Do Not Track: A Guide to Data Privacy for New Transit Fare Media

Public transit agencies nationwide are offering new payment options, but many of these methods have the potential to significantly increase the personal data collected by transit agencies and their private subcontractors. Once collected, the data can be accessed by other government entities, exposed via data breach, or sold to private companies (in the case of private sector data collection). This policy brief explores the privacy risks of new transit fare media and recommends methods agencies can adopt to safeguard riders’ privacy. In particular, transit agencies should ensure that riders retain the ability to pay without being linked to a credit card account or other personal identifier, make secure data management an organizational priority, clearly and transparently communicate privacy policies, and use data sources that protect personal privacy.