A proactive approach to RUC privacy

Key principles for DOTs to protect participant data throughout a RUC program

As DOTs explore alternative ways to fund transportation infrastructure, road user charging programs are becoming more prevalent. These programs can require the collection of sensitive participant data, which necessitates robust privacy policies and practices. Essential to the success of these programs is a proactive and transparent approach to privacy policy.

DOTs can gain public trust and support for RUC through proper data policies, procedures and forthright communication. Additionally, secure and robust data collection, and privacy and security practices, can earn public confidence that the program is being managed in an appropriate and respectful way.

Adopting guiding principles

The following principles of data management, privacy and security outline how DOTs can earn trust from conception through completion of the RUC program:

1. Incorporate privacy early

Successful RUC programs incorporate privacy and security considerations from the outset. Discussing data privacy and security at the planning stage sends a message that data privacy is a priority.

Often described as privacy by design, this approach involves three key steps.

• Assessing what specific data will be collected and how it will be used for the program
• Defining the privacy and security protocols to protect this data
• Ongoing monitoring and reviews to ensure that data is being properly protected

The goal is to ensure agencies adhere to high data-protection standards, collect only the data necessary for the program’s operation and use the collected data properly. Protecting user data is a program-long effort. It requires the DOT to clearly define, communicate and implement privacy policies and expectations at the forefront of the program, during procurement, as the system is designed and throughout operation.

2. Emphasize transparency

As the DOT begins to engage motorists for a RUC program, data privacy and security questions will arise. The best approach is to address the privacy issue head-on. DOTs can build public trust and support for RUC by introducing the program’s concept early, discussing it proactively and anticipating and addressing concerns and questions upfront.

Clear, accessible channels for the public to ask questions and raise concerns further demonstrate the DOT’s intention to be transparent. Public workshops, informational sessions and online resources can help explain and educate public stakeholders on RUC, clarify misconceptions and foster a collaborative, supportive environment for the program’s implementation.

3. Integrate technology support

Agencies may convene and involve a team of advisers with a range of technological expertise early in the planning stage. These stakeholders will have a deep knowledge of data collection, sharing, storage and processing as well as local and state privacy laws, federal guidance and standards (specifically National Institute of Science and Technology 800.53) and Payment Card Industry requirements (specifically Payment Card Industry-Data Security Standard). This team will be tasked with developing a data management plan and security practices that will be executed throughout the RUC program. This team will also review all privacy policies and data management strategies of any selected vendors assisting with the program.

Once the program is underway, the team can help conduct periodic vendor reviews and keep the DOT updated on evolving technology to ensure compliance to the latest data privacy and security developments and standards.

4. Collect the right data and nothing more

From the outset, DOTs agree to collect only the data necessary for the RUC program’s functionality. Asking for information that is not relevant to the program could raise concerns about privacy. DOTs can also take steps to ensure that any data collected from the RUC program will not be considered public record based on the laws of their state. The public will expect that any data collected on their travels will not be shared as a public record. DOTs will also develop strict policies for data collection, usage and destruction for RUC account managers with penalties for violation of these rules.

Collecting the right amount of data can also reduce cost and ease management. Storing and processing enormous amounts of data can be expensive and time-consuming. By limiting data collection to only what is necessary, DOTs can increase the cost-efficiency of their RUC programs while further maintaining public trust.

5. Offer options for data collection

RUC programs can offer a variety of collection methods that cater to people’s privacy preferences and comfort levels. Offering a range of data collection methods, ranked from most private to least private below, will demonstrate the DOT’s attempt to respect the preferences of all users:

• Flat fee
• Odometer readings
• After-market plug-and-play onboard units with or without GPS
• Third-party data aggregators who collect data from the vehicle, expressly authorized by the participant
• Telematics, such as OnStar, which capture vast amounts of data and for which vehicle owners pay to use

6. Ensure data security

Throughout the program, robust cybersecurity practices are necessary to safeguard user data against unauthorized access, breaches and other threats. This includes encryption, secure data storage solutions, regular security updates and notification protocols.

• Encryption converts plaintext data into an unreadable format and is a critical tool for protecting data in transit and at rest. When vendors encrypt motorists’ names, contact information and payment information, DOTs can be assured that even if data is intercepted or accessed by unauthorized parties, it cannot be read or used. Compliance with the Advanced Encryption Standard (AES) of 256-bit encryption should be requested.
• Data storage solutions, such as secure U.S.-based servers and cloud storage with strong security protocols, help protect data from physical and cyber threats.
• Periodic security updates are commonplace for vendors who collect large amounts of personally identifiable data or process credit card transactions. Request information about the types of security audits the vendor conducts over the course of the contract and if any updates to security protocols have occurred pursuant to the audits or to changing security solutions.
• Notification protocols for a suspected or actual breach will detail who will receive notification and when that notification will occur. This includes not just the DOT but the public using the system.

In addition to these technical measures, successful programs will involve DOTs selecting skilled third-party vendors who have vast experience with data privacy and security. Successful vendors emphasize effective employee training and technology solutions. This helps prevent human errors that could compromise data security and might cover topics such as recognizing phishing attempts, securely managing sensitive data and following data protection protocols.

7. Implement strict retention policies

As the program progresses, following data retention policies is crucial in increasing public trust and protecting data privacy. How long data will be retained needs to be balanced between the need to access data for operational purposes, such as resolving billing disputes, and the need to protect privacy by deleting the personally identifiable information. Because storing personally identifiable information can be costly, most vendors will have solutions and policies in place to de-identify or delete the data promptly. The terms of when and how data must be de-identified or deleted will be defined in the contract and must consider any existing agency retention policy.

For example, a retention policy might specify that the user data can be stored for 90 days, after which the records must be de-identified or deleted to prevent unauthorized parties from accessing or recovering them. Strict retention policies that are communicated clearly to users, IT teams and third-party vendors ensure everyone understands the importance of data retention and its implementation procedures.

Privacy is a pillar of RUC success

As DOTs navigate the complexities of implementing RUC programs, keeping privacy at the forefront will be essential to achieving a sustainable, publicly accepted program. Following the guiding principles for early privacy integration, collection, security, retention and transparency, DOTs can provide a solid foundation for a successful RUC program.