Below is the uncorrected machine-read text of this chapter, intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text of each book. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.
Introduction, 3 I. Contactless Electronic Payment System Technology Used by Transit Agencies, 4 A. The Evolution of Contactless Payment Cards, 4 B. Closed-Loop and Open-Loop Payment Systems, 5 C. Mobile Device Payment Applications, 5 D. Transit Agenciesâ Use of Electronic Payment System Data, 7 E. Monetization of Customersâ Electronic Personal Data, 7 II. Transit Agenciesâ Agreements and Privacy Policies Governing the Collection and Use of Customersâ Electronic Data, 8 III. Privacy Risks Associated with Transit Agenciesâ Collection of Customersâ Electronic Data, 9 IV. Transit Agenciesâ Control of Access to and Security of Customersâ Personal Data, 10 A. Collection and Control of Access to Customersâ Personal Data, 10 B. Security of Customersâ Electronic Personal Data, 11 C. State Laws and Transit Agency Policies on Retention of Personal Data, 12 V. Transit Agency Compliance with the Payment Card Industry Data-Security Standards, 12 A. The Payment Card Industry Data-Security Standards, 12 B. Liability of Transit Agencies for Failure to Comply with the PCI DSS, 13 C. Effect of Change from Magnetic Strips to Embedded Chips, 15 VI. Claims in Contract or Tort Against Transit Agencies for Privacy Violations, 16 A. Claims Against Transit Agencies for Violating a Customerâs Right to Privacy or for Breach of Security of a Customerâs Personal Data, 16 B. Whether Claims Against Government-Owned Transit Agencies Are Barred by Sovereign Immunity, 16 C. Claims in Contract or Tort for Damages for Privacy Violations, 18 D. Negligence Claims Against a Transit Agency that Involve the Collection, Use, Disclosure, or Retention of Customersâ Electronic Personal Data, 19 E. Liability of Transit Agency Contractors for Misuse of Customersâ Data, 19 VII. Whether Privacy Rights Under the U.S. Constitution Apply to Transit Customersâ Electronic Personal Data, 20 A. Evolution of Privacy Rights, 20 B. The Fourth Amendment and a Constitutional Right to Privacy, 23 C. Whether There Is an Implied Constitutional Claim for a Privacy Violation, 26 D. Whether Transit Agencies Are Subject to § 1983 Actions for Collecting, Using, Disclosing, and/or Retaining Customersâ Electronic Data, 28 VIII. Whether There Are Federal Statutes that Apply to Transit Agenciesâ Customersâ Electronic Personal Data, 30 A. Evolution of Federal Statutory Privacy Rights, 30 B. Privacy Act of 1974, 30 C. The Electronic Communications Privacy Act of 1986, 32 D. Computer Fraud and Abuse Act, 34 E. Driverâs Privacy Protection Act, 34 F. Other Federal Laws Applicable to Collection of Customersâ Electronic Data , 34 CONTENTS IX. The Right to Privacy Under State Constitutions, 36 A. State Constitutions that Recognize a Right to Privacy, 36 B. States Recognizing an Implied Cause of Action for a Violation of a State Constitutional Provision, 37 X. Right to Privacy Under State Laws, 38 A. Introduction, 38 B. State Privacy Statutes Applicable to State and Local Agencies, 39 C. Whether There Are Separate Claims Based on the Type of Data Transit Agencies Collect or How the Agencies Collect or Use Data, 41 D. Privacy Policies Required by State Law, 43 E. State Legislation Applicable to Electronic Communications or Stored Data, 43 XI. Application of State Data-Breach Notification Laws to Transit Agencies, 44 A. State Data-Breach Notification Statutes, 44 B. Data-Breach Notification Laws Applicable to Transit Agencies, 46 C. Liability for Civil Penalties, 47 D. Liability for Damages, 47 E. Enforcement Power Delegated to the Attorney General, 48 F. Miscellaneous Provisions, 49 XII. Remedies at Common Law for Invasion of Privacy, 49 A. States that Recognize an Invasion of Privacy at Common Law, 49 B. Public Disclosure of Private Facts, 50 C. Intrusion Upon Seclusion, 51 D. Claims for Appropriation or False Light, 52 E. Applicability to Transit Agencies of a Common-Law Right to Privacy, 52 XIII. Disclosures of Data Under the Federal or a State FOIA or Equivalent Law, 52 A. The Federal FOIA and Release of Personal Data, 52 B. State FOIAs or Public Records Disclosure Laws and Customersâ Personal Data, 53 C. Agency Waiver of Privacy Exemption, 54 D. Whether Both FOIA Requests and Discovery Requests May Be Used to Obtain Transit Agenciesâ Customersâ Electronic Personal Data, 54 E. The Use of Subpoenas to Obtain Data from a Transit Agency, 55 XIV. Four Leadership Agencies that Use Contactless or Other Electronic Payment Systems, 56 A. Metropolitan Transportation Authority, 56 B. Metropolitan Transportation Commission, 57 C. Regional Transportation Authority, 57 D. Capital District Transportation Authority, 58 Summary and Conclusions, 59 Appendix A: List of Transit Agencies Responding to the Survey, A-1 Appendix B: Survey Questions, B-1 Appendix C: Summary of the Transit Agenciesâ Responses to the Survey, C-1 Appendix D: Copies of Documents Provided by Transit Agencies, D-1