Revenue protection, penalty fares and prosecutions

This page explains how Transport for London uses your personal information for the purposes of revenue protection when we contact you about irregular travel, issue a Penalty Fare Notice (PFN) or intend to prosecute you for fare evasion on our services

Personal information we hold

We hold a range of personal information in connection with the various revenue protection activities we undertake. This may include:

  • Postal address, email address, telephone number
  • Date of birth
  • Oyster card number
  • Upon a failed revenue inspection, your payment card's truncated PAN, tokenised PAN, expiry date, issuer, type and whether the card has been registered with TfL
  • Journey history and transaction information (when and where you topped up your balance, purchased a season ticket, or were issued with a refund)
  • Still images captured from CCTV cameras across all TfL modes
  • Incident reports completed by staff that may identify you 
  • Details about revenue inspection and penalty fares issued to you, such as date, location, reason and amount, any appeals submitted and relevant evidence
  • Recordings, transcripts or notes of formal interviews
  • Prosecution case files, including court outcome
  • Enquiries, complaints, or other correspondence to or from you, or about you
  • IP address if associated fraudulent activity has been identified online
  • Proof of identification which may be requested during revenue inspection or at the time of an interview
  • Body Worn Video and audio footage
  • Enquiries, complaints, or other correspondence to or from you, or about you
  • IP address if associated fraudulent activity has been identified online
  • Proof of identification which may be requested during revenue inspection or at the time of an interview
  • Body Worn Video and audio footage

Legal basis for using your information

Under data protection legislation, TfL is only allowed to use personal information if we have a proper reason or 'legal basis' to do so.

In the case of personal data relating to irregular travel, penalty fares and prosecutions, our legal basis relates to our statutory and public functions. These are: to undertake activities to promote and encourage safe, integrated efficient and economic transport facilities and services; and to deliver the Mayor's Transport Strategy.

As fare evasion is a criminal offence, TfL must also comply with Part 3 of the Data Protection Act 2018, where personal information is processed for law enforcement purposes (which includes the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties).

TfL has the power to prosecute for fare evasion under the following legislation:

  • Regulation of Railways Act 1889
  • TfL Railway Byelaws
  • Public Passenger Vehicles Act 1981
  • Public Service Vehicles (Conduct of Drivers, Inspectors, Conductors and Passengers) Regulations 1990  
  • Forgery and Counterfeiting Act 1981  
  • Fraud Act 2006
  • Greater London Authority Act 1999

Sometimes we also need to collect or store information that is defined as 'special category personal data'. In respect of penalty fares and prosecutions, this may consist of:

  • Information about criminal allegations, proceedings or convictions
  • Description of suspected fare evader which may on occasion include descriptions of race, ethnicity or health information, where relevant

As before, there are several legal grounds we rely on when handling this kind of information, depending on the circumstances, which include:

  • Exercising TfL's statutory and public functions  
  • There is a substantial public interest
  • For the establishment, exercise or defence of legal rights
  • For the prevention or detection of crime

Obtaining and using your information

We obtain personal information in a number of different ways, including:

  • Directly from you - for example in the course of issuing you a Penalty Fare Notice, during a formal interview, or via other correspondence
  • From TfL records held about the journey history associated with the Oyster card or contactless payment card you use to travel as well as transaction history
  • From CCTV images captured on our network From Body Worn Video captured by Revenue Inspectors or station staff
  • From TfL accounts you may have opened (such as your Oyster or contactless web account, or photocard application)
  • From credit reference agencies
  • From Bus Operators or Train Operating Companies (TOCs)
  • From publicly available electoral roll data
  • From the police and statutory law enforcement agencies
  • From HM Courts and Tribunal Service

When issuing you a Penalty Fare or submitting a travel irregularity report, we will ask for your name, address and date of birth and verify them against existing penalty fare and prosecution records held by TfL and Train Operating Companies, or publicly available data obtained via electoral register. This is because you are required by law to provide these details to a Revenue Inspector, and we need to ensure the information you have given is correct.

TfL Revenue Inspectors are issued with body worn video cameras and these devices capture audio recordings as well as images. The cameras are clearly visible and are only switched on when a Revenue Inspector is taking enforcement action.

Every time a customer presents an Oyster or contactless payment card at one of our card readers, for example when boarding a bus or entering and exiting a station, we record these aggregated "taps" or "counts" along with information such as the location, date and time, ticket type, mode, and transaction type (e.g., entry).

TfL uses this data, alongside data from revenue inspection devices and gateline data to inform our revenue protection strategy. We analyse journey patterns and transaction history to inform measures to identify patterns of irregular travel and protect TfL against fare evasion and fraudulent transactions.

We may also use the outcome of our analysis to contact registered Oyster and contactless payment card holders directly, with advice to touch in and out at the correct stages of a journey and the consequences of bad practice. Where irregular travel is persistent, we will use your data for further investigation and prosecution purposes.

In the case of investigating persistent fare evasion, we may capture still images from CCTV cameras on the underground or rail network. We match these images with the times an Oyster or contactless payment card has been tapped at the ticket barriers to help us identify and stop individuals we suspect of fare evasion.

In cases where we suspect fraud, we might invite you to attend a formal interview with us. To prevent false representations, we may also ask to see and take a copy of proof of your identity.

If you make a statutory declaration to the Magistrates Court to get a case reopened, the HM Courts and Tribunal Service will inform TfL about this.

Length of time we keep information

TfL's Investigations and Prosecutions function currently retains electronic case records associated with both Penalty Fares and prosecutions for up to seven years, after which they are anonymised.  

In the case of any paper records held in relation to penalty fares, hard copies of case files are shredded immediately in a secure environment after they have been uploaded to the electronic penalty fares database.

In the case of paper prosecution records, hard copy case files are stored securely for a period of 18 months after closure of a court case, before being destroyed in a secure environment.

Information about customers issued with a Penalty Fare or who are prosecuted is kept for several purposes:

  • To allow repeat offenders to be identified when name and address (and previous offender history) checks are carried out by authorised revenue protection staff once a fare evader has been apprehended.
  • During any subsequent prosecution, historic Penalty Fare information may also be presented in the Magistrates Court as evidence of an individual's pattern of previous offending.
  • In some circumstances, an individual prosecuted by TfL can subsequently apply for a Statutory Declaration stating they were unaware of the prosecution case against them. If this is granted, TfL is required to go back and commence the prosecution case again.
  • To pursue or enforce unpaid fines, costs or compensation that may be owed to TfL.
  • To otherwise establish exercise or defence our legal rights

Keeping your information secure

We take privacy and data protection very seriously. We have a range of robust policies, processes, and technical measures in place to control and safeguard access to, and use of, personal information associated with analysing irregular travel, the issue and enforcement of penalty fares and prosecutions.

This includes payment card data which is handled in accordance with the Payment Card Industry Data Security Standard ('PCI DSS').

Anyone with access to personal information held in TfL's systems is required to complete TfL's privacy and data protection training on an annual basis.

Automated processing and profiling

Under data protection legislation we must let you know when we do something 'automatically' using our computers or other systems or make an automated decision (without human intervention) that significantly affects you.

We use automated means to analyse journey data from passengers to look for patterns of irregular travel that could suggest fare evasion. Examples might include travel without sufficient funds, incomplete journeys or journeys that indicate zone avoidance behaviour. We use this data to place Oyster or contactless payment cards on a deny list and automatically generate emails to customers (where they are registered with us) with advice to touch in and out at the correct stages of a journey. You can request to be removed from the email campaign if, for example, your contactless payment card has been stolen and is being used fraudulently.

We may also suspend Oyster cards based on patterns of irregular purchases, or subsequent top ups and disable online Oyster accounts based on online activities.

If consistent irregular travel behaviours are observed, our fraud detection system records details about your travel on an investigation list, such as your incomplete journeys and regular stations and times you enter or exit. We may use this data as the basis for further enforcement action. However, before taking any action to investigate individual passengers, we always involve human intervention and manually review all available evidence.

Sharing personal information

TfL has contracts with several third-party service providers that support the day-to-day operation of our revenue protection activities. Such organisations include:

  • IRCAS, which provides the administrative support and payment processing functions when you make a penalty fare payment.
  • Credit Reference Agencies, which are currently used to verify name and address information you provide to a revenue inspector; to ensure records we hold are accurate for outstanding penalty fares and for debt collection purposes.  
  • Journeycall and Novacroft, who administer our concessionary travel schemes on TfL's behalf

We may also share specific information with other partners where it would support our statutory functions. Any information sharing is managed in accordance with relevant privacy and data protection legislation and supported with formal information sharing agreements, where appropriate. Examples include:

  • Train Operating Companies, with whom we regularly share pseudonymised journey data which can be used for fraud prevention purposes
  • Police and statutory law enforcement agencies for the purpose of preventing or detecting crime or otherwise establishing, exercising, or defending legal rights
  • His Majesty's Courts and Tribunals Service (HMCTS) to provide court papers in advance of a trial for fare evasion; and to assist with the collection of fines issued for fare evasion in the event of non-payment
  • To legal representatives of defendants in accordance with recognised court disclosure rules and Criminal Procedure Rules
  • To the Appeals Service, to verify any information you supply while appealing against a Penalty Fare Notice issued by TfL, so they can fully assess your appeal

Overseas processing

TfL currently process personal information relating to penalty fares and prosecutions within the UK and the European Economic Area. Any such processing is subject to appropriate contractual safeguards and carried out in accordance with the requirements of UK and EU privacy legislation.

Your information rights

If you would like to receive copies of the personal data TfL holds about you in connection with revenue protection or prosecutions, please see our page on how to access your data.

  • You also have several other information rights which include:
  • The right to question any information we have about you that you think is wrong or incomplete
  • The right to object to how we use your information or to ask us to delete or restrict how we use it.
  • In some cases, the right to receive a copy of your information in a format that you can easily re-use
  • The right to complain to the regulator - the Information Commissioner's Office

The TfL Privacy and Data Protection team considers and coordinates responses to requests and complaints from people whose personal data is processed by TfL and its subsidiary companies. You can contact the Data Protection Officer by email at dpo@tfl.gov.uk

Ticketless Travel Surveys

Working with the Verian Group, we conduct Ticketless Travel Surveys on a continuous basis on the London Overground, Elizabeth line, Docklands Light Railway and Bus & Tram networks to measure the overall volume of fraudulent travel and gain insight into the times of day and locations where it is most prevalent. Ticketless Travel Surveys on the London Underground network are conducted in-house by the London Underground.

No personal data is collected or enforcement action taken during the survey. During a survey, the questions asked cover the origin and destination of the journey being made, the ticket type being used, and the reason why a passenger has no ticket (if applicable).

Changes to this page

It is likely that we will need to update this statement from time to time, so check back here regularly to find out more. Your continued use of the site will mean that you accept those revisions. This page was published in September 2024.