Response to LGOIMA request 2022-219 5 December 2022Search in document library
Request for information:
“Please forward me the policy/rational/impact assessment - clearly I am not sure what you might have called it - that describes the rationale for the introduction of the cards. This is more likely to be a Metlink document as presumably there was an assessment before Snapper inc was contracted.
You advise that the customer data you hold is accessed only occasionally and you give the example of in the case of a ticketing issue. Can you guarantee that the data you hold will not be shared with a third party - what protocols do you have in place? Do you class MEtlink as a third party - can you confirm you will be providing aggregate data to Metlink on a regular basis? If this is the case to what level will the break down of content be?
Metlink has a duty to ensure privacy and data security. Please advise what data snapper is gathering and which third parties it is sharing to and what they are contracted to supply to you. Metlink are enforcing the use of this card on public transport, marketing and selling them, it is not clear that this happening on behalf of another company in your literature or at the point of sale. It is your responsibility to advise me and offer assurances.”