other details. Without this information, the service provider can’t maximise the relevance of their offers - which for today’s digital-savvy consumers has become not just a nice-to-have, but a minimum requirement.

For transport providers focused on customer care and trust, this brings with it huge opportunities but also a range of responsibilities. Indeed, any transport organisation handling customer data must implement robust cybersecurity and data protection strategies capable of detecting and mitigating the various threats they face.

In many cases, transport service providers work with a wide range of technology partners to deliver integrated digital services. The inherent supply chain vulnerabilities associated with these increasingly complex networks mean that they must also look outside their own processes to ensure customer data is also properly protected by their trusted third parties.

There is, however, a delicate balance to strike between the need to share data with outside organisations and locking it down so tightly that they lose the agility required to deliver the innovative digital services which customers demand. In this context, the choice of technology partners and service providers has become more important than ever to ensure that all relevant stakeholders share data privacy standards throughout the supply chain.

Getting privacy on track

In common with many industry sectors, transportation organisations and their customers have seen significant benefits from adopting digital technologies. There’s no doubt that today’s well-designed solutions offer improved levels of convenience and scope for continued innovation. This is particularly important for services that are looking to compete more effectively with road and air transport, to service the needs of diverse communities and to meet important accessibility requirements.

What’s more, public transportation networks are also set to play a long-term role in countries focused on crucial issues such as achieving Net Zero emissions. Getting more cars off the roads and more people using less-polluting mass transit options, for instance, is a major driving force behind public sector policy. In this context, transportation infrastructure will need to see further improvement if it is to present an even more compelling proposition. Central to this objective will be how organisations approach the use of customer data – without effective policies and protection, the journey to better transport solutions is likely to be delayed.

About the Author: 
Alexis Suggett is director, contracts and data protection officer at Cubic Transportation Systems

For more information on companies in this article