I like the convenience of etickets for rail travel but I do have some concerns about the data and its governance.
When an eticket is scanned (whether at a gate line or onboard a train) where is that data stored?
How long is it stored for?
Who has access to it?
And for what purpose?
Is there an audit trail of who has accessed the data and for what purpose?
Is this audit trail available to the individual?
As far as I know nothing about this is in the public domain. Does anyone know anything? CCTV could be used to track a persons movements but we do know that CCTV data isn't normally kept beyond 31 days.
Oyster has been in widespread use for nearly 20 years and the world hasn't stopped, so that is reassuring. As I understand it, Oyster (and presumably contactless) journey history is anonymised after 8 weeks and can only be kept for very specific reasons such as an ongoing investigation. Perhaps
@MikeWh knows more.
The difference is that Oyster is administered by one organisation whereas National Rail data is potentially held by a plethora of TOCs and third parties. I'd really like to know whether there is anything in the public domain about how this data is used and protected.