At every step of the flight process, airlines receive a wealth of data about each passenger who boards the flight, from basic identifying information such as name, gender and age to the email one uses to log in to Wi-Fi. during the flight and the passport number for international flights.
As this opens the risk of data breaches and misuse by bad actors, the US Department of Justice (DOJ) announced that it will conduct its first large-scale review of how the country's airlines collect and They store data.
Related: These Airports Officially Have the Worst Wi-Fi
The review, which will take place over the next few months, will be conducted by the DOT's Office of Aviation Consumer Protection (OACP), which will examine the “big three” U.S. airlines. (UAL) Delta Airlines (give it) and American airlines (AAL) along with budget airlines like Spirit Airlines (SAVE) Border (FORWARD) JetBlue Airways (BLUE) and Loyal Air.
'Ensure airlines are good stewards of sensitive passenger data…'
“Airline passengers should have confidence that their personal information is not inappropriately shared with third parties or mishandled by employees.” This was announced by Transportation Secretary Pete Buttigieg in a statement. “This review of airline practices is the beginning of a new DOT initiative to ensure that airlines are good stewards of sensitive passenger data.”
More trips:
- A new travel term is taking over the internet (and reaching airlines and hotels)
- 10 Best Airline stocks to Buy Now
- Airlines see a new type of traveler at the front of the plane
Every U.S.-based commercial carrier has already received a letter from the DOT requesting documents showing its policies and procedures for collecting passenger data, any complaints from passengers that employees or contractors mishandled personal information, and documents about Privacy training for your staff.
The initiative was pushed by Sen. Ron Wyden (D-Ore.), who said that travelers “often never know that their personal data was misused or sold to shady data brokers” and that “effective privacy regulation will not “may depend on consumer complaints to identify corporate abuses.”
Senator Wyden: DOT needs accountability for those 'responsible for harmful or negligent privacy practices'
“I will continue to work with the DOT to ensure it holds airlines accountable for harmful or negligent privacy practices,” Wyden said.
The DOT, in turn, said that any “evidence of problematic practices” will inform how action should be “taken, which could mean investigations, enforcement actions, guidance or rulemaking.” The review is not intended to single out certain airlines or specifically find wrongdoing, but rather to initiate what it plans to be “regular reviews of airline privacy practices to ensure that companies adequately protect consumers' personal information and comply with the law.”
In many cases, breaches are due to the airline failing to take adequate measures to ensure that customer data it collects for genuine purposes does not fall into the hands of hackers and other malicious actors.
One of the most notorious data breaches in the aviation world occurred when, in June 2023, hackers stole emails, passwords and other personal information from more than 8,000 job seekers applying to be pilots at American Airlines and Southwest Airlines (LUV) .
The research is among a series of changes to consumer data that the Biden administration has been trying to push through for both airlines and businesses in general; Some proposals include a change to the COPPA rule that would introduce stricter rules for both data collection and monetization. of children under 18 years of age.
