LADOT Data Protection Principles by the City of Los Angeles Department of Transportation (LADOT) policies for protecting data collected from dockless mobility service providers.
This document 1 specifies that dockless mobility service providers are required to provide data using the MDS standard and lays out how LADOT will protect the data as well as user privacy.
The principles statement lays out five “standards” it will use when collecting, storing, analyzing, and publishing data. These are:
- Data minimization. LADOT specifies that they will only collect data to meet specific operational and safety needs. Except where required to meet a specific need, data will be aggregated, obfuscated, de-identified, and/or destroyed, as appropriate.
- Access limitation. Raw trip data will be limited to what is needed to meet operational needs. No raw data will be provided to any other local, state, or federal agency, including law enforcement agencies, unless required by law such as through a court order or subpoena. Third parties will only be allowed access to raw data under contracts that limit its use to those directed by LADOT. After the pilot dockless program ends, the agency will produce a transparency report that documents the requests for data received from third parties and how LADOT responded.
- Data categorization. Raw trip data is designated as Confidential Information under the city’s data handling guidelines and handled accordingly. One consequence of this designation is that it is exempt from release under the California Public Records Act.
- Security. LADOT will follow existing city data security policies and will conduct ongoing security tests.
- Transparency for the public. LADOT will publish the types of data collected through MDS and how long it is retained. De-identified data may be published through the city’s Open Data Portal.
In addition to this document, LADOT also has the LADOT Guidelines for Handling of Data from Mobility Service Providers, which provides internal guidelines for handling this data, including access, use, storage, processing, disposition, and disclosure. That document refers back to the data protection principles, but, unlike several other public agencies and recommended practices, states that “To the extent that Confidential data is used for transportation policy making, it will be stored unobfuscated for no less than two years and in accordance with the City of Los Angeles Information Handling Guidelines.”
- 1City of Los Angeles. (2019, March 22). LADOT Data Protection Principles. Retrieved from LADOT: https://ladot.io/wp-content/uploads/2019/03/LADOT_Data_Protection_Principles-1.pdf
- Log in to post comments