Skip to content

Understanding the Data in MDS

Jascha Franklin-Hodge edited this page Oct 20, 2021 · 8 revisions

What's in MDS

MDS includes information about the status of vehicles, their location, and where they are going. While MDS does not convey personal information about the users of shared mobility services, data collected about mobility can be sensitive. Therefore, MDS users should treat this data as potentially sensitive and carefully consider and manage risk throughout the lifecycle of any MDS implementation. To learn more about best practices for privacy, please see the MDS Privacy Guide for Cities.

To further assist with the assessment and management of risk, this document contains lists of potentially sensitive data and fields within MDS APIs and endpoints, based on the latest MDS 1.1.0 release.

Because MDS is modular, a public agency could pick from a subset of these endpoints based on their use cases, and not every agency will require every endpoint. Of note in MDS 1.2.0 is a new feature called Policy Requirements which allows agencies, per their use cases, to clearly exclude any fields or data they do not want to receive via MDS.

Data Not in MDS

This table is a list of common direct and indirect identifiers, and if they are included in MDS in any capacity. Note this list is relevant to cities and governments using MDS, as mobility providers require directly some personally identifiable data for operations.

Not included in MDS, but data some providers and organizations may have access to outside of MDS:

  • Social Security Number
  • Tax ID Number
  • Bank Account Information
  • Insurance Information
  • First or Last Name
  • Home Address
  • Work Address
  • Cell Phone Number
  • Email Address
  • IP Address, Cookies, RFID tag
  • Biometric Data
  • Credit Card
  • Drivers License Information
  • Birthdate
  • Sex/Gender Identity
  • Race/Ethnicity
  • Rider Height
  • Rider Weight
  • Income Level
  • Internet Browsing History
  • Mobile Phone GPS
  • Trip Total Spending
  • Rider Trip History
  • Video or Audio

Included in some MDS data fields:

Potentially Sensitive

  • Vehicle or Device ID
  • Vehicle Trip Origin/Destination
  • Vehicle Trip Route
  • Vehicle Parking Photographs

Not Sensitive

  • Vehicle Trip Duration/Distance
  • Vehicle Status/Properties

Potentially Sensitive MDS Fields

This table shows fields in MDS that could be combined with other external data to potentially reidentify a subset of individuals, broken down by the relevant MDS API and endpoint, and general data category. For each endpoint there are many more fields that do not contain potentially sensitive data - these fields are not listed here for simplicity. Note this list is relevant to cities and governments using MDS, as all mobility provider companies require directly identifiable personal data for operations.

Because some MDS data may be considered sensitive under specific circumstances, the OMF provides guidance on how to minimize privacy risk in our MDS Privacy Guide for Cities.

MDS API & Endpoint Total Field Count Potential Personal Field Names
Provider Trips 18 fields device_id, vehicle_id, route, parking_verification_url (optional)
Provider Status Changes 15 fields device_id, vehicle_id, event_location, trip_id
Provider Reports 7 fields Considered sensitive *
Provider Events 15 fields device_id, vehicle_id, event_location, trip_id
Provider Stops 21 fields ---
Provider Vehicles 12 fields device_id, vehicle_id, last_event_location, current_location
Agency Vehicles 11 fields device_id, vehicle_id
Agency Vehicle Register 7 fields device_id, vehicle_id
Agency Vehicle Update 1 field vehicle_id
Agency Vehicle Event 6 fields device_id, vehicle_state, gps.lat, gps.lng
Agency Vehicle Telemetry 13 fields device_id, gps.lat, gps.lng
Agency Stops 3 fields ---
Policy List 27 fields ---
Policy Requirements 24 fields ---
Geography List 9 fields ---
Geography Detail 9 fields ---
Jurisdiction List 7 fields ---
Jurisdiction Query 7 fields ---
Metrics Discovery 7 fields ---
Metrics Query 12 fields Considered sensitive *

* This feature is currently in a public beta testing phase to gather operator and agency feedback. Depends on the level of aggregation and a case-by-case analysis of whether it is likely that the recipient of the data may extract info relating to single vehicles, e.g. through disaggregation and with external data sources. This endpoint contains only aggregate data counts, and k-anonymity is also used to remove low aggregate counts.

Clone this wiki locally