Control, access and management of sensitive personal data: Addressing the challenges. The LocoMotion case study

LocoMotion is part of the innovation community program Montréal in Common, led by the City of Montréal. LocoMotion is a car-sharing project, where citizens can share cars, bikes (many of them electric) and bike trailers. Owners and borrowers can book private and shared vehicles via the www.locomotion.app website. The LocoMotion development team received targeted support from Open North to strengthen its data management practices.

Subsequently, the organization implemented basic measures on the topics identified, stemming from the Montréal in Common Data Governance Framework, notably via an iterative approach divided into several sessions, involving the identification of bottlenecks, the formulation of hypotheses and the monitoring of progress in order to ultimately draw learnings from it.

Introduction

In the digital age, where data plays a central role in many aspects of our lives, the protection of sensitive personal data has become a major concern. The control, access and management of such information are of paramount importance in ensuring the confidentiality, security and privacy of individuals.

The proliferation of digital technologies has led to an explosion in the amount of data generated, shared and stored every day. In this context, the protection of sensitive personal data has become a crucial issue for individuals and organizations alike.

Control and access to sensitive personal data are major concerns when it comes to guaranteeing their protection. Individuals must be able to control how their data is used, and who can access it. Similarly, organizations must implement strict measures to limit access to sensitive data to authorized persons only.

Effective management of sensitive personal data involves not only guaranteeing its security and integrity, but also ensuring that it is used responsibly and in compliance with current regulations. Good data management therefore includes implementing clear confidentiality policies, securing IT infrastructures and raising employee awareness of the importance of data protection.

An overview of the challenge facing LocoMotion

It is no easy task to increase user confidence when their data is stored on a platform. This lack of trust finds its roots in security concerns. The confidentiality of the data of the various stakeholders involved is paramount. This challenge is reflected at all user levels, from direct users (such as borrowers, owners, co-owners, community administrators) to development team members (who need to operate on a day-to-day basis without access to sensitive data, except in rare cases for testing and patching) and to the organization itself, if it needs access to this data for analytical purposes.

Indirect stakeholders are also impacted, such as technology assets like Google Cloud and Mailchimp. It is necessary for the organization to have clear and transparent policies when dealing with these matters, and for their privacy policies to be up to date and compliant with current legislation.

Dealing with personal information: Controlling and managing sensitive data

In the first iteration of the targeted support, LocoMotion began its analysis to solve their identified issue by looking at the personal data in their possession (i.e. the personal data contained in the database):

• Concerning users: postal address, e-mail address, phone number, date of birth, driver's license number, bank transfer information, account balance (no credit card numbers are stored), etc. ;
• Concerning vehicles: location, plate number (for cars), etc. ;
• Personal data files: user photos, proof of residence, proof of identity, SAAQ and GAA files.

The organization then examined the technological dimension, which was a major consideration for them. This step involved first determining where the sensitive data was stored (Google Cloud).

The next step consisted of understanding how to access this data. Was it accessible via the organization's application, via analytics dashboards (agglomerated data), with SSH access, or via copies of the database (occasionally used for design purposes)?

Lastly, the following questions also needed to be addressed:

• Database access control and management: not all accesses are thoroughly controlled. An inventory of all accesses to the database and other sensitive data could be a possible solution. 
• Sharing data: it can be difficult to know how to share data securely. 
• User access: it is important to know who has access to which data, as well as the data life cycle (i.e. data retention until destruction).

In addition, the organization faced the following challenges: 

• A short time frame of just 4 months to implement these actions;
• The need to prioritize these initiatives while first taking stock of the current situation in order to improve practices. 

Solutions

Thanks to the targeted support, LocoMotion developed a clear, documented strategy defining data access for each of LocoMotion's stakeholders.

Benefits

The benefits of this targeted support were numerous. They included the analysis of a use case enabling community administrators to verify sensitive personal information such as proof of identity and address.

The organization also wishes to comply with Law 25 regarding this data. To this end, it has contacted other Montréal in Common partner organizations to find out their strategies for storing, archiving and deleting their data.

In concrete terms, the results include the introduction of a new tool, Metabase, to replace Databox (third-party control), the revision of the privacy policy, the creation of an incident register, as well as excellent work on consent to data collection. 

Lessons learned

The first lesson learned concerns the privacy policy. In the long term, the organization is considering the possibility of seeking legal counsel and expertise in this area. In the medium term, their objective is to continue updating the privacy policy.

With regard to the question of consent to data collection, this could be explored further, and a review of consent forms and templates would be important.

“Using the case of user profile verification by the community administrator, we were able to deepen our reflection on access and privileges, therefore protecting data confidentiality.”  - The LocoMotion team

Conclusion

In a world where sensitive personal data is a valuable resource, the control, access and management of this information is of crucial importance. By implementing robust security measures and responsible data management practices, individuals and organizations can effectively protect the confidentiality and security of sensitive personal data.

About the Montréal in Common Data Governance Workstream 

As the lead of the Data Governance Workstream within Montréal in Common, Open North proposes a data governance journey to the innovation community in order to progressively operationalize the principles of the City of Montreal's Digital Data Charter. The program explicitly focuses on collecting, sharing and leveraging data to inform collective and individual decision-making. 

Montréal in Common brings together an innovation community led by the City of Montréal, whose partners are experimenting with solutions in food access, mobility and municipal regulations in a desire to rethink the metropolis. Thirteen projects are being implemented as part of Montréal in Common thanks to the $50 million prize awarded to the city by the Government of Canada as part of the Smart Cities Challenge.

Did you like this blog post? Would you like to know more about data governance? Not sure where to start? Find other resources, free training courses and more on our website: https://opennorth.ca/ 

Author: Open North
Research and editorial contributions: Guillaume Carmel-Archambault (LocoMotion), David Gendron (LocoMotion) and Judith François-Langevin (Open North)
We extend our thanks to all our partners and clients, whose work continuously expands and evolves our understanding of data governance and its best practices.