Responding to concerns about privacy, the regional agency in charge of Clipper cards and FasTrak is considering reducing its retention of personal user data.
Currently, the Metropolitan Transportation Commission, which oversees both programs, retains personal information for Clipper card users for seven years and FasTrak customers for 4½ years. The Clipper card allows public-transit users to pay on multiple systems, and FasTrak is the transponder used for tolls.
Retaining the information is essential business protection for the private contractors that operate the services, said MTC spokesman Randy Rentschler. If a Clipper card user accuses the vendor of overcharging for a ride, records are necessary to verify the claim.
However, recent concerns have been raised about the retention time of people’s personal travel patterns. Supervisor John Avalos recently authored a nonbinding resolution calling for stricter privacy provisions after reports that law enforcement authorities subpoenaed travel data from the MTC’s personal records.
To address those concerns, the MTC is considering a policy decision that would reduce the retention levels of both the FasTrak and Clipper programs, Rentschler said. The agency has not come up with specifics, but it’s fully aware of the privacy concerns, he said. The policy will be discussed at the MTC’s operations committee today.
“We’re taking a look at our personal policies and asking ourselves, ‘How long is too long?’” Rentschler said. “This is something we can change at the policy level, so we’re exploring our options.”
No personal information is ever given out by the MTC, except under subpoena order, and that has only happened three times since 2010 for Clipper card users. All three subpoenas were related to criminal cases in The City, and the Clipper program has registered hundreds of millions of trips during that time, Rentschler said.
Still, Chris Conley, a technology civil liberties attorney at the American Civil Liberties Union, said there were strong concerns about storing and retaining customers’ personal info.
“The records of where you go on BART and Muni can be pretty revealing,” Conley said. “We understand that records need to be kept, but seven years seems excessive. You shouldn’t have to choose between using technology and losing your civil liberties.”
Conley said Internet service provider sonic.net recently went through the same calculus that the MTC is currently reviewing and determined that it didn’t need to retain users’ personal information for more than 30 days.