The Background
Geotab is a global leader in IoT and connected transportation, providing fleet management solutions to businesses of all sizes on one open platform. Telematics is a method of monitoring cars, trucks, equipment and other assets by using GPS technology and on-board diagnostics to plot the vehicle’s movements on a computerized map.
Geotab processes over 55 billion data points per day from over 3 million connected commercial vehicles, gathering information about vehicle performance, environmental impact, geographic location and other relevant insights. This data is used by fleet owners to support driver safety and productivity, to conduct predictive maintenance and optimize fleet performance.
The Challenge
Ensure strong privacy protection before releasing datasets that will support urban planning research
In 2020, Geotab deployed its Ignition Platform. The goal of the platform was to make data exploration and visualization technology available to the public at no cost, to help customers and researchers analyze 25 anonymized datasets. The platform provided researchers, urban centers and academics with access to detailed aggregated transportation data that could be used to advance research on intelligent transportation networks, autonomous vehicles and urban planning.
“Not only did the feedback from Privacy Analytics confirm the effectiveness of our data privacy strategies, but it also helped us advance our privacy strategies even further.”
Mike Branch
Vice President of Data and Analytics, Geotab
The datasets covered a variety of valuable transportation-related trends, ranging from hazardous conditions and commercial traffic analysis, to fuel station metrics, temperature variations and cellular coverage of dark spots.
“At Geotab two of our core pillars are ‘strive for transparency’ and do the ‘right thing’, so when we learned that we were sitting on this mountain of aggregated data that could help cities create safer roadways, we felt it was our responsibility to find a secured and efficient way to share insights from the data,” said Mike Branch, Vice President of Data and Analytics at Geotab.
“Geotab needed to be sure its aggregated data was sufficiently protected before making it available to the public through their platform,” said Jordan Collins, Data Privacy Solutions Business Leader at Privacy Analytics. “With strong privacy protections in place, insights produced from the data could safely benefit the public.”
The Solution
Privacy Analytics delivers a thorough analysis of the anonymization strategy
Geotab puts security and privacy at the forefront of its solutions by ensuring rigorous measures that meet industry best practices for data masking and anonymization. However, the company recognized that relying on internal experts to assess the rigor of their data privacy strategies could introduce bias into the assessment. Keeping with its security and privacy first policy, it looked to outside counsel to assess and confirm the effectiveness of its security and privacy methods and procedures.
“Geospatial data is very difficult and it has to be treated with the appropriate context,” said Branch. “Our customers’ data privacy is of the utmost importance to Geotab, so we wanted to take every measure possible to prove we’d done everything we could to protect it.”
The data and analytics team turned to Privacy Analytics to assess the efficacy of their anonymization techniques. Privacy Analytics evaluated Geotab privacy and security measures to confirm that they are adequately protecting the privacy of people and the confidentiality of organizations represented in the aggregated data.
Privacy Analytics conducted a rigorous review of Geotab’s data anonymization processes, using a combination of theoretical threat models to ensure that no individual route, vehicle, driver, or organization could be identified through the data. “Privacy Analytics took the time to understand both the context of the data and telematics use cases,” said Branch.
The evaluation was supplemented by a motivated intruder test. This type of test asks if a reasonably competent person could identify an individual or organization represented in the data.
“The motivated intruder test was very helpful,” said Branch. “It’s one thing to theoretically look at the risk of re-identification, but it’s another to have people with expertise in geospatial data actually attempt to correlate the data to do this.”
Gain confidence to use and share sensitive data
Find out how our advisory services can help you safely leverage data derived from information about people. Watch this 15-minute webinar.
The Result
Geotab’s methods meet industry standards, and its data team implements additional steps to further protect clients
With its data analysis and the motivated intruder test, Privacy Analytics validated that Geotab’s planned data privacy strategies provided appropriate privacy protection, aligning to decades of precedent and international regulations, standards and guidelines.
The Privacy Analytics team also suggested a few additional best practices Geotab’s team could implement to improve privacy while producing more usable data. These practices included adding language in the terms of use explicitly stating that users will not attempt to identify individuals or organizations in the data, converting certain data counts to percentages or averages as an additional masking step and keeping a log of all data requests to better detect spurious activities.
“Not only did the feedback from Privacy Analytics confirm the effectiveness of our data privacy strategies, but it also helped us advance our privacy strategies even further before making the insights from the data available on Geotab Ignition,” said Branch.
The Future
Ignition’s success sets the stage for new product lines
The Ignition Platform has been used by fleet management firms, academia, consultancies, government agencies and software companies to advance research supporting autonomous vehicles and intelligent transportation.
“As a trusted custodian of their customers’ data, Geotab moved to help ensure customer data is protected and secured,” concluded Collins. “The company’s commitment to data privacy is the reason they came to us for an evaluation.”
The Ignition Platform was recently retired, but its success has helped further position Geotab as a trusted data insights company and has fostered the development of new business lines, including the Intelligent Transportation Systems (ITS) launched in September 2021. ITS is an analytics platform that uses the company’s organically grown transportation datasets to provide governments with actionable, real-world insights they can use to improve global transportation networks.
“Like Geotab’s other solutions and business units, ITS operates with a security first philosophy. Working with Privacy Analytics encouraged us to continue with our commitment to reviewing, advancing and validating our security mechanisms and processes so our systems remain resilient,” said Branch.