American Airlines is the latest U.S. airline to reveal that it violated its customers’ privacy by disclosing passenger records—1.2 million of them—to the federal government. Moreover, the passenger records were passed to four private companies competing for a government security contract.
The third time was apparently the charm that prompted the Department of Homeland Security to “launch an investigation into possible government privacy violations,” according to Sara Kehaulani Goo’s account in today’s Washington Post.
JetBlue Airways provided similar customer records in September 2003. In January 2004, Northwest Airlines acknowledged that it, too, had disclosed customer data, after steadfastly maintaining for months that it “did not provide that type of information to anyone.” And now American Airlines acknowledges that it passed confidential customer information—including names, telephone numbers, credit card numbers, and itineraries—to the Transportation Security Administration in June 2002.
Goo quotes American Airlines spokesman John Hotard and outlines how the customer data wound up in the hands of four private companies:
“‘We felt for our passengers and crew it was the right thing to do at that time’ because the data request came shortly after the Sept. 11, 2001, terrorist attacks, Hotard said. He said the company’s policy on how it uses the information it collects from passengers is more restrictive now than it was at the time of the incident. ‘We wouldn’t do it today unless ordered to do so by the government,’ he said.”
“The TSA requested that American provide the agency with passenger records for a security project, and American authorized Airline Automation Inc. to comply. But instead the contractor gave the records to four companies competing to win a security contract with the agency: HNC Software, Infoglide Software, Ascent Technology and Lockheed Martin. David Coburn, a lawyer for Airline Automation, said the company turned over the passenger records to the companies as the TSA required, and that the companies signed non-disclosure agreements.”
The question is obvious, but I’ll ask it anyway: What makes them think a non-disclosure agreement holds any more water than a privacy policy?
JetBlue and Northwest are both facing class action lawsuits from customers. Separately, both JetBlue and Northwest are facing complaints alleging unfair and deceptive trade practices filed by the Electronic Privacy Information Center (EPIC). JetBlue has at least apologized to its customers; Northwest continues to maintain it did not violate its own privacy policy. To date, the only action or policy change resulting from any of this is that “several TSA employees were required to undergo training on privacy laws by Homeland Security’s [chief privacy officer],” according to Goo’s report. Privacy sensitivity training, as it were.
Most disturbing is a hint that there are more customer privacy invasions by airlines yet to be disclosed:
“Yesterday, [Homeland Security’s chief privacy officer] said she was not aware of American’s data until yesterday. ‘We have heard allegations that there were other allegations out there but we didn’t receive any specific evidence’ about American, she said.”
0 responses. Comments closed for this article.