TSA Secure Flight Privacy Plan
(Taken from www.tsa.gov/stakeholders/secure-flight-program)
Ensuring the privacy of individuals is a cornerstone of Secure Flight. TSA has developed a comprehensive privacy plan to incorporate privacy laws and practices
into all areas of Secure Flight. The program has worked extensively to maximize individual privacy.
In addition to assuring compliance and re-enforcing the Secure Flight commitment to protecting privacy, Secure Flight has created an environment dedicated to guaranteeing a Secure Flight privacy mission that is front and center every day.
The Secure Flight Privacy Program includes:
- Foundational Privacy Principles: Tenets that underpin and guide all Secure Flight behaviors, requirements, systems and processes;
- Privacy Organization: Dedicated Privacy Officer and privacy staff, processes and procedures responsible for privacy compliance, assessing
Secure Flight privacy risks and for developing and implementing plans to effectively manage those risks;
- Systems Development and Security: Administrative, physical and technical safeguards that manage privacy risks throughout the lifecycle
of the Secure Flight system;
- Awareness and Training: Programs to make the Secure Flight organization and its stakeholders, including the traveling public and the airlines, aware
of Secure Flight's privacy posture and practices;
- Monitoring and Compliance: Programs to monitor adherence to statutory and regulatory privacy requirements and Secure Flight's privacy
principles, policies, procedures, standards and rules of behavior;
- Redress and Response: Systems and processes to respond, if needed, to privacy inquiries, issues and incidents; and
- Privacy Risk Management: Tools and techniques to support Secure Flight privacy risk management
- Personal Information: TSA collects the minimum amount of personal information necessary to conduct effective watch list matching.
Furthermore, personal data is collected, used, distributed, stored, and disposed of in accordance with stringent guidelines and all applicable
privacy laws and regulations. Secure Flight has published an updated Privacy Impact Assessment (PIA) in conjunction with the Final Rule and System
of Records Notice (SORN) published in the Federal Register, August 23, 2007 provide detailed information about the program's privacy approach.
TSA does not collect or use commercial data to conduct Secure Flight watch list matching. TSA's Secure Flight Exemption Rule was published November
9, 2007, in the Federal Register. The Exemption Rule provides the public notice of TSA's
decision to exempt the Secure Flight Records system (DHS/TSA 019) from several provisions of the Privacy Act of 1974, as well as the basis for the claimed exemptions. Additionally, the Exemption Rule provides a comprehensive response to public comments received for the Secure Flight Notice of Proposed Rule Making for Privacy Act Exemptions.