Open ORCA Questions
What are the top issues you've come across? What are the big hurdles you've encountered and what do you foresee? What do you see are the pertinent legal issues?
How does this deployment differ from other ERG transit systems (additions and subtractions)? How are they managed (organizationally, legally)
Is there any participating in developing the electronic bill of rights? Is there any other legislation that is relevant that you are looking at?
Is there a citizens advisory board? How is compliance with the policies ensured? Who is watching the watcher?
What other applications are you planning on beyond transit? We know about the UW-Pass and Boeing, but who else? Who will you interoperate with?
How does KC Metro currently handle law-enforcement information. Given that data (entrance/exit) data may be collected for min 90 days. you worried about an increase in requests (see uk)
Who are the "partner participants"? What gets sent to third party? Is it aggregate or individual records? Can this data be sold? If so, in what formats?
How are the boundaries of applications defined? Do you have plans to expand beyond transit. And if so, who do you classify as a third party and what data flows between these new applications? Who can issue new cards?
What are the five hardest things you have overcome so far and what are they five that you foresee?
What are my options to opt-out. Are these reasonable options?
Who gets sued when something goes wrong?
What are you changing between this system and the old system? What do you gain (variable rates, more throughput)? What do you see as the long term change.
As a user of the system, what are the terms and conditions? What contract do I sign?
Data I take a trip on the bus. From the time I swipe my card till the time I get off, where does the data go, what does it get added, and when does it it disappear?
How long is the data kept and what form (aggregate) is it stored?
Who has access to what data and how? Where is the data stored? How does KC Metro view ownership of data? How is it shared? Is there an audit trail? Transparency builds trust. Is there a way fix incorrect data?
Can I look at data about me (as opposed to my data).
What data is stored on the card and what is stored in the database? Are the unique identifiers salted on the card?
How does data get back to the central database? Is it sent in the clear? Via wifi? smoke signals?
Data retention. We know it is held for a min of 90 days, but what's the max? What data are you collecting and why?
If there are one-use cards, what are the issuers entitled to (data wise)
To Do Who will be there? We are not n00bs... Perhaps bring a lawyer and a technician