N.L. privacy commission puts brakes on city’s rollout of mobile parking app until proper assessment is done
It’s a convenient and increasingly popular way to pay to park your car these days — download an app to your smartphone, enter your credit card information online and go on your merry way.
Besides saving drivers the trouble of digging for spare change for metres, the mobile system gives drivers the ease of extending the duration of parking online. It can even send text message reminders when the expiry time is near.
But just where is your personal information going, how will it be used, who will have access to it and will it be kept secure?
Those are questions the province’s privacy commission wants city officials to find out first before initiating its new mobile parking system.
The new system has been used for 137 spaces on Harbour Drive as a one-year pilot project since June 2018 and was supposed to be rolled out throughout the city this year.
However, it will mean a little more work for the city before that happens.
That’s after the commission contacted the city to express its concerns about privacy, and encouraged officials to first ensure a detailed privacy impact assessment be completed, The Telegram has learned.
“We asked the city whether they had reviewed the app from a privacy perspective,” said Sean Murray, director of research and quality assurance. “As a result of that, they are now working on reviewing that app and are making progress towards making that privacy review.”
The city awarded the tender to PayByPhone — a private British Columbia company that already offers the system to more than 300 cities around the world and claims to be one of “the fastest growing mobile payments companies in the world,” according to its website. Cities using it include San Francisco, Seattle, Miami, Vancouver, Edmonton, Calgary, Saskatoon and Toronto.
"It’s important that the city do its due diligence.” — Sean Murray
Nevertheless, Murray said it’s crucial that public bodies that collect personal information first complete a process to safeguard citizens’ private information. He said assumptions can’t be made that it will be safe.
Murray pointed out that the City of Saint John, N.B., had its online parking payment system shut down a few months ago after discovering a data breach that might have exposed thousands of customers’ names, addresses and credit card information.
While Saint John used the company CentralSquare Technologies, Murray said the Saint John incident demonstrates the importance of taking extra care when it comes to safeguarding privacy — and doing it beforehand.
“We do see this from time to time, whether it’s from the city or another public body, they haven’t necessarily considered their privacy obligations as thoroughly as they might have,” said Murray, who noted private and public companies often learn the hard way.
“The principle is the same. … That’s why we asked the city to look into this. It’s important that the city do its due diligence.”
He said he is glad the City of St. John’s is making progress toward building a culture of privacy. Public bodies are at different stages of developing their privacy awareness and privacy expertise, he said.
“It’s important to do your homework,” Murray said.
Coun. Debbie Hanlon, who handles transportation, said the city did give Pay-By-Phone careful consideration before awarding the tender.
“The Pay-By-Phone company has very robust encryption and security measures in place to protect users,” said Hanlon, adding that the company had 17 million users in 2017 and has not had any data breaches.
She said a section of the contract with Pay-By-Phone addresses policies and procedures related to customer information, and includes an agreement to abide by the province’s Access to Information and Protection of Privacy Act.
"...we’re grateful that the privacy commission contacted us because we want to do it right as well.” — Coun. Debbie Hanlon
Hanlon admitted the city was comfortable with this, but when the privacy commission contacted them, they “sprang into action,” and ordered a detailed privacy impact assessment before expanding the app.
“We take it very seriously,” she said. “In fact, we’re grateful that the privacy commission contacted us because we want to do it right as well.”
Hanlon said the city is working with a new policy and has hired a dedicated staff member to review compliance with the act.
“We’re going to take this … and put a blanket across any policy that deals with the public’s information,” said Hanlon, who couldn’t say how long the assessment will take or what it will cost.
“We’re going to go the extra step to ensure the public impact assessment is done.
“We’re acting in retrospect, yes. I would’ve reached out to the privacy commissioner first, but we were following the guidelines we thought were correct.
“Privacy is very, very important to the city and I can tell you this will never happen again.”
Meanwhile, the city continues to lose more than $1 million in parking revenue annually due to inoperable parking meters. Hanlon said that of the 1,167 parking meters throughout the city, only 430 are operational — due, in large part, to vandalism.
However, she said, the mobile parking pilot project on Harbour Drive has been successful. So far, it has seen over 12,000 unique users with a total of 32,000 transactions. It has generated an average of between $8,000 and $10,000 a month, she said.
Hanlon said once the five-year paid-parking management strategy, which was introduced last year, is rolled out, it will be well worth it.
“When it’s completed,” she said, “I think the parking strategy is going to solve so many issues.”