Passenger database violated law and privacy: auditors


Sun, Jul 24, 2005 - Page 7

The Transportation Security Administration violated the federal Privacy Act by creating a database of aviation passenger records that merged airline records with commercial data in an improper way, government auditors said Friday.

The violation did not result in the inappropriate public release of personal data or wrongly prevent anyone from boarding a plane, the report by the Government Accountability Office said.

But it still violated the law, the report said, because the database included biographical information on 43,000 passengers from private companies, contrary to the agency's promise not to collect and store commercial data. The database was used to test a new aviation screening system known as Secure Flight that it due to be introduced by early next year.

After being questioned about the practice, the agency issued a revised Privacy Act declaration to make public the way it uses the data in testing Secure Flight. Such explicit disclosures are required by the 1974 privacy law, which was passed to prevent the government from secretly setting up electronic databases on the public.

Secure Flight, as planned, should enhance the government's ability to find terrorists while reducing the frequency that passengers are delayed simply because a name happens to be similar to that of a terror suspect on the watch list. The commercial data was used to see if it might help reduce such mismatches.

Security agency officials did not dispute the report's findings, but some in Congress called them a disappointment because they followed an earlier similar privacy violation in which airlines turned over passenger data to government contractors.