Loading articles...

Former privacy watchdog concerned about PRESTO card privacy

Last Updated Dec 7, 2017 at 7:47 pm EST

Ontario’s former Information and Privacy Commissioner is voicing concern over Metrolinx’s policies governing how police and law enforcement are able to access the data on commuters’ PRESTO payment cards.

The provincial transit agency has recommended several revisions aimed at providing greater transparency and clarity regarding the sharing of information of PRESTO user data. But Metrolinx will still provide rider data to law enforcement agencies without a warrant in several situations — including when there are immediate health and safety concerns, or during the investigation of a possible crime that occurred on a transit vehicle.

“For us, it really is important to get the balance right between personal privacy as well as to what’s in the public interest,” said Metrolinx President and CEO Phil Verster.

“Quick release of information that can affect incidents that are very serious on our own transit network can help to resolve issues, such as missing persons or an attack on someone.”

Under Metrolinx’s proposed new guidelines, a court order would still be required in most cases when authorities are investigating a crime that wasn’t committed on transit.

But that isn’t acceptable to Ontario’s former privacy watchdog.

“What is the distinction between on transit and not on transit? It doesn’t make sense,” Ann Cavoukian told CityNews.

“You should have a baseline protection that the information on your PRESTO card will not be accessed by law enforcement unless they have probable cause and they’ve gotten a warrant. If it’s an emergency, that’s something else, everyone accepts that. But you can’t say everything is an emergency. We should be able to have both privacy and security.”

Metrolinx says they will notify individuals whenever possible if their information has been disclosed to law enforcement. The organization also plans to release the number of requests made every year, with their first report coming in February. A spokesperson told CityNews the amount of requests is currently very low and that about half of them relate to missing persons.

Metrolinx has sent their updated PRESTO information-sharing practices to the Information and Privacy Commissioner for input. A response is expected later this month.

 

Join the conversation

Please read our commenting policies

Any privacy info PRESTO collects is safely encrypted in a secure data center. The rest of Metrolinx doesn’t deal with privacy info so it really doesn’t matter, except for credit card numbers for reserved parking and UP Express online tickets, and these credit card numbers are stored with a PCI compliant vendor outside of Metrolinx, to reduce reliability risk. Same with credit card and bank account numbers associated with PRESTO cards. And disclosing info to law enforcement is something that happens all the time, so notifying these individuals is already quite generous.

December 08, 2017 at 10:00 pm