A flexible toolkit, the Mobility Data Specification (MDS) was created as multiple distinct components to address the different operational needs cities and companies have. Ultimately, how cities use MDS depends on a variety of factors: transportation goals, existing services and infrastructure, and the unique priorities of their communities. As useful as MDS data is for cities to manage the public right of way, it can contain information about movement that is sensitive. No matter how cities use MDS, there are concrete steps they can take to ensure that citizen privacy and data security are protected. Key to planning for privacy is identifying use cases, assessing readiness and applicable laws, and providing for transparency. Dive deeper into these topics and more in the MDS Privacy Guide for Cities.
IDENTIFYING USE CASES
While the possibilities are broad, understanding your organization’s specific needs and goals – and how you intend to use MDS to meet them – is a critical first step in implementing MDS in a way that centers citizen privacy and data security. A metaphor we like to use to illustrate this point is cooking in the kitchen. Before you break out the frying pan and the spatula, you first need to decide what you want to eat. Knowing what you need the tools for will help you reach your goal while keeping your space clear of things you don’t want or need.
Your use case(s) will inform key decisions you make in your approach to managing MDS data. While attention to privacy and security is essential when working with any MDS feed that contains sensitive information, the specific steps you take to protect your data will depend on the data attributes required to fulfill your use case.
MDS supports a wide range of use cases for public agencies who manage transportation systems. Some common use cases include managing shared mobility program operations, administering regulatory policies, and conducting planning analyses. How broadly or narrowly you define your use cases will also impact how you implement MDS. Different use cases necessitate different levels of detail in the data that supports them. For example, regulatory compliance monitoring use cases often require more precise data about vehicle movements than those that are related to planning and evaluation.
ASSESSING YOUR READINESS & APPLICABLE LAWS
Data stewardship is a core function of government; the public entrusts cities with sensitive data to carry out their mission and deliver services. As such, your city may already have policies and procedures in place to protect data, as well as regional or national data protection laws that will be applicable to your MDS implementation. Consult with your city’s IT department, legal counsel, clerk’s office, and open records office before you begin your implementation. If working with sensitive data is new to your unit or department, consider discussing your implementation with another city function that is well-versed in data management, such as health, law enforcement, or human resources.
Plus, you don’t have to do it yourself. Mobility data solution providers offer out-of-the-box, web-based services for ingesting, analyzing, and reporting on MDS data. These providers typically take on the work of managing IT security and can allow cities to restrict access to sensitive trip data through role-based permissions.
PROVIDING FOR TRANSPARENCY
Plan to give members of the community a seat at the table, and get them involved early on. As with any government program, providing for public transparency is foundational to building trust and maintaining accountability. Transparency also opens feedback opportunities that will ensure that your MDS implementation is aligned with the needs and interests of the public expressed through the city’s policies and planning frameworks.
As you implement your program, your agency’s website and written materials should describe in plain language what data your program will collect and what goals you hope to achieve. The public should also understand any intention you have to share data with third-parties, including law enforcement and other government agencies. For example, the City of Minneapolis published a guide which details their scooter pilot’s data collection and analysis methodology.
Be prepared to explain how you expect the insights you derive from MDS data will directly benefit residents and help you evaluate the success of the program. Once your program is up and running, provide public access to your reports, findings, and de-identified mobility datasets. For example, the City of Austin provides a public dashboard which provides performance metrics about their program.
Consider also providing opportunities for residents to learn more about your program and to ask questions and offer feedback about your intention to use MDS. For example, the City of Seattle conducted an extended public engagement process as they piloted their scooter share program.
Make clear your commitment to protect individual privacy by adopting data protection principles, issuing a privacy notice, and/or authoring policies that define how data will be used, managed, and published. Consider posting a privacy statement on your agency’s website which details your approach to various aspects of privacy protection using accessible language in an easy-to-read format. For examples, see the “Privacy Principles, Policies, and Guidelines” section of our Mobility Data State of Practice Wiki.
GET THE GUIDE
Remember: you don’t need to reinvent the wheel when it comes to privacy and mobility data. The Open Mobility Foundation’s Privacy, Security, and Transparency Committee created a guide for cities, building on the best practices and policies of those using MDS. Download the guide to explore the above topics and see examples from other cities that are implementing new mobility programs with data privacy and security well-protected.