Data Protection

Operation of a Ticket Validation Database (eTVD) requires the collection and selective distribution of ticket usage information among the participating Train Operating Companies (TOCs). This sharing of information is essential to prevent fraud and ensure tickets are valid for travel.

As an eTVD operator and service provider, TTK is responsible for the security and protection of the data. This page summarises those responsibilities.

In essence, TTK is the custodian of the data, which belongs to the TOCs.

In order to meet the requirements for inter-operable ticketing, it is necessary to send information pertaining to scanned tickets to 3rd party eTVD systems and Rail Ticket Issuers. The details are defined in a set of standards within the Rail Settlement Plan, published and maintained by the Rail Delivery Group. The information provided on this page is an informal summary only, please refer to the RSP standards, in particular the RSP-5043 standard, for definitive information.

The data shared between TOCs is specified as the minimum amount of information required for the purpose of detecting fraud, and ensuring validity of tickets for travel. Any TOC receiving this data is not expected to use it for any other purpose.

Data received by TTK from 3rd party eTVD systems will not be made available to any other organisation or TOC, except in the form of deny lists sent to validation devices, and in response to specific and appropriate ticket enquiries from participating TOCs and Rail Ticket Issuers. In this way, 3rd party data is of no practical value, beyond that of fraud prevention. This principal should be adopted by all participating eTVD operators and service providers.

Other than the requirement to disseminate information in accordance with the RSP-5043 standard, TTK will not make any data available to any 3rd party, except by prior instruction and agreement of the organisation which owns the data.