General Information

Cases/Enablers
OOP Case
Appetizer
Tallinn Public Transport Ticket System is used to sell tickets, to have a look at possible discounts, or check the validity of the ticket.
Short summary
Ticket system used to:
• sell tickets
• manage travel discounts
• check the validity of ticket
• determine the travel demand and optimise route network (non-personal data)
• balance inter-municipal revenue and expenditure
Focus
Citizens
Start date
Domain
Mobility
Scope
Cross-border International
Country
Estonia
Nature and status of project
Rolled Out
Is the OOP case/enabler mandatory?
Opt-in
Additional remarks
cross-border/municipal: Tallinn-Helsinki

ENABLING ASSETS OR COMPONENTS

Political commitment
Tallinn City Council Regulation No. 43 09.12.2004, https://oigusaktid.tallinn.ee/?id=3001&aktid=98828&fd=1&leht=1&q_sort=elex_akt.akt_vkp
--------
Interoperability of the State Information System. Endorsed with the Directive of the Minister of Economic Affairs and Communications 11-0377, 22.12.2011, https://www.mkm.ee/sites/default/files/interoperability-framework_2011.doc
Socio-cultural influence factors
Secure data exchange layer X-Road (https://www.ria.ee/en/x-road.html) is used for gathering data from different registers. X-Road is a technological and organizational environment enabling a secure Internet-based data exchange between information systems. All registers and Statistics Estonia must be a member of X-Road

Information regarding the X-Road members and the services they provide is available via the Administration System for the State Information System (RIHA). RIHA (https://www.ria.ee/en/administration-system-of-the-state-information-system.html ) serves as a catalogue for the state’s information system. At the same time RIHA is a procedural and administrative environment via which the comprehensive and balanced development of the state’s information system has ensured. RIHA guarantees the transparency of the administration of the state’s information system and helps to plan the state’s information management.

PKI or the public key infrastructure (https://www.ria.ee/en/public-key-infrastructure.html ) enables secure digital authentication and signing. The infrastructure also allows forwarding data by using an encrypting key pair: a public encryption key and a private decryption key. In Estonia, this technology is used in relation with electronic identity (ID card, mobile ID, digital ID). All members of X-Road are using Digital seal certificates for signing messages. Citizens and officials are using electronic identity tokens.

All participants must be implemented three-level IT baseline security system ISKE (https://www.ria.ee/en/iske-en.html). The goal of implementing ISKE is to ensure a security level sufficient for the data processed in IT systems. The necessary security level achieved by implementing the standard organisational, infrastructural/physical and technical security measures.

DATA HANDLING / DATA EXCHANGE

Type of data sharing
Actual data
Data handler
Stakeholder name
Ticket system
Stakeholder category
Government
Stakeholder Role
Data provider
Stakeholder name
Citizens
Stakeholder category
Citizen
Stakeholder Role
Data consumer
Stakeholder name
Population register (RR). (Ministry of the Interior)
Stakeholder category
Government
Stakeholder name
Register of Residence and Work Permits (ETR). (Ministry of the Interior)
Stakeholder category
Government
Stakeholder Role
Data provider
Stakeholder name
Social Security Information System (SKAIS). (Ministry of Social Affairs)
Stakeholder category
Government
Stakeholder Role
Data provider
Stakeholder name
Estonian Education Information System (EHIS). (Ministry of Education and Research)
Stakeholder category
Government
Stakeholder Role
Data provider
Stakeholder name
National public transport register (Ütris). (Ministry of Economic Affairs and Communications)
Stakeholder category
Government
Stakeholder Role
Data provider
Stakeholder name
National pension insurance register (PIKAS). (Social Insurance Board)
Stakeholder category
Government
Stakeholder Role
Data provider
Stakeholder name
Public Administrations (Local Municipalities)
Stakeholder category
Government
Stakeholder Role
Data consumer
Stakeholder name
Business register
Stakeholder category
Government
Stakeholder Role
Data provider
Architecture
Translation of terms in Figure from Estonian into English:
• Välised registrid - external registers
• RR, SKAIS, EHIS, ÜTRIS, PIKAS – names of registers
• X-tee – X-road
• Soodustused- discounts
• Piletid – tickets
• Liinid - lines
• Sõidukaardid – travel cards
• Sündmused – events
Image upload
Lessons learned
Enabler 1. Secure data exchange layer for confidential and legally binding data needed. In case of Estonia the X-Road is used

Enabler 2. The unique personal identification code provide opportunity to merge personal data from different registers.

Enabler 5. Master data in registers must described in catalogue RIHA properly.

Enabler 3. Three-level IT baseline security system ISKE

Barrier 1. The system is handling personal data (name, address, personal code, address, basis of discount, travel events, etc). The secure processing (data hashing) needed. Restrictions for data processing and archiving needed. Bases of discounts is hided for ticket inspector.