• Our booking engine at tickets.railforums.co.uk (powered by TrainSplit) helps support the running of the forum with every ticket purchase! Find out more and ask any questions/give us feedback in this thread!

Fare Evasion Zone 1-8 Southeastern Railways

Status
Not open for further replies.
najaB

najaB

Veteran Member
Joined
28 Aug 2011
Messages
30,764
Location
Scotland
MikeWh said:
I'm sure you'll try and think of another obstacle though....
Click to expand...
Don't blame me, blame the EU/ICO -
The emphasis under the GDPR is data minimisation, both in terms of the volume of data stored on individuals and how long it’s retained.

To summarise the legal requirements, Article 5 (e) of the GDPR states personal data shall be kept for no longer than is necessary for the purposes for which it is being processed. There are some circumstances where personal data may be stored for longer periods (e.g. archiving purposes in the public interest, scientific or historical research purposes).

Recital 39 of the GDPR states that the period for which the personal data is stored should be limited to a strict minimum and that time limits should be established by the data controller for deletion of the records (referred to as erasure in the GDPR) or for a periodic review.
Click to expand...
(Source: https://www.dpnetwork.org.uk/gdpr-data-retention-guide/)
Or
At a glance
  • You must not keep personal data for longer than you need it.
  • You need to think about – and be able to justify – how long you keep personal data. This will depend on your purposes for holding the data.
  • You need a policy setting standard retention periods wherever possible, to comply with documentation requirements.
  • You should also periodically review the data you hold, and erase or anonymise it when you no longer need it.
  • You must carefully consider any challenges to your retention of data. Individuals have a right to erasure if you no longer need the data.
  • You can keep personal data for longer if you are only keeping it for public interest archiving, scientific or historical research, or statistical purposes.
Click to expand...
Source: https://ico.org.uk/for-organisation...egulation-gdpr/principles/storage-limitation/

Eight weeks is long enough for anyone to reconcile their journey and payment history and highlight any discrepancy. Longer than that is difficult to justify for that purpose. However, detection of fare evasion (which is a separate purpose) is a justifiable public good.
 
Last edited:
Sponsor Post - registered members do not see these adverts; click here to register, or click here to log in
R

RailUK Forums

Mojo

Mojo

Forum Staff
Staff Member
Administrator
Joined
7 Aug 2005
Messages
20,386
Location
0035
jumble said:
You clearly are correct and nobody doubts that this is the case

However this is not what TFL state is their policy regarding retaining journeys after 8 weeks on travelcards which is where I see the issue
( note they say individual journeys made using your oyster card. No qualification of PAYG or otherwise)
Click to expand...
MikeWh said:
They anonymise all PAYG data after 8 weeks. They do not discard records of travelcards purchased and the Oyster cards they are stored on.
Click to expand...
There is a bit of both going on here.

The database of journeys /is/ anonymised after 8 weeks. However these type of investigations shown on the TV have probably been going on for more than 8 weeks. The amount of paperwork that the Inspectors and Investigators have is because the relevant data from the database has been exported and printed off.

I would also point out, that the last 8 journeys and (I can’t remember exactly, but I think it’s) the last top up, will always remain stored on the card irrespective of the time.
 
MikeWh

MikeWh

Established Member
Associate Staff
Senior Fares Advisor
Joined
15 Jun 2010
Messages
7,870
Location
Crayford
najaB said:
Don't blame me, blame the EU/ICO -
(Source: https://www.dpnetwork.org.uk/gdpr-data-retention-guide/)
Or

Source: https://ico.org.uk/for-organisation...egulation-gdpr/principles/storage-limitation/

Eight weeks is long enough for anyone to reconcile their journey and payment history and highlight any discrepancy. Longer than that is difficult to justify for that purpose. However, detection of fare evasion (which is a separate purpose) is a justifiable public good.
Click to expand...
And if they are keeping the data for detection of fare evasion then they have to tell you that.
 
jumble

jumble

Member
Joined
1 Jul 2011
Messages
1,105
Mojo said:
There is a bit of both going on here.

The database of journeys /is/ anonymised after 8 weeks. However these type of investigations shown on the TV have probably been going on for more than 8 weeks. The amount of paperwork that the Inspectors and Investigators have is because the relevant data from the database has been exported and printed off.

I would also point out, that the last 8 journeys and (I can’t remember exactly, but I think it’s) the last top up, will always remain stored on the card irrespective of the time.
Click to expand...

It occurs to me that if a company have told you that they have deleted your data they are probably not taking into account their archived backups as it would be totally impractical to remove the data there
This and your explanation of exported data makes the whole keeping of data rules a complete nonsense
I am going to end my involvement in this thread now.
 
Trackman

Trackman

Established Member
Joined
28 Feb 2013
Messages
2,948
Location
Lewisham
Someone looked into this a while back.

Basically if TfL suspect fare evasion the data is retained and not anonymised- and that's from TfL.

There is also a separate system that keeps credit/debit card transactions for 18 months (by law), however these cannot be linked to anonymised data because the transaction date-stamps on the Oyster system are altered so they cannot be cross referenced with the other system.
 
Status
Not open for further replies.

Top