Given the volume of passenger and driver Personal Data that a taxi company stores and uses daily, it’s not surprising that fleet owners are concerned about how this data is processed by their taxi dispatch platform provider. At iCabbi, we get lots of questions about our approach to data protection. Fortunately, we’ve got our very own Head of Compliance looking after all things data security and, of course, responding to the questions that come in.
Meet Ciara Flynn. I caught up with her to put some of the most frequently asked questions we get from our customers on taxi company data protection. If you’ve still got questions after reading this then please send them onto me. You’ll be doing me and your fellow iCabbi fleet owners and operators a big favour.
What exactly does iCabbi do with my fleet data?
iCabbi uses your data to make sure we deliver you, your staff, your drivers and your passengers with the best experience. Most of the time we do this to allow our product to function, but sometimes we do it to discover ways to improve existing products, or build new ones.
Once a booking is made, how long does iCabbi hold onto that data and why?
Great question! To protect the data in line with best practice, we hold the booking data as instantly accessible memory for three minutes after the journey has been completed. Thereafter, we store it for up to seven years - this facilitates the use of the data for Customer BI and also for fraud prevention, Revenue records etc.
After the full retention period has expired, we either delete the data permanently or anonymise it so it is no longer traceable back to an iCabbi Customer or Passenger.
Who has access to our data?
In line with GDPR, the only employees with access to the data are those who need it to do their jobs.
Does Renault have access to my Fleet Data?
Can iCabbi use my company’s driver data to communicate to drivers?
We don't have a direct relationship with the driver and do not communicate directly with them. The closest we come is a regulatory notice, the contents of which are controlled by iCabbi. This notice pops up on the driver app every time they login as follows:
"Please obey all local traffic laws. Before using this app drivers must ensure that they and their vehicle comply with all legal requirements, licensing/Council conditions and have checked their vehicle to ensure it is safe and mechanically fit for purpose. The use of this app while driving may be an offence. Press OK to confirm your understanding and acceptance of this notice."
All other data sent to the driver is user data generated by you and simply processed by iCabbi.
What do you do to protect my data?
It’s a cliche perhaps, but we take data privacy and protection extremely seriously at iCabbi.. Alongside the technical ring-fencing and a tight hold on system access levels, all of our employees are part of an ongoing data privacy training programme. We are constantly challenging our data protection procedures to ensure we are doing all we can do to safeguard your data assets.
We understand how important your data is to you, and endeavour to protect it. Aside from this commitment to you, there are also the gigantic penalties that are being issued by the Regulators to bear in mind. The taxi industry needs to take this seriously. We do!
What does iCabbi do to comply with GDPR? What does this mean for me?
Lots! The existing data protection legislation was drafted when Mark Zukerberg was 11 years old so the GDPR forced entities to clean up their data acts, specifically in the Personal Data arena. iCabbi engaged a third party service provider to audit our approach to data protection and made a number of recommendations. We took them on board and executed Data Processing Agreements with all of our Customers, updated our Privacy and Cookies Policies, shared details of our Subprocessors, tightened systems access, cleaned up circulation lists, rolled out training to our teams, audited our data banks and many, many (!) other steps. We also engaged our lawyers to ensure we did all we need to do.
There is no GDPR “stamp” of compliance. Constant improvement is key and data protection must be part of our everyday practises.
How do you ensure secure and permanent deletion of information that could be recovered from the Cloud?
iCabbi use AWS as our cloud service provider, and through our agreements with them ensure the secure and permanent deletion of information as required. AWS holds multiple compliance certifications, including ISO-27001, ISO-27017 and ISO-27018, which cover the secure storing, handling and deletion of personal data as set out in the GDPR.
Got a question about data you would like to put to Ciara? Send it to firstname.lastname@example.org and we’ll respond here by updating this post.