Post on 14-Apr-2022
transcript
2018 Best Best & Krieger LLP
Mitigating Transportation Technology Risks: Privacy, Data
and CybersecurityBB&K Transportation Technology Webinar Series
November 8, 2018
@smartertranspo
Company/BestBestKrieger
CHALLENGING ISSUES FOR DISCUSSION • Safe Integration – What is safe
enough?• Preemption• Regulation of Right-of-Way
• Connection to broadband deployment
• Interoperability• Tax and Revenue
• Paying for infrastructure • Privacy and Data Sharing • Terms of Use (i.e. mandatory
arbitration) • TNC Regulations • Equity • Public Trust / Adoption
TO BE THINKING ABOUT…
• Do we have/need a privacy policy?
• Are we collecting data on our system users? (i.e. do you have an app or online payment system?)
• Does GDPR apply?
• Are software contractors selling user data?
• Do we have the right protections in contracts?
• How to promote collaborative data sharing with private/public pilot projects around emerging technologies?
• What is our vision for integration of technology into transportation system?
EDUCATION AND TRUST
2018 Best Best & Krieger LLP
GREG RODRIGUEZ@smartertranspo
Best Best & Krieger LLP
Washington, D.C.
greg.rodriguez@bbklaw.com
www.bbklaw.com
Washington State Transportation Center
• A cooperative program to connect WSDOT
with the UW and WSU
• Use university expertise and capabilities to
help solve agency problems
– We often help with agency data issues
Washington State Transportation Center
• A cooperative program to connect WSDOT
with the UW and WSU
• Use university expertise and capabilities to
help solve agency problems
– We often help with agency data issues
Everyone Wants Data
• “ “Without big data analytics, companies are
blind and deaf, wandering out onto the web
like deer on a freeway.” – Geoffrey Moore
Public Vs. Private Sector
• Many public sector staff view it as the public’s
right to have access to the private sector’s
data
– “They operate on our infrastructure!”
• But private sector pays far more attention to
collection and use of data
– Public sector often ignores their own data
Private Sector
• Businesses are exposed to risks sharing data
– Loss of proprietary information to competitors
– Loss of control of customer interaction
– Loss of data value (through public release)
– Loss of trust from their customers
• Risk of increased regulatory burden, decrease in
profitability, increase in liability due to analysis of
business practices
How will the data be used?
• Can the private sector trust the public sector
to not give away their business secrets?
• How are the data to be used?
– Public FOMO versus Business fear of misuse
Trusted Data Repositories
• Proposed by multiple groups, intent is to
provide data to a single, trusted data source
– Issue: cost to operate
– Control of the data and its uses (governance)
• Data quality / integrity
• Data security
• Auditing and accountability
Summary (1)
• Sharing can be good, but is complex and can
impose considerable risk to businesses and
the privacy of data subjects
• Think/talk through allowable uses, and
understand the other sector’s risk/reward
position
Summary (2)
• Define the data to be shared
• Define the uses (and users) that are allowed
with that data
• Adopt policies on subject privacy and data
security
• Create audit and accountability procedures
BBK WebinarPrivacy, Data, and Cybersecurity
Jan Whittington
BBK Webinar
November 8, 2018
University of Washington, Seattle
Are We Sharing Data Yet?
Collective Action ProblemPublic benefits appear obvious
Private “costs” (to individual orgs) appear large
+ Institutional barriers
+ Concern about proprietary data
+ Investment to make shared data “useful”
“What are the benefits to my organization/firm?”
Trusted Data ProblemProtecting the data (security)
Protecting the data subjects (privacy)
Allowing for business competitiveness
Privacy in Location Data
Why Privacy?
Trusted Data Governance
Fair Information Practice PrinciplesTransparency, Individual Participation, Purpose Specification, Data Minimization, Use Limitation, Data Quality/Integrity, Security, Accountability and Auditing
Solving Problems of Public InterestPublic benefits that are widespread and obvious
Protecting Privacy of the Data SubjectProtection against re-identification as well as breach
Individual secure access
Privacy audits
Key Concerns
Handling sensitive data + Low bar of re-identifiability (mathematics)
+ Threat varies geographically (land use and density matter)
+ Query-based solutions (narrow mosaic ‘attack surface’)
Reducing bias in location datasets+ Population
+ Purpose or intention, from public point of view
+ Population represented in the data, and the private intent of its use
Conducting PIAs or risk/benefit analyses+ Low tolerance for risk (merge technical with legal protection)
+ Inform of scenarios/trajectories for re-identifiability and harm
+ Business decisions remain with public-facing firms
Legal context
Institutional EnvironmentAn unsettled area of law
+ Concerns about disposition of data held by firms
+ Carpenter case and third party doctrine
+ Agencies request public ownership of data
Current lack of protection for privacy in geospatial data
Role fit for a UniversityUniversities harnessing research to meet privacy challenge
+ Corporate Affiliate Program for private firms
+ Repository for privacy research on sensitive data
+ Privacy-protected data products on a contractual basis
https://www.uwtdc.org/
Fears about Open Data
https://www.uwtdc.org/
Medicine’s Model
Legal frameworkPhilosophy of mutual interest backed by strong governance:
+ Corporate Affiliate Program for location data privacy research
+ Data sharing and use agreements
+ Products for public consumption developed upon request
Private
Public
TDC
Hosting Heterogeneous Data
Simple ArchitectureMobility data is intrinsically heterogeneous – multiple secure endpoints
+ Triage hosts any files in any format for data that needs TDC protections but has not yet been parsed and processed.
+ Lake hosts json for data that does not necessarily conform to a standard API, but can be represented in a semi-structured data model
+ Warehouse hosts structured data uploaded through one of several standard APIs
Approach
Policies and protocols to address data ownership, access, use, and privacy in the interest of partner organizations and the persons represented by the data;
A neutral third-party hostwith transportation expertise to enable data sharing, analysis, and the development of applications;
Protection from the disclosure of unique traces privacy-preserving research and algorithms and the administrative and legal support available to the UW;
Secure cloud platformsecurity tools such as policy-based encryption key management to track and audit the uses and users of data
For More Information
https://www.uwtdc.org/
Jan WhittingtonPI, Transportation Data CollaborativeDirector, Urban Infrastructure LabAssociate Professor, Urban Design and PlanningUniversity of Washington
janwhit@uw.edu
A trusted third party data platform for monitoring and evaluating mobility services in cities
www.populus.ai
Regina Clewlow, CEO & Co-FounderB&BK WebinarNovember 8, 2018
THE IMPORTANCE OF DATA FOR MANAGING MOBILITY SERVICES
New mobility services (Uber/Lyft, bikeshare, scooters) are being launched in cities at an unprecedented pace.
Cities need data to developed informed policies and transportation plans. Their goals typically are to steer progress towards:
1
2
3
Safety: reducing transportation-related injuries and fatalities.
MOBILITY SERVICE ADOPTION IS ACCELERATING
Equitable access: improving availability and accessibility of transportation services to people of all backgrounds.
Efficiency: prioritizing efficient use of public space, and reducing transportation energy use/ climate impacts.
www.populus.ai
POPULUS MOBILITY MANAGER HELPS CITIES AND PRIVATE OPERATORS WORK MORE SEAMLESSLY TOGETHER - THROUGH BETTER DATA
Populus Mobility Manager
Our platform:
● Integrates and harmonizes live data feeds from all major mobility operators.
● Provides cities with a single, user-friendly dashboard for operational and planning needs.
● Securely analyzes and aggregates data to protect sensitive data, reducing the technical burden on cities.
www.populus.ai
NEAR-TERM OPPORTUNITIES FOR CITIES TO HARNESS MOBILTIY DATA
MONITORING OPERATORS
● Are operators adhering to scooter/bike minimums or maximums?● Are vehicles located in geographic areas that the city has incentivized or
restricted?
MEASUREMENT TO DRIVE DATA-DRIVEN POLICIES
● Are new mobility services expanding equitable access?● Are vehicle utilization rates high enough to justify potential increases in
bike/scooter caps?
NEW DATA FOR TRANSPORTATION PLANNING
● Where might the city place new bike/scooter infrastructure such as docking stations or charging stations?
● Where might the city add new bike/scooter lanes?
www.populus.ai
Questions? Thank you for attending!