The popularity of ride sharing services have brought a flurry of innovative changes to public transit agencies. Such changes include, for example, partnering with private ride sharing services as well as offering smartphone apps for public ride sharing services.1

LA Metro recently released a request for proposals for a new service called "MicroTransit."2 The MicroTransit program is intended to allow riders to hail on demand, and share, a medium-sized vehicle (smaller than a bus but larger than a van) using an app similar to Lyft or Uber.3 The MicroTransit service will by dynamically-routed, meaning that it is not schedule-based or fixed-route-based, and is instead routed based upon real-time ridership needs. LA Metro will offer the MicroTransit service to areas not dense enough to support bus service or that are difficult for bus or rail stops to service. The MicroTransit service is expected to be less expensive than private ride sharing services and to integrate with other LA Metro services.

Other public transit agencies are using ride sharing concepts to comply with the Americans with Disabilities Act's requirements for paratransit or demand-response services for persons with limited mobility.4 For example, the Massachusetts Bay Transportation Authority (MBTA) and Lyft have developed a pilot program to support the MBTA's paratransit services.5 The pilot program is intended to allow eligible riders to request paratransit rides in real time instead of days in advance.

Numerous considerations come into play when creating relationships between public and private entities. One area of particular interest is the potential exposure associated with data collected and used to support ride sharing services. Depending on the structure of the relationship among the transit agency, the private entity, and customers, transit agencies could have access to financial information and other personal information to which it may not otherwise have access. If this is the case, then transit agencies should take steps to better ensure that they are maintaining the privacy and security of any collected data. For example, transit agencies may be required by law to explain to customers how their information is collected and used, including any downstream commercialization.

In light of such issues, transit agencies should review, revise, and/or draft a privacy policy that clearly explains to users how collected data will be used. Applicable law may require transit agencies to take special precautions to secure such data, and may also require transit agencies to provide notice to users if there is a data breach. Transit agencies should review, revise, and/or draft their best practices relating to the security of data, including a written information security policy, document retention policy, and incident response plan. Moreover, transit agencies should ensure that they are responding in accordance with applicable local, state, and, federal laws when receiving court-ordered requests for cell phone tracking data from local, state and federal police.