myki Privacy Policy

Our myki Privacy Policy explains how we manage the myki information we collect. It includes details about how you can check that we're managing your myki information in line with Victorian laws.

In our policy, we:

  • explain our role as custodian of personal information related to myki
  • define the different types of information we collect
  • describe how we collect different types of information
  • list the organisations we collect information for
  • explain how we maintain data quality
  • describe what information we keep in the myki ticketing system and how long we keep it
  • explain how we protect your privacy using features of the myki ticketing system
  • provide detail about information collected for unregistered, registered and concession myki cards
  • describe the ways we use myki information, including for the purposes of ticket enforcement
  • describe the reasons we may give your information to a third party
  • commit to taking reasonable steps to protect your information
  • provide details of who you can contact to correct or update your information, or to make a complaint about the way we handle your information.

At the end of the policy, we define all the key terms and abbreviations that we use in it.

myki Privacy Policy

Introduction

This privacy policy relates specifically to the myki ticketing system. In addition, PTV has a general information privacy policy (which covers handing of personal information in contexts other than myki).

Privacy issues and myki

PTV recognises that under the myki ticketing system, PTV is the custodian of personal information relating to individuals who travel using myki. PTV is committed to respecting the privacy of customers. As well as complying with applicable laws, PTV seeks to give customers choice and control over the way their personal information is collected and used. Registration of a myki card is voluntary. PTV does not require collection of personal information from a customer when you purchase a myki card.

The myki ticketing system is delivered on PTV’s behalf by third party contractors. PTV or contractors engaged by PTV may contact you for a survey, e.g. customer satisfaction, to help improve its products and services, including in relation to ticketing, travel and passenger experience generally. PTV ensures that arrangements with these contractors include appropriate privacy and confidentiality obligations. PTV also takes responsibility for trying to resolve any privacy concerns or complaints that involve the actions of its contractors.

 

Collection of personal information

PTV collects personal information necessary for the operation of the ticketing system, for dealing with enquiries or complaints related to ticketing and for marketing or promotions related to ticketing and public transport. Personal information may be collected through forms, the website, the call centre, a PTV Hub customer service centre or myki retailers or devices.

The personal information that PTV collects under the myki ticketing system is also collected for the purposes of other public transport authorities – the Department of Transport ("the Department") and contractors, agents and delegates of the Department and PTV, including public transport operators. This is in effect a joint collection. The Department is also subject to the Privacy and Data Protection Act 2014, but is separately responsible for compliance and its policies may not be the same as PTV’s.

PTV collects only as much personal information as is necessary for the operation of the myki ticketing system and allows customers to transact anonymously where practicable. No personal information is collected from customers who buy or use myki cards unless they choose to register their myki, or they are in one of the concession categories where registration is required. However, some information may be required about the method of payment and/or delivery of the myki.

In accordance with the Victorian Fares and Ticketing Manual of 28 March 2019 (Manual), setting out conditions that have been determined under section 220D(1) of the Transport (Compliance and Miscellaneous) Act 1983, Ticketing in Victoria depends on which service a customer uses:

  • myki – metropolitan trains, trams and buses, bus route number 684, V/Line commuter trains, V/Line Night Coach network services, V/Line parallel coach services and some regional town buses
  • V/Line paper tickets – V/Line coach and long distance train services
  • Day Passes – metropolitan trains, trams and buses and some regional town buses
  • Regional Bus Tickets – some regional town buses.

 Information is collected to understand, diagnose and to support data driven decision making around the public transport network including:

  • calculate the correct fare, public revenue and cost recovery in provision public transport services
  • provide reduced fare for eligible customers
  • verify requests for refund where/if a customer is charged incorrectly and/or disputes a charge, verify ongoing entitlements
  • ticketing compliance and enforcement
  • planning, including safety and security, for public transport strategies and investments
  • patronage trends and understanding how people move around the network
  • impact to customers at station/stops during major occupation works or disruptions and communications
  • crowd flow management during major events for safety purposes
  • identifying cards which require compensation due to an unforeseen event on the network
  • insights to communication and education campaign analysis such as auto top up campaign tracking
  • insights to understanding of customers to improve/tailor campaigns accordingly
  • monitoring new products/devices e.g. Mobile myki or Quick Top Up enquiry machines.

PTV may collect a person’s credit card information to process a payment to PTV. Credit card information collected by PTV will be held in accordance with the Payment Card Industry Data Security Standard (PCI-DSS). The PCI-DSS is a set of requirements for enhancing payment account data security, including requirements for secure network and systems, cardholder data protection, vulnerability management program, access control measures, network monitoring and testing and information security policies.

Personal information is only held for as long as it is required for operational purposes, or as required by law. Once the information is no longer needed for customer service or legal reasons, it will be irreversibly ‘de-identified’ (by having any personally identifying information removed). This de-identified information may then be used, indefinitely, for transport planning purposes.

Collection of health information

In some instances, PTV’s functions of administering travel passes may involve collection of health information. Such information is collected with express consent of the customer, for the purpose of processing and managing applications for specific travel passes. This information is stored separately from the myki ticketing system information (travel history, payments, etc).

Data quality

PTV has an operational interest in any information it holds being accurate, complete and up to date and this coincides with its responsibilities under IPP3 (Data quality).

PTV seeks to ensure that it meets the data quality principle in the following ways:

  • by collecting personal information about its customers primarily directly from them, and only from third parties with the customer’s knowledge
  • by encouraging myki customers to keep their personal details up to date, offering easy update options through the call centre, PTV Hub customer service centres and website
  • through technical standards for the operation of ticketing and other computer systems that collect and process information about travel, other transactions and payments
  • by ensuring that individuals are able to access and correct the personal information that PTV holds about them on request.

Where PTV obtains personal information from third parties (e.g. information about eligibility for concessions from source agencies), the relevant agreements with these third parties will specifically address data quality issues (see also 'Concession myki' section below).

Information in the myki ticketing system

Each myki smartcard has a number, referred to as the Primary Account Number (PAN). This number in itself does not convey any information about the myki customer. The PAN is stored on the myki smartcard chip and is also printed on the myki smartcard. It is used in routine communications with customers, such as through the call centre.

For myki ticketing system purposes, details of the transactions performed with each myki smartcard will be contained in a central card usage database.

Information on the use of myki smartcards is uploaded periodically to the central card usage database. This information is retained in a way that can be linked to the customer (if registered) for as long as it is reasonably needed to answer queries from the customer, to reconcile any payments involving other retail agents (merchants) and for legal reasons. Some information is required by law to be kept for up to seven years.

A cardholder (registered or unregistered) can check their recent myki usage data by presenting their card at a stand-alone enquiry machine (called a ‘myki check’) and myki vending machines. Some retail agents (or partners) are contracted under the myki ticketing system to provide customer service functions at the cardholder’s request (including viewing and/or printing the myki card usage data and balance details if requested by the customer).

Privacy protection in the myki ticketing system

Privacy protection is provided either as a design feature or incidentally by the following features of the myki ticketing system. This list is a summary only; detailed explanations are available in later sections.

  • Unregistered myki cards are available for most customers (eligibility for some types of concessions does require registration).
  • Customers have the option of holding multiple myki smartcards.
  • Limited personal non-identifying information is required to be stored on the myki smartcard chip, for example, a code indicating the customer’s entitlement to concession discounts (for example, for student or senior concession) so that the correct concession fare is calculated.
  • The usage data stored temporarily on the card includes a short transaction history (i.e. touch-on/off data, or top-up transactions).
  • Registration details and payment details are kept in separate databases, with limits and conditions on linkage.
  • Holders of full fare and most concession myki smartcards may choose to register their myki and have their name printed on the myki smartcard at the time they apply (some personalisation requirements are mandatory for specific concession customers).
  • There are limits on who can access the information on the myki smartcard chips, how they can access it, when, and for what purpose.
  • Database access is auditable and traceable.
  • The system allows for specified data retention periods.

Unregistered myki

If a customer chooses not to register their myki, the system will still retain usage data (eg trips taken and payment history), linked to the myki card number (the card’s PAN). This is not personal information as PTV does not have the ability to link it to an individual.

PTV will not provide myki usage data to unregistered card holders as PTV is not able to confirm the individual’s identity and ensure the information is only released to the rightful card holder. PTV may provide usage data from an unregistered myki to law enforcement agencies, where this is appropriate and permitted under privacy laws. This may include travel history and payment records, but will not include any personal information.

Registered myki

PTV promotes the benefits of registration to potential customers. For example, registration gives a customer the ability to use Auto Top-Up and the security of balance protection if the card is reported as lost or stolen.

Customers who register their myki need to provide a name, postal address and phone number (provision of email address is required if registering your myki via the myki website).

myki customers choosing to register full fare, seniors, concession (general) or child myki smartcards can nominate to have their name printed on the face of their myki smartcard when applying (a nominal fee may apply). Registration and printing of a name and a photo (in some cases, a name only) is mandatory for some myki concession customers.

Registered myki customers are allocated an account number in the Customer Relationship Management database. The account number is used for administrative purposes only and is not used in routine communications with customers.

Registered myki smartcard usage data is treated as personal information and as such the usage data is managed in accordance with this policy.

Registered account holders wishing to check the usage data for a myki in their account can do this by logging into their myki website account or by contacting the call centre. Registered account holders contacting the call centre will be required to confirm their identification. Identity is verified for outbound calls. When contacting a registered account holder the call centre asks the card holder a series of questions to confirm their identity.

myki customers’ personal information may be used for purposes related to ticketing and transport services (e.g. informing customers of myki payment options, or transport service updates).

Personal information may be used for non-transport-related marketing; any survey or marketing is voluntary. Customers are given the choice of ‘opting-out’ of receiving any such material. Even if personal information were used for such purposes, it would not be disclosed to commercial organisations for other purposes other than for or on behalf of PTV and for the purpose of performing their contract obligations under their contract with PTV.

Concession myki

The distinction between different categories of concession entitlement are electronically encoded on the myki smartcard chip, and some have a visually distinctive design showing the specific type of concession entitlement, such as a name and/or, photo (e.g. Child myki or free travel pass myki cards). These design distinctions are required for both administrative and enforcement purposes. When concession customers pass through gates on the public transport network, a distinctive light showing up on the device may indicate their concession status. Disclosure of information about the myki customer as a consequence of the everyday use of the myki smartcard is therefore limited.

Some concession myki smartcards have a photograph of the cardholder printed on the face of the smartcard to aid checks by Authorised Officers and assist in preventing misuse of the entitlement to concession travel.

Where a photograph is required, no details of the photo or image are recorded on the myki smartcard chip. No copy or record of the image is kept once the myki smartcard is printed, unless the customer has expressly requested that an additional photo is stored in the myki ticketing system back office. Photos for free travel pass myki cardholders and student concession cardholders are managed (and retained) by the PTV Hub in accordance with the PTV Privacy Policy and/or by Metro or V/Line in accordance with their respective privacy policies.

Use and disclosure of personal information

Use and disclosure of personal information by PTV will be in accordance with this policy, privacy law and Information Privacy Principle 2 dealing with use and disclosure of personal information.

Public transport operators will handle some personal information for processing concession applications and for enforcement and complaint resolution. Public transport operators may also obtain aggregate (de-identified) information from PTV for planning and management purposes.

PTV and its contractors use/disclose personal information for managing and improving public transport ticketing and supporting products and services. This includes the purposes outlined in this policy, to perform its statutory functions and exercise its powers under the Transport Integration Act 2010, for contacting you to share information about our products and services, disruptions on the network, provide you with refund where applicable, ask if you would like to participate in customer satisfaction or other surveys to improve our products and services. Participation in a survey conducted by or on behalf of PTV is voluntary.

Ticketing enforcement

PTV is not responsible for enforcing ticketing compliance or managing public transport fare evasion. This is a function established by the Transport (Compliance and Miscellaneous) Act 1983 and Regulations under that Act and is the operational responsibility of the Department.

Using a hand-held device, Authorised Officers are able to read the myki Money balance, myki Pass status, concession status and recent transaction history from a smartcard. If required, they can combine this information with personal details obtained directly from the cardholder in support of the generation of a report of non-compliance (to be provided to the Department for further action). The Department, not PTV, is responsible for issuing infringement notices.

The Department has access to PTV’s registration and smartcard history databases in order to investigate or prosecute alleged offences under the Transport (Compliance and Miscellaneous) Act 1983 or Regulations. This falls within the exceptions to IPP2 related to investigation and prosecution of criminal offences.

Access by other third parties

Apart from disclosures connected with administration of public transport and Transport (Compliance and Miscellaneous) Act 1983 enforcement, PTV only provides personal information about myki customers to other third parties, including law enforcement agencies, in the following circumstances (which are all in accordance with privacy law and IPP2):

  • where PTV is required to do so by law, for example, in response to a warrant or subpoena
  • where PTV reasonably believes that the disclosure is necessary to lessen or prevent a serious and imminent threat to the life, health, safety or welfare or a serious threat to public health, safety or welfare
  • where disclosure is necessary for the purposes of complaint handling, such as disclosure to the Public Transport Ombudsman or the Commissioner for Privacy and Data Protection
  • where the disclosure is requested in writing by the individual concerned
  • where an authorised police officer certifies in writing that the disclosure is reasonably necessary for the prevention, detection, investigation, prosecution or punishment of criminal offences or breaches of law imposing a penalty or sanction
  • in connection with investigating or reporting suspected unlawful activity detected by PTV or its contractors
  • in exceptional circumstances – to intelligence agencies; the Australian Security Intelligence Organisation (ASIO) or the Australian Secret Intelligence Service (ASIS).

PTV has ‘myki - PTV guidelines for disclosure of personal information to law enforcement bodies’. These guidelines set out both the detailed criteria and the procedures for disclosure of personal information by PTV and its contractors or agents to third parties for purposes other than myki ticketing system operations or enforcement of the Transport (Compliance and Miscellaneous) Act 1983. These guidelines apply the requirements of privacy law to any disclosure of personal information.

Disclosure outside Victoria

It is very unlikely that PTV will disclose any personal information to someone outside Victoria except to individuals who wish to access their own personal information or law enforcement agencies as discussed above. If this is required at any time, PTV will ensure that it meets the additional requirements of IPP9 (Transborder data flows).

Data Security and Destruction

Irrespective of whether your Personal Information or Health Information is stored electronically or in hard copy form, PTV will take reasonable steps to protect it from misuse and loss and unauthorised access, modification or disclosure.

Credit card information collected by PTV will be held in accordance with the requirements of PCI-DSS.

PTV will also take reasonable steps to destroy or permanently de-identify your Personal Information or Health Information if it is no longer needed for the purpose (or a related purpose) for which it was initially collected, unless, in the case of Personal Information, it is subject to the Public Records Act 1973, in which case it will be retained or disposed of in accordance with that legislation.

Access and correction

PTV will take reasonable steps to ensure that Personal Information we collect is accurate, complete and up to date. Registered myki customers can update their information either online or contacting the call centre.

Access by an individual to all personal information about them held by PTV is available on request free of charge, subject to appropriate evidence of identity and to certain exceptions set out in the Privacy and Data Protection Act 2014 and Freedom of Information Act 1982. PTV reserves the right to make a reasonable charge for routine provision of information, such as regular account statements.

For more information, call 1800 800 007.

Complaints

PTV Privacy Officer

If a person believes that their Personal or Health Information has been used by PTV in a manner contrary to the PDP Act or Health Records Act 2001 (Vic), they may contact the PTV Privacy Officer:

By phone: call 1800 800 007 

By email: [email protected] 

By post: PO Box 4724, Melbourne VIC 3000

Health Complaints Commissioner

Complaints about any use of a person’s Health Information which is believed to be contrary to the Health Records Act 2001 (Vic) can be made with the Health Complaints Commissioner. You can find more information about submitting complaints in respect of Health Information on the Health Complaints Commissioner website.

Victorian Information Commissioner

People can also contact the Victorian Information Commissioner for more information or to raise certain complaints about privacy matters and regulation in Victoria. You can find more information on the Office of the Victorian Information Commissioner website.

Review

This document is reviewed regularly and at least once every two years.

Glossary and abbreviations

Note: the definitions below are provided with a view to understanding terms used in this privacy policy. For legal purposes (including ticketing enforcement), definitions in the Victorian Fares and Ticketing Manual (myki) apply.

Term

Definition

account holder

The person who has applied to manage one or more myki cards, which will be registered under their name; an account holder may or may not be a cardholder.

Authorised Officer

For the purpose of section 221A and 221AB of the Transport (Compliance and Miscellaneous) Act 1983 (Vic) and the Regulations, an Authorised Officer is a person responsible for providing customer service, checking tickets and reporting fare evasion offences to the Department of Transport.

Auto Top Up

The automatic loading of value to a myki based on pre-conditions specified by the customer; the funds will be automatically debited from the customer’s nominated bank account or credit card.

back office

The central location from which the myki ticketing system data is managed.

cardholder

Means in the case of an unregistered myki card, the person to whom a myki card is issued or who otherwise acquires a myki card and for a registered myki card, a person nominated as the cardholder by the account holder.

central card usage database

This is the Transport Payment Processing System database containing all card usage data for operation of the myki ticketing system.

Concession myki

A ‘long-life’ smartcard programmed with the relevant concession entitlement permitting the purchase of a myki Pass or use of myki Money at discounted concession rates; some concession myki cards will be registered and personalised, with a name and a photo or a name only.

customer

A passenger who holds a valid myki.

Customer Relationship Management database

A database which records and updates customer profile information for NTS customers.

Department

Department of Transport.

digital card

Has the same meaning as ‘digital card’ in Regulation 5 of the Transport (Compliance and Miscellaneous) (Ticketing) Regulations 2017.

fare payment device

Device to which myki cards are presented on the start and end of a trip (or portion of a trip) to touch on and touch off. The device calculates and deducts the correct fare for travel on the myki.

Fares and Ticketing Manual (myki)

The Victorian Fares and Ticketing Manual (myki) (available via www.ptv.vic.gov.au; see the ‘Legal and policies’ section).

Freedom of Information Act

Freedom of Information Act 1982 (Vic).

Free travel pass

Refer to the Victorian Fares and Ticketing Manual (myki) for information.

hand held device

Portable device used to read myki cards for information, load value to myki cards.

IPP (Information Privacy Principle)

IPPs are ten privacy principles established under the Privacy and Data Protection Act, which form the basis of managing personal information. These are IPP1: Collection of personal information, IPP2: Use and disclosure of personal information, IPP3: Data quality, IPP4: Data security, IPP5: Openness, IPP6: Access and correction, IPP7: Unique identifiers, IPP8: Anonymity, IPP9: Transborder data flows, IPP10: Sensitive information.

myki Money

Electronic/stored value balance held on a myki, for use as defined by PTV.

myki Pass

Periodical product which can be loaded by the customer onto their myki for specific zones and a chosen number of days required for travel.

myki card and myki smartcard

Both include a digital card.

myki smartcard chip

Includes an imbedded computer chip in a personal electronic device on which a digital card is stored.

myki smartcard number

An identification number, known as the primary account number (PAN) attributed to each myki, uniquely identifying each myki smartcard.

PAN

Primary account number.

personal electronic device

Has the same meaning as ‘personal electronic device’ in Regulation 5 of the Transport (Compliance and Miscellaneous) (Ticketing) Regulations 2017.

personal information

As defined in the Privacy and Data Protection Act.

personalisation

The physical personalisation of a myki, involving adding a cardholder’s photo and/or cardholder’s name.

Privacy and Data Protection Act

Privacy and Data Protection Act 2014 (Vic).

privacy law

The Privacy and Data Protection Act and the IPPs; and the Health Records Act 2001 (Vic) and the Health Privacy Principles set out in that Act.

PTV

Public Transport Victoria, the operating name of the Public Transport Development Authority.

registration

The process by which a myki is linked to an identifiable customer (account holder and cardholder).

retail agent/partner

Individual retail agents or retail partners will provide an identifiable retail network across Victoria, to support implementation of the myki ticketing system.

source agencies

An agency that provides relevant customer data to PTV for the purposes of verifying a person’s concession entitlement.

touch off

The presentation of a myki to a fare payment device at the end of a journey or section of a journey when exiting a mode of transport or the public transport network.

touch on

The presentation of a myki to a fare payment device at the start of a journey or section of a journey (e.g. when passing through gates to enter a station platform or when boarding a tram or bus).

Transport (Compliance and Miscellaneous) Act

Transport (Compliance and Miscellaneous) Act 1983.

usage data

Data related to the use of a myki smartcard and stored in myki ticketing system back‑office databases (e.g. data regarding purchasing, top-ups, touch-ons).

website

References to the website are to ptv.vic.gov.au