• Who We Are
• For Travelers
• What We Do
• Join Us
• Our Approach
• Media Room
• Research Center

---

• What We Do
• Law Enforcement
• Layers of Security
• Air Cargo
• Alien Flight Student Program
• Employee Screening
• HAZMAT Endorsement Threat Assessment Program
• PortSTEP
• Rail Security
• Screening Passengers by Observation Techniques
• Secure Automobile Inspection Lanes
• Secure Flight
• Transportation Worker Identification Credential Program
• Travel Document Checker
• Screening Partnership Program
• Security Screening
• Transportation Sector Network Management

Privacy Protection

Secure Flight Program

Secure Flight ensures the privacy of individuals while protecting our transportation system, supporting aviation and national security and facilitating travel. We do this by adhering to the letter and spirit of privacy law, by treating individuals and their personal privacy information with respect, ensuring a high standard of privacy protection and responding effectively to public concerns.

The Secure Flight Privacy Program integrates administrative, technical, and physical security safeguards to ensure that limitations are placed on the collection of personally identifiable information (PII). TSA will collect the minimum amount of personal information necessary to conduct effective watch list matching. TSA will not collect or use commercial data to conduct Secure Flight watch list matching.

Personal data will be collected, used, distributed, stored, and disposed of in accordance with stringent guidelines and all applicable privacy laws and regulations. Secure Flight has published a Privacy Impact Assessment (PIA) and System of Records Notice (SORN) prior to program implementation to provide detailed information about the program's privacy approach.

TSA’s Secure Flight Exemption Rule was published November 9, 2007, in the Federal Register. The Exemption Rule provides the public notice of TSA’s decisions to exempt the Secure Flight Records system (DHS/TSA 019) from several provisions of the Privacy Act of 1974, as well as the basis for the claimed exemptions. Additionally, the Exemption Rule provides a comprehensive response to public comments received for the Secure Flight Notice of Proposed Rule Making (NPRM) for Privacy Act Exemptions.

The Secure Flight Privacy Program includes:

1. Foundational Privacy Principles: Tenets that underpin and guide all Secure Flight behaviors, requirements, systems and processes;
2. Privacy Organization: People and processes responsible for privacy compliance, assessing Secure Flight privacy risks and for developing and implementing plans to effectively manage those risks;
3. Privacy Policy: Secure Flight privacy policies, procedures, standards and rules of behavior and ways to adhere to them;
4. Systems Development and Security: Administrative, physical and technical safeguards that manage privacy risks in the development, implementation and operation of the Secure Flight system;
5. Awareness and Training: Programs to make the Secure Flight organization and its stakeholders, including the traveling public and the airlines, aware of Secure Flight's privacy posture and practices;
6. Monitoring and Compliance: Programs to monitor adherence to statutory and regulatory privacy requirements and Secure Flight's privacy principles, policies, procedures, standards and rules of behavior;
7. Redress and Response: Systems and processes to respond, if needed, to privacy inquiries, issues and incidents; and
8. Privacy Risk Management: Tools and techniques to support Secure Flight privacy risk management.