TPEP Security

Proposed Rules: Closed to Comments

Agency:
Comment By: 
Thursday, February 21, 2013
Download Copy of Proposed Rule (.pdf): 

 

 

Statement of Basis and Purpose of Rule

 

 

On December 13, 2012, the TLC promulgated rules for the Authorization of TPEP Providers, which contained requirements that TPEP Providers must meet in order to be authorized to sell, lease, make available for use, install, service, and repair TPEP Systems in Taxicabs. These proposed rules establish the information security standards that said TPEP Systems must meet in order to be approved by the Commission for sale, lease, or use in Taxicabs.

 

The proposed rules require that the TPEP Data collected, transmitted, processed, maintained and stored by all TPEP Providers and their employees, agents and subcontractors must be safeguarded to provide:

 

  1. a secure medium for the TPEP Data and TPEP system components,
  1. protection of personal information of the TPEP Provider and subcontractor employees, and
  1. protection of personal information of members of the riding public who pay by credit, debit or prepaid card.

 

The proposed rules require that the TPEP Provider:

 

  • Establishes policies for information security, authentication, remote access, anti-virus security, application development security, digital media re-use and disposal, encryption, passwords, user responsibilities, and vulnerability management;

 

  • Complies with copyrights and develops appropriate controls and procedures to protect the Database Management Systems;

 

  • Limits access to TPEP Data, by providing safeguards such as firewalls and fraud prevention;

 

  • Maintains the confidentiality of personal information; and

 

  • Develops controls for network management and procedures for security incident management.

 

The Commission’s authority for this rules change is found in section 2303 of the New York City

Charter and section 19-503 of the New York City Administrative Code.

 

 

Public Hearing
Subject: 

The Taxi and Limousine Commission is considering changing its rules. The change would create a new chapter, Chapter 76, setting forth Information Security Standards for Authorized Taxicab Technology System (“TPEP”)1 Service Providers.

Contact: 

Taxi and Limousine Commission, Office of Legal Affairs, 33 Beaver Street – 22nd Floor, New York, New York 10004

Location: 
33 Beaver Street, Commission hearing room, 19th Floor
New York, NY 10004