Data Protection and Privacy Management Guidelines for Airports

Airports are collecting, processing, and using large amounts of data from airport users, including personal identification, medical records (e.g., COVID-19 related), and biometric information. The methods used by airports for these activities are evolving.  Airports need to comply with an increasing number of data protection and privacy regulations. An initial review of the websites of several large U.S. airports suggests that few provide any information concerning data privacy. Research is needed to understand current practices, provide guidance for fostering awareness of compliance requirements, and help airports incorporate data privacy management into their operational and business activities.  The objectives of this research are to develop guidelines to help airports of all types and sizes to: (a) identify customer data that is subject to protection; (b) implement compliant data protection management practices, policies, and systems; and (c) develop trust and accountability around data privacy practices for their individual customers. For the purpose of this study: (1) Customer data includes, but is not limited to, personal identifiable information (PII) (e.g., medical, biometric, credit card, license plate information); (2)  Compliance requirements and cybersecurity considerations should reference documents noted in Special Note A; and (3)  Trust includes instilling confidence in the airport’s uses and protections of customer data (e.g., published disclosure statements, transparency and associated customer communication). The guidelines should address the following considerations, but be not limited to:   (1) Retention and destruction policies and standards; (2) Compliance with Americans with  Disabilities Act (ADA); (3) Parking data/ license plate recognition (LPR); (4) Data regarding customer behaviors and touchpoints and the use of such data;  (5) Current practices for managing data protection including contractual language for tenants and vendors; (6) Current practices for customer outreach and communications on data protection and disclosure; (7) Employee and tenant education of data protection and privacy;  and (8) Common use airport Information Technology (IT) infrastructure.


  • English


  • Status: Active
  • Funding: $350000
  • Contract Numbers:

    Project 01-50

  • Sponsor Organizations:

    Airport Cooperative Research Program

    Transportation Research Board
    500 Fifth Street, NW
    Washington, DC    20001

    Federal Aviation Administration

    800 Independence Avenue, SW
    Washington, DC  United States  20591
  • Project Managers:

    Schatz, Theresia

  • Performing Organizations:

    Del Ray Solutions LLC

    Alexandria, VA  United States 
  • Principal Investigators:

    Cusson, Sean

  • Start Date: 20220419
  • Expected Completion Date: 20231018
  • Actual Completion Date: 0

Subject/Index Terms

Filing Info

  • Accession Number: 01779167
  • Record Type: Research project
  • Source Agency: Transportation Research Board
  • Contract Numbers: Project 01-50
  • Files: TRB, RIP
  • Created Date: Aug 17 2021 10:39PM