Jerry Buttimer (Cork South Central, Fine Gael)
Link to this: Individually | In context

Question 1030: To ask the Minister for Transport, Tourism and Sport the bodies that have access to information regarding journeys of persons using the Leap card; the length of time such information is retained; if this information is available to the gardaí or security forces without the necessity of obtaining a warrant; if personal information obtained from persons using the Leap card is used and sold for commercial purposes; and if he will make a statement on the matter. [1061/12]

Leo Varadkar (Dublin West, Fine Gael)
Link to this: Individually | In context

Responsibility to develop, procure, implement, operate and maintain the integrated ticketing system in the Greater Dublin Area (GDA) became the function of the National Transport Authority (NTA) with effect from 30th September 2010 in accordance with section 58 of the DTA Act 2008.

I understand from the NTA that the Authority fully respects the right to privacy of Leap Card holders, and does not collect any personal information about cardholders without their clear permission. Any personal information which is received by the Authority is treated strictly in accordance with the Data Protection Acts 1988 and 2003. Any personal data is only held for the length of time necessary for the operation of the Leap Card scheme and the data that is retained is the minimum necessary for the purposes disclosed to the cardholder.

The Leap Card scheme does not collect information that will enable the tracking of the movements of any individual. The Scheme will only record the fact that a transaction record originated from a specific transport operator, along with the date and an approximate time; it does not record or retain the name or location of the departure or arrival locations be they stations or bus stops.

At no time will information provided by cardholders be disclosed to any third parties (other than as set out in the Leap Card Terms and Conditions) unless in accordance with the law. Disclosure of personal data to An Garda Síochána is only permitted in certain limited circumstances as set out in the Data Protection Acts 1988 and 2003. These include where disclosure is necessary to prevent injury or damage to the health of an individual, where such disclosure is required by law or where disclosure is made to the Gardaí in relation to a criminal investigation.