The client developed a service which uses the location and speed of their users to calculate where traffic jams are. With this information the service determines the best route to follow based on the collected data. Data is collective and is being provided by all users of the service. The more data the service collects, the more accurate predictions for users become.
The client’s service collects individuals data, which can be perceived as private. The client wanted to assure individuals that the data that is being collected cannot be reconstructed towards individuals whereabouts, and thus doesn’t harm the privacy.
Deloitte performed an independent review on the system regarding design and implementation. A review was performed into the design of the entire system: software in the devices, back-end processing facilities and storage were in scope. Key objective of the project was to verify the correct application of cryptography tooling.
Deloitte made recommendations to guarantee that the client was truly unable to reconstruct an individual’s whereabouts. Based on these recommendations, the client changed the way trips are logged and subsequently stored in the database. After these changes were implemented before product launch, Deloitte provided a statement for PR use by the client that the sent, processed and stored data cannot reasonably be used to identify and track individual persons.