Data Protection and Privacy Management Guidelines for Airports
Airports are collecting, processing, and using large amounts of data from airport users, including personal identification, medical records (e.g., COVID-19 related), and biometric information. The methods used by airports for these activities are evolving. Airports need to comply with an increasing number of data protection and privacy regulations. An initial review of the websites of several large U.S. airports suggests that few provide any information concerning data privacy. Research is needed to understand current practices, provide guidance for fostering awareness of compliance requirements, and help airports incorporate data privacy management into their operational and business activities. The objectives of this research are to develop guidelines to help airports of all types and sizes to: (a) identify customer data that is subject to protection; (b) implement compliant data protection management practices, policies, and systems; and (c) develop trust and accountability around data privacy practices for their individual customers. For the purpose of this study: (1) Customer data includes, but is not limited to, personal identifiable information (PII) (e.g., medical, biometric, credit card, license plate information); (2) Compliance requirements and cybersecurity considerations should reference documents noted in Special Note A; and (3) Trust includes instilling confidence in the airport’s uses and protections of customer data (e.g., published disclosure statements, transparency and associated customer communication). The guidelines should address the following considerations, but be not limited to: (1) Retention and destruction policies and standards; (2) Compliance with Americans with Disabilities Act (ADA); (3) Parking data/ license plate recognition (LPR); (4) Data regarding customer behaviors and touchpoints and the use of such data; (5) Current practices for managing data protection including contractual language for tenants and vendors; (6) Current practices for customer outreach and communications on data protection and disclosure; (7) Employee and tenant education of data protection and privacy; and (8) Common use airport Information Technology (IT) infrastructure.
Language
- English
Project
- Status: Active
- Funding: $350000
-
Contract Numbers:
Project 01-50
-
Sponsor Organizations:
Airport Cooperative Research Program
Transportation Research Board
500 Fifth Street, NW
Washington, DC 20001Federal Aviation Administration
800 Independence Avenue, SW
Washington, DC United States 20591 -
Project Managers:
Schatz, Theresia
- Performing Organizations: Alexandria, VA United States
-
Principal Investigators:
Cusson, Sean
- Start Date: 20220419
- Expected Completion Date: 20231018
- Actual Completion Date: 0
Subject/Index Terms
- TRT Terms: Airports; Compliance; Customers; Data management; Data privacy; Guidelines
- Subject Areas: Administration and Management; Aviation; Data and Information Technology; Planning and Forecasting; Security and Emergencies; Terminals and Facilities;
Filing Info
- Accession Number: 01779167
- Record Type: Research project
- Source Agency: Transportation Research Board
- Contract Numbers: Project 01-50
- Files: TRB, RIP
- Created Date: Aug 17 2021 10:39PM