The Electronic Privacy Information Center is being critical of the information that is collected by Washington DC transit authorities by means of a new SmarTrip card:
Cards let Metro collect data on riders, track trips - The Washington Times: Metropolitan - May 17, 2005:
"... According to documents obtained by EPIC through the Freedom of Information Act, the SmarTrip card can record a Metro passenger's time of arrival in the Metro system, the passenger's destination and the amount of time the passenger spends traveling from point to point.
It even records the gate through which a passenger leaves the station.
But transit officials say they have addressed the privacy issues with a policy expected to be passed by the Metro board at its monthly meeting Thursday.
According to the new policy, personal SmarTrip information may be released by Metro only in what are called 'limited instances' - the request must be made by the registered user of the SmarTrip card, there must be a court order, or the request must come from law enforcement when the information is required in the course of an investigation in which time is of the essence.
'Basically, it means nobody can get an individual's SmarTrip data,' said Lisa Farbstein, a Metro spokeswoman. 'The policy is being established as a way to regulate and safeguard individual data.'..."
Hmm. Doesn't really mean "nobody" can get an individual's data. And having a policy does not necessarily mean the info is protected.
Usually, the first rule of privacy is to only collect the information that is reasonably necessary for the service to be provided. The article does not say why having that sort of detail is reasonably necessary in the first place.