American Airlines Revealed Passenger Data
Contractor Gave Information Gathered for TSA to Private Security Companies, Carrier Discloses
By Sara Kehaulani Goo
Washington Post Staff Writer
Saturday, April 10, 2004; Page D12
American Airlines revealed yesterday that it authorized the release of 1.2 million records containing private passenger data to the government and that the information wound up in the hands of four companies competing for a federal security contract.
The disclosure, which was the third time a U.S. airline admitted sharing private customer information, prompted the Department of Homeland Security to launch an investigation into possible government privacy violations.
Nuala O'Connor Kelly, the department's chief privacy officer, said she would look into whether government employees at the Transportation Security Administration violated internal procedures or the federal Privacy Act.
American's acknowledgment comes after JetBlue Airways and Northwest Airlines admitted sharing private records of names, travel itineraries, telephone numbers and credit card numbers to assist the government with separate aviation security projects. JetBlue and Northwest face several class action lawsuits from passengers who claim the airlines did not properly disclose how their personal information was being used.
American spokesman John Hotard said the airline discovered the data breach only recently after conducting an internal review into its data sharing practices. The review was prompted by JetBlue's and Northwest's acknowledgement of their own data sharing incidents.
American did not say yesterday whether it may have violated any laws or its own policies in the transaction, which occurred in June 2002, but it said that it would not share information again.
"We felt for our passengers and crew it was the right thing to do at that time" because the data request came shortly after the Sept. 11, 2001, terrorist attacks, Hotard said. He said the company's policy on how it uses the information it collects from passengers is more restrictive now than it was at the time of the incident. "We wouldn't do it today unless ordered to do so by the government," he said.
The TSA requested that American provide the agency with passenger records for a security project, and American authorized Airline Automation Inc. to comply. But instead the contractor gave the records to four companies competing to win a security contract with the agency: HNC Software, Infoglide Software, Ascent Technology and Lockheed Martin. David Coburn, a lawyer for Airline Automation, said the company turned over the passenger records to the companies as the TSA required, and that the companies signed non-disclosure agreements.
The TSA said in a written statement that it "is in the process of gathering all of the relevant information regarding this situation."
It's unclear what legal action or other fallout American could face, but several privacy advocates said they would not be surprised if the airline is confronted by lawsuits similar to those filed against JetBlue and Northwest.
JetBlue, which apologized to customers after acknowledging in September 2003 that it shared 5 million records with an Army contractor, faces a Federal Trade Commission complaint for unfair and deceptive trade practices. Several TSA employees were required to undergo training on privacy laws by Homeland Security's O'Connor Kelly after her office conducted a review of that incident in February.
Yesterday, O'Connor Kelly said she was not aware of American's data until yesterday. "We have heard allegations that there were other allegations out there but we didn't receive any specific evidence" about American, she said.
© 2004 The Washington Post Company
Airlines Confirm Giving Passenger Data to FBI After 9/11 (The Washington Post, May 2, 2004)
Europeans Seek Court Review of Data-Sharing Plan (The Washington Post, Apr 22, 2004)
Data-Sharing Fails European Vote (The Washington Post, Apr 1, 2004)
TSA Helped JetBlue Share Data, Report Says (The Washington Post, Feb 21, 2004)
Report Faults TSA on Privacy (The Washington Post, Feb 13, 2004)
Airline Surveillance Office Director Resigns (The Washington Post, Feb 10, 2004)
Clark, the Four-Star Businessman (The Washington Post, Jan 29, 2004)
Airlines Hustling On Data Disclosure (The Washington Post, Jan 24, 2004)
Northwest Airlines Faces Privacy Suits (The Washington Post, Jan 22, 2004)
Northwest Gave U.S. Data on Passengers (The Washington Post, Jan 18, 2004)
U.S. to Push Airlines for Passenger Records (The Washington Post, Jan 12, 2004)
TSA May Try to Force Airlines to Share Data (The Washington Post, Sep 27, 2003)
Plan to Screen Air Travelers Hits Bump (The Washington Post, Sep 24, 2003)
JetBlue Apologizes for Use of Passenger Records (The Washington Post, Sep 20, 2003)