Several issues affect all stages of the data management life cycle. The research team identified seven cross cutting issues: purpose and value, privacy, data ownership, liability, public perception, security, and standards and quality, each discussed in the following sections.
Purpose and Value
Data is collected, produced, and reported to serve certain purposes. It is important to identify the purpose and value of each stage of data throughout the data management life cycle, and to whom the data is valuable. Each phase of the data management life cycle centers around the purpose and value of the data. In each phase, questions about why it is being done and why it is important need to be answered.
Understanding the purpose and value of data is important in the decision to re-use or repurpose data, as well as when monetizing data. Research indicates stakeholders are currently taking steps to monetize vehicular data from automated and connected vehicle technologies. Data as an asset has high potential future value. For example, the expected growth of the value pool from car data and shared mobility could add up to more than $1.5 trillion by 2030 (33).
The value of data also increases when it is used with other data and in a variety of applications. The use of multiple datasets together can significantly contribute to transportation planning decision-making. For example, the development of the Rural San Antonio Bike Plan for TxDOT San Antonio District involves an assessment of existing bicycle conditions. The data collected and used in the review of current conditions cover three aspects: network supply (shoulder width, speed limit, and traffic volume), bicycle trends (bicycle commuter mode share, bicycle destinations, and bicycle crash), and public input (rural county planning and annual bike meeting). When looking at each factor separately, the information provided is limited. But, when combined, planners have a comprehensive understanding of the current bicycle environment in San Antonio. The plan identifies how attractive each roadway section is for bicycle activity, which will guide the development of the prioritization framework for bicycle accommodations.
Data is a core industry asset that has measureable value and is managed accordingly. The question must no longer be just “who owns the data?” but “who can use that data for what purpose?” If this question is answered creatively, pragmatically, and transparently, data could be used collaboratively to create bigger value.
Privacy
Data privacy is an issue affecting each stage of the data management life cycle. Privacy is especially important when determining standards and degree of conformance, allowable uses, and processes. There has been a growing concern about privacy protection in transportation data collection. Central to this complex subject is location privacy, described by Beresford and Stajano as, “the ability to prevent other parties from learning one’s current or past location” (34).
Transportation and location data can reveal personal travel habits as it provides both spatial and real-time data on the traveler’s activities. A recent MIT research study that found that four pieces of location data combined with finance data could re-identify 90 percent of individuals, despite the data set lacking any names or other traditional identifying characteristics (35). One result of the study’s findings is that it is no longer safe to assume that anonymized data does not require the same high level of controls as information with personally identifying characteristics. If location and time are, by themselves, intrinsically identifying, then many sources of transportation data may need stricter protections than previously thought.
Many Americans highly value the privacy of their vehicular data, but currently available and emerging vehicle technologies may make it difficult to secure this information. For example:
· A 2015 survey conducted by U.S. Senator Ed Markey’s office determined that “nearly 100 percent of cars on the market include wireless technologies that could pose vulnerabilities to hacking or privacy intrusions” (36).
· A 2013 survey of 2000 adults by the Auto Alliance found that privacy is an issue for consumers, with 75 percent of survey respondents indicating that they were very/ somewhat concerned that companies would collect data from the software operating self[1]driving cars (37).
· A 2013 telephone survey conducted by the American Automobile Association (AAA) found that 86 percent of the 1,007 U.S. adults surveyed thought there should be laws and policies to protect their vehicle data (38).
An important process used to evaluate the collection of personal data in information systems is Privacy Impact Assessment (PIA). The E-Government Act of 2002, Section 208, establishes the requirement for agencies to conduct PIAs. The assessment is “a practical method for evaluating privacy in information systems and collections, and documented assurance that privacy issues have been identified and adequately addressed” (39). In practice, the privacy of vehicular data is addressed by different stakeholders (OEMs, aggregators, public agencies) and the different approaches align with this notion: where the data is recorded matters (40). For example:
· Transportation agencies collect toll tag data from RFID tags, Bluetooth data sets from Bluetooth sensors, and weigh-in-motion data from freight vehicles, and view this data as public information. They are governed by law in their protection of PII. As agencies begin to use more data from the car, they will need to address protection.
· Transportation Data aggregators (TomTom, INRIX, HERE, Air Sage) create a new product from data generated from inside the car, and view themselves as owner of the product. The companies use agreements with telecommunications providers and their cellular networks to transmit location and other forms of data (speed, heading, acceleration, etc.) associated with sensors in roadway infrastructure, vehicles, and smart phones to their database to generate products related to business competition analysis (number of visits by customers), real-time speeds and volume on a transportation roadway network. They have the most stringent and developed procedures for PII since data is their primary business.
· OEMs see the driver as the owner of the data generated in the vehicle, but through user agreements view themselves as “stewards” of the data. Car makers have been traditionally focused on the profit from vehicle sales, but have realized the car data has value, sometimes greater than profit from the sale of the car itself. In 2014, various industry groups adopted guidance for privacy protection, but it is not legally binding. OEMs use backhaul frequencies tied to cellular networks in order to collect data containing unique vehicle identifiers and telematics information on the current operating condition of a vehicle.
· Financial transaction records tied to location are often shared with big data providers through the same cellular networks to more effectively market consumers by their location.
This variety of stakeholders each have gathered PII and location data that may be anonymized alone, but when combined could lead to the re-identification of consumers (41). Major telecommunications providers, data aggregators, auto manufacturers, transportation agencies, and financial institutions work closely with one another to ensure that PII is effectively anonymized. However, there exists a large liability when it comes to the possibility of hackers combining these location-based data sets with finance data sets in a way that could re-identify individuals.
Presently, Texas laws do address PII, the risk of potential combinations of anonymized data to re-identify individuals, and the requirements/responsibilities of stakeholders who have experienced a data breach. The protection of PII is a current topic of interest for Texas, as well as federal policy makers. Table 2 describes PII-related legislation the Texas legislature has proposed and enacted.
The capture and use of data about an individual’s location has not been specifically listed, but the following types of data can be included in current Texas law (521.002) as a type of personal identifying information:
· Name.
· Social security number.
· Date of birth.
· Government-issued identification number.
· Unique biometric data.
· Unique electronic identification numbers.
· Addresses.
· Routing codes.
· Telecommunication Access Device (card, plate, code, account number, personal identification number, electronic serial number, mobile identification number, etc.).
· Vehicle location data associated with Bluetooth and GPS devices that rely on cellular towers, and GPS satellites.
Personally identifiable information (PII) is defined by the General Services Administration (GSA) as: “information about a person that contains some unique identifier, including but not limited to name or Social Security Number, from which the identity of the person can be determined” (42). Texas Business and Commerce Code 521.002 describes PII as information that “alone or in conjunction with other information identifies an individual,” which recognizes that re-identification is a risk as a result of the combination of different available data sets.
Texas Business and Commerce Code 521.051 provides the private citizen legal protection from businesses by placing the risk onto business stakeholders responsible for monetizing the data by gathering, repackaging, and selling the transportation data to various parties. Within 521.051, data providers are required to obtain the consent of the individual to use their PII to obtain a service or product. This consent is often obtained by formal notifications from the telecommunications providers to their customers, or through user agreements built into their smart phones or smart phone apps.
If a business obtains the consent to use the PII, and shares it beyond the confines of its own control as a product or service to other organizations, the Texas Business and Commerce Code 521.052 requires them to alter the PII that it obtained by consent to make the identifying information unreadable or indecipherable. These Texas laws make it clear that the businesses are liable for any combination of PII that leads to the re-identification of the individual (43).
Data Ownership
There are widely differing ideas about who owns, or can have access and control of, transportation and vehicle data at different stages of the lifecycle. Presently, the data belongs to those who collect it. Although some data is related to the private citizen or the private citizen’s vehicle, it is often not owned by the private citizen. It is owned by the organization that collects it. The public may view the data as owned by the individual, but this ownership often only extends to privacy rights detailing how companies can use it while also preventing PII from being revealed. Therefore, various groups that collect transportation data have data ownership rights to control, sell, and redistribute that same data often as a result of user agreements (40).
Several definitions exist for data ownership and all that it entails (44):
Definition 1: “Entity that can authorize or deny access to certain data, and is responsible for its governance with regard to accuracy, integrity, and timeliness.”
This definition has potentially complex implications for vehicle data ownership. As a result of the recent federal legislation, vehicle owners also have control of their event data recorders (EDR), yet have little responsibility for the accuracy, integrity, or timeliness of this EDR data.
In this sense, OEMs gather these data and govern the accuracy, integrity and timeliness or rely on third party services to take on this role. They in effect become the owners of this vehicle data, which has been obtained as a result of terms and conditions associated with the vehicle purchase (45). Recent federal and state laws establish individual vehicle owners as the owners of event data recorder (EDR) information. The recent Federal Driver Privacy Act of 2015 established individual vehicle owners as also owning EDR data and details how the government is reluctant to impede the flow of data necessary to develop connected and automated vehicle systems: “The term [EDR] should not be interpreted as to burden unnecessarily the development of advanced vehicle safety technologies, including autonomous vehicles. The committee contemplates that the EDR would be discrete from any devices and functions used for the operation of such vehicles” (46).
The state of Texas has enacted its own version of the Federal EDR law. Established under the 79th Legislature in 2005, HB 160 provides for the owner to retain possession of the EDR data similar to the Federal law with several important caveats (47):
“Information recorded or transmitted by a recording device may not be retrieved by a person other than the owner of the motor vehicle in which the recording device is installed except:
(1) on court order;
(2) with the consent of the owner for any purpose, including for the purpose of diagnosing, servicing, or repairing the motor vehicle;
(3) for the purpose of improving motor vehicle safety, including for medical research on the human body’s reaction to motor vehicle accidents, if the identity of the owner or driver of the vehicle is not disclosed in connection with the retrieved information; or
(4) for the purpose of determining the need for or facilitating emergency medical response in the event of a motor vehicle accident.”
Federal Law does not provide for the use of EDR data in medical research beyond the owner’s consent, and it does not provide for the transmission of this data to a central location beyond the vehicle’s boundary. These two additions turn over the anonymized EDR data to medical research and PII to emergency dispatch in the event of the incident, regardless of the vehicle owner’s consideration. Texas law does not consider non-EDR telematics data and the transfer of this data within the scope of the law.
The ability to deny access to telematics data is conferred upon both the vehicle owner and the automotive manufacturers. Automotive manufacturers rely on terms and conditions associated with the vehicle purchase agreement to establish their control and access to individual vehicle telematics data. Automotive manufacturers also rely on third party service providers, such as OnStar, to provide assistance services at an extra monthly fee. The vehicle owner may elect to not pay for the OnStar subscription service, which in effect turns off the vehicle telematics data transfer associated with this subscription service. This renders both the automotive manufacturer and the vehicle owner as entities who can authorize or deny access to the set of telematics data within a vehicle. Since a private citizen needs to be able to purchase the car by necessity, they do not really have ownership as to whether they transfer telematics data to the automotive manufacturer.
Definition 2 (48): “Data ownership is the act of having legal rights and complete control over a single piece or set of data elements. It defines and provides information about the rightful owner of data assets and the acquisition, use and distribution policy implemented by the data owner.”.
In this definition, it is not just the sourcing of the data or even possession that defines data ownership. Rather, it is the control over data distribution, acquisition, and use that determine ownership. In the case of data aggregator services, multiple sources of data are collected from all manner of inputs as a result of data sharing agreements with various entities. As stewards of the data, they are responsible for anonymizing the data source before using it to prevent the data from being turned into PII and for establishing user agreements once the data has been processed to ensure no one is using it in ways that expose it to re-identification. The source of the data through user agreements establishes what data aggregators can do with it, but once they have obtained it, they become responsible for governing how it is used, distributed, and acquired.
In both definitions it becomes clear that terms and conditions, and user agreements establish the underlying data ownership clauses or ground rules for how data and information is governed, processed, shared, and applied between individuals, the public, and private sector entities. Figure 5 provides a high level view of how vehicle data flows out from a vehicle and relies extensively on user agreements to facilitate data ownership and governance in the marketplace.
Data aggregators in the private sector procure all manner of vehicle-based and vehicle-oriented data for combination and repackaging into a product or service. For example, data aggregators will procure Bluetooth speed data sets from sensors in traffic intersection signals and along the roadway from the public sector and then match it with telematics data from auto manufacturers and freight fleet management systems. This combined data set is used to create a data product depicting a more detailed real time vehicle speed that can then be purchased by the public and private sector for congestion analysis purposes (45). This information may also end up back in the data aggregators own application, which vehicle owners or auto manufacturers may use to assist with navigation around traffic events.
The degree to which the public sector and private sector collect and distribute vehicle data is in flux. As a result of connected vehicle developments, the future is uncertain for how vehicle data will be used and distributed between public and private sector participants.
Liability
Liability is closely tied to ongoing developments in technological innovation, especially as it relates to what is considered PII, or “linked” to PII. The public and private sector are liable in how they govern and protect their data assets from damages associated with data breaches and cyber-attacks, which have far ranging security implications that can potentially affect the daily functions of a transportation network. Organizations responsible for collecting and governing the data from roads, ports, and public transit may be held liable for damages resulting from a data breach or cyber-security attack. The costs include damaged transportation assets, regulatory penalties, and legal costs to minimize the impact of a data security breach on customers, employees, and the transportation asset. There are also questions on the extent to which a governmental organization bears responsibility for the shape and use of the transportation data it provides to third party services and the public.
Federal regulations and lawsuits serve to shape the debate and establish policy governing the extent to which public and private organizations are liable for formatting, sharing, and guarding data related to personally identifiable information.
Vehicle location data is important for transportation agencies because it best accounts for transportation network demands and needs so that agencies can better plan and manage the transportation assets under their care. In Texas, under the 80th legislature HB 2278 in 2007, Business and Commerce Code was established to require businesses to implement reasonable procedures to protect unlawful use or disclosure of PII. The act also requires businesses to destroy PII records that are not scheduled to be retained by the business. This act requires businesses to notify private citizens following the breach of security of PII data within certain cost constraints (a cost $250,000 limit) (43).
There are several considerations an organization may take when it comes to ways to mitigate potential transportation data liability:
· Clear and unambiguous terms of use help address liability with regard to data by establishing what a violation of the data use would be (49). This may include unauthorized combination of data sets in ways that create increased risk of re[1]identification of anonymized data.
· Government agencies interested in sharing transportation data through open access platforms for public consumption may benefit from defining “data to be released” to not include information protected by privacy, security, and accessibility laws (50).
· Agencies are also liable in how they format and provide data (51). For example, information available for public consumption by public agencies must be done in a manner that meets requirements under the Americans with Disabilities Act.
· Liability associated with anonymous geolocation data becoming PII when merged with published data sets in what is known as the mosaic effect (52).
· Establishment of network security requirements, employee training, privacy and network policies and procedures, and data breach/cyber-security attack response planning will help in further reducing risks and liability associated with transportation data and access.
Public Perception
Public perception of transportation data management is closely associated with many phases of the data management life cycle. The Pew Research Center found that “68 percent of internet users believe current laws are not good enough in protecting people’s privacy online.” Pew also found that young adults prioritize privacy issues higher than many of their elders with many taking efforts to protect their privacy by removing their names from tagged photos, and taking steps to mask their identity. Nearly 75 percent of Americans believe it is very important to be in control of their personal information (53).
For example, the public perception of connected vehicle technologies have a role in the development of new transportation data sets. Connected vehicle data can include speed, heading, temperature, tire gauge sensors, seat belt engaged sensors, and other internal sensors layered into a vehicles operating system. The majority of drivers consider electronic monitoring of their driving a violation of privacy (54). Driving this consideration are concerns about how use of data on travel routes and stops could be embarrassing and harmful if disclosed to third parties with access to the data resulting in a variety of damages including commercial misuse, public corruption, and identity theft.
Given the lack of public trust in data collection, sharing, and security, as noted in several studies and polls (Pew, Politico/MorningConsult poll), there is support for new U.S. Privacy Laws and limits on data retention. Americans favor limits on how long the records of their activity are stored.
Security
Data security refers to the protective measures applied to private data sets in order to prevent unauthorized access to IP addresses, whether it be through computers, databases, websites, mobile devices, or vehicles (55). According to the Storage Networking Industry Association (SNIA), storage security represents the convergence of the storage, networking, and security disciplines, technologies, and methodologies for the purpose of protecting and securing digital assets (56). Data storage security is also considered as “a wide-ranging area that covers everything from legal compliance, through preparedness for e-discovery requests to user access control and the physical security of data storage” (57). It can be a group of parameters and settings that make storage resources available to authorized users and trusted networks.
When data are secure and appropriately regulated, there is greater trust and confidence in its use. Data security issues have received increased attention as a result of data breaches that have become a regular thread in the news. CBS’ 60 Minutes has reported that the lack of any overarching federal legislation on data security increases the pressure for individual states and state lawmakers to address data security (58). Studies shows that a majority of Americans (64 percent) have personally experienced a major data breach, and relatively large shares of the public lack trust in key institutions – especially the federal government and social media sites – to protect their personal information (59). Laws typically cover data security by requiring public and private organizations to apply data security measures such as:
· Breach notification.
· Backups.
· Masking.
· Erasure.
· Encryption.
· Access authentication.
· Clearly defined privacy rights.
By clearly defining data privacy rights, any data breach can be linked to violation of privacy rights and prosecuted accordingly. California enacted the first data breach notification law in 2002, and several states have followed suit. Data security laws covering other topics are also increasing across the states. For example, 31 states have established laws regulating the secure destruction of personal information.
Within these states passing or considering new data security laws, cross-cutting topics emerge like data ownership. For example, Massachusetts passed a law requiring organizations to maintain data security programs with specific requirements that include overseeing third-party service providers, conducting risk assessments, and enforcing violation of security policies. New York State passed a law in 2014 similar to the Massachusetts law with one distinction: it set up separate requirements for data owners and data maintainers or third party services that aggregate and maintain computerized personal information. In addition to requirements for data owners, these third party service providers must also:
· Secure user authentication protocols.
· Secure access control measures that assign unique IDs and passwords to each person with access to systems.
· Encrypt personal information that travels across public networks or is transmitted via· wireless.
· Monitor systems for unauthorized use of or access to personal information.
· Encrypt information stored on portable devices.
· Implement appropriate firewall protections and operating system patches.
· Implement security software that receives regular updates.
· Implement security education and training (58).
As a result of this distinction of data owner versus data maintainer, in New York third party data service providers, such as INRIX, must follow even more stringent data security requirements to handle PII data sourced from probe data in vehicles.
Data security and breach notifications are based on exposure of PII and defining what PII is. The definition of PII differs across states but is basically an individual’s first name or first initial and last name plus one or more of the following data elements:
· Social security number.
· Driver’s license number or state-issued identification card number.
· Account number, credit card number or debit card number combined with any security code, access code, PIN or password needed to access an account (60).
As denoted in Table 3, data security breach definitions follow the basic tenet of unauthorized acquisition of PII across most states.
Some states, such as Arizona, also add a qualifier that the PII obtained in the data breach must also cause or potentially cause substantial economic loss to an individual in order to warrant a data breach notification. Given that breach notification laws have different obligations and requirements across states, there is a heightened risk that multistate organizations and third party transportation data service providers will have to contend with potentially conflicting data security obligations in the future as a result of the United States not having an overarching data security framework in place.
It is important to follow cybersecurity-related bills enacted during the 83rd Legislative Session in 2013 that affect how agencies and educational institutions develop and report information security plans (61), notably Senate Bills 1597 and 1134. Senate Bill 1597 requires that each state agency submit a security plan to DIR by October 15 of each even-numbered year. Senate Bill 1134 requires that DIR develop strategies and a framework for the securing of cyber infrastructure by state agencies.
Standards and Data
Quality
Data standards ensure high quality and high value data and are important in all phases of the data management lifecycle. Quality assurance and quality control (QA/QC) is the process used to discover inconsistencies and other anomalies in the data, as well as performing data cleaning activities to improve data quality. It can be applied to the first-hand data collected by the transportation agencies, or the data purchased from the private companies. Quality ensures the data was collected correctly and could be used to generate meaningful results. While significant data have been generated in recent years, one study suggests that “the utilization and operation of the data is an increasingly difficult task since the data are collected with different levels of accuracy and resolution, and data formats are incompatible. Furthermore, the problem worsens as the amount of data continues to grow. The quality of data in data collection, operation, and management efforts has resulted in the underutilization of data and increased utilization costs” (62). This study only addresses questions regarding real-time travel information. There has not been any establishment of data quality standards across the whole transportation system.
Significant human and system resources are consumed in the collection, manipulation, and dissemination of data, so it is essential that the most effective use of public funds is achieved through appropriately directed attention to data quality and the procedures to realize quality. Research is uncovering the need for standards in reporting data to help allow for meaningful comparisons, and exploring the role of big data in informing policy decisions.
Often local, regional, and state agencies work independently to collect the same type of data for different projects. Because there is a lack of formal guidance, it has been challenging to assemble data collected by different agencies into compatible, standardized formats accessible from a single location.
For instance, the MPOs and TxDOT district offices collect and maintain their own pedestrian and bicyclist counts. However, the data are coded and stored in different formats. This results in extra work when the state tries to centralize all the data from different sources and convert them into the same format. A potential solution is to create state standards for all future collection of pedestrian and bicycle data with a reference to the Coding Nonmotorized Station Location Information in the 2016 Traffic Monitoring Guide Format. In this case, a standardized collection methodology will reduce the amount of time and resources needed for all users to access data, and encourages interagency partnerships.
Improvements in traffic data collection technology have allowed states to improve their data collection processes and to streamline QA/QC procedures. In the field of real-time traffic monitoring and control, data users focus on traffic management and provision of traveler information. Data uses are considered real-time with some agencies also beginning to use historical real-time data to provide additional value to traveler information. Data quality checks are mostly run through field data collection hardware and software. Field hardware and software failures are common. This field uses equipment that could be considered a pre-cursor to automated and connected vehicle systems. For example, many of the sensors and intelligent transportation system components like CCTV, radar, and microwave sensors capable of detecting speeds and transmitting information quickly to traffic management centers showcase some of the difficulties that connected vehicle sensors will encounter in all types of weather and operating conditions present on road systems across a given calendar year (63).
In the field of air quality, data collection requirements for mobile source emissions stem from the Clean Air Act Amendments of 1990 (CAAA) and the Intermodal Surface Transportation Efficiency Act of 1991 (ISTEA) (64). These mobile source emission estimates are based on standards, quality control, and quality assurance associated with planning data collection requirements that have evolved over time with original estimates tied to traffic volume counts on roadways.
Congestion management planning efforts and traffic speed data have recently been standardized and inserted into emission models for use in air quality determinations. Proper use of data is ensured through the use of standards, whether imposed structurally through the design of a data program or in a regulatory manner. One benefit to employing such principles is that data is collected once and used to support multiple purposes, and is of the quality necessary to maximize its use in the decision-making process.
Vehicle probe data provides the vehicle’s current position, motion, and time stamp. It is collected from smart phones and sensor-based technologies inside vehicles as they move down a roadway. Vehicle probe data supports government services that help improve road operations, planning, maintenance, and traveler information. The U.S., EU, and Japan entered into a vehicle probe data collection partnership to make an attempt at standardizing probe-data-enabled applications through the Society of Automotive Engineers, ITS SPOT data in Japan, and the Cooperative Awareness Message in Europe. The top three findings from this effort indicated that security requirements, privacy policies (including anonymous data collection and voluntary opt-in applications/services), and data ownership/data rights were the primary challenges to achieving any sort of standardized probe data solution that can work in all three regions (65).
Policy Implications
In transportation, data is used to assess alternatives, weigh tradeoffs, evaluate performance, and inform travel behavior. Public support for privacy laws and limits on data retention will impact transportation data management lifecycles. Also, anticipating and understanding Big Data is not only a necessity for innovative solutions to policy problems, but it can also bring about the more efficient allocation of public funds. Passive data collection from probes, GPS, Bluetooth sensors, mobile devices, and cameras can replace traditional travel survey methods, reducing public agency costs. Similarly, insights gained about travel behavior from Big Data sources can enable the more effective use of public funds. For example, analysis of the detailed travel behavior information gathered from GPS and mobile devices can serve to better prioritize traffic management projects.
As transportation organizations work with more stakeholders and external partners to incorporate them into decision making, planning, and operations, there is an increased pressure to also share data. Shared data can help improve decisions since agencies/researchers will be able to obtain a more comprehensive picture of the impacts their decisions have based on contributions of new data sets from a wider variety of sources, both internally and externally. Open sharing of information and the release of information via relevant agreement must be balanced against the need to restrict the availability of classified, proprietary, and sensitive information.
While policy makers should be aware of the opportunities presented by Big Data, it should not be mistaken as a replacement for more traditional research activities. Big Data does not equal whole data. Such things as vehicle-based data sources open new avenues of business development and scientific exploration, and improve shared data set values. The potential to merge newly collected transportation data with older data sets in new and innovative combinations in order to improve future predictions and drive new business solutions is why Big Data has important implications for what data to store and archive, and in what format.
Potential ways to enhance data storage security include data classification and encryption. It is important to understand what data need to be protected and to create a “Data Classification Policy” to classify data based on sensitivity. It is recommended to create a minimum three levels of data classification (e.g., restricted, confidential/private, public). There are many ways to encrypt data, and it should be done before sharing sensitive data over untrusted networks. The key is to use strong encryption and proper key management.
The importance of data in this era of data-driven decision making, the swift increase in the volume of data due to improved collection methods, new uses such as automated and connected vehicles, and increased interest on the part of the public in factors underlying decision making, suggests that policymakers may have an interest in understanding and addressing the quantity, quality, creation, collection, storage, retention, privacy, security, and availability of transportation data across agencies. Data-driven insight can serve to inform policy decisions at all levels, helping to conserve limited public funds and ensure the most efficient and effective use of transportation systems.
No comments:
Post a Comment
Tell your requirements and How this blog helped you.