|  |
Clear, part of Registered Traveler, is owned and operated by Verified Identity Pass Inc. (Verified ID), a privately held company. Verified ID's prime contractor is Lockheed Martin Corporation. This program is operated at the Orlando International Airport in accordance with standards set and oversight conducted by the U.S. Government's Transportation Security Administration (TSA), a division of the Department of Homeland Security.
Verified ID and the Greater Orlando Aviation Authority explain here in detail how we protect the privacy, confidentiality, Member access and data security rights of Clear Applicants and Members.
If, after reading this Explanation, you should have questions or want further information, please click here to
email our Chief Privacy Officer.
1. WHAT INFORMATION WE COLLECT AND HOW WE USE IT
A. We ask Applicants to provide basic volunteered information - established by the US Government's Transportation Security Administration (TSA) for Membership in this Program -- to identify themselves and start the enrollment process (including information submitted online prior to enrollment). The requested biographic data includes full name, address, and date of birth.
Pursuant to the Privacy Act of 1973, applicants are not required to provide Social Security numbers. However, the absence of this data may delay or prevent the completion of the security assessment, without which the applicant may not be permitted to participate in this program. We urge you to supply the number, and we promise to take extra precautions to protect it. As an extra precaution, your Social Security number is stored in a separate facility from your biographic information that is needed for customer service issues. We have also used an extra layer of encryption to ensure the protection of your Social Security number.
The Applicant is assigned an enrollment number. This information produces an initial enrollment application. We then ask Applicants to appear in person with two forms of government-issued identification (one of which must contain a photo) - such as a passport or driver's license. We carefully examine these documents for authenticity using the latest document inspection technology to detect tampering or counterfeiting. So that we have a complete record of your application, we store in a separate, secure database the biographical information and an image of the documents you submit to enroll.
In addition to information to be transmitted to TSA, we collect an applicant's credit card information. This data is collected solely for Clear operator's use, it is not transmitted to or shared with TSA, and TSA does not require its collection.
B. Following successful initial identity verification, we take a digital photo and digital images of all of the Applicant's fingerprints and his or her irises and store these images in a Member's record in our database. We also create and store a template, or mathematical representation, of the finger and iris images, to create a unique biometric ID of the Member.
C. An Applicant's name and biometrics and other biographical information from the application process is then submitted to the TSA as required. The TSA makes the necessary security threat assessment that will determine if the Applicant is cleared for Membership in the program. TSA makes this Threat Assessment using a variety of terrorist threat-related databases. TSA does not transmit to Verified ID or to the airport any information about the Applicant or any reasons for its decisions. TSA tells us only that the Applicant, having gone through the TSA Threat Assessment process, has received either an "Approved Security Threat Assessment" or has received a "Not Approved Security Threat Assessment." The TSA's policy is that, during the current Orlando pilot, its decisions regarding the results of the Threat Assessments will not be appealable by the Applicant due to this program being a pilot. By applying to the program, an Applicant is agreeing to this condition. See the TSA Privacy Act Notice provided during enrollment and included at the end of this document. An Applicant becomes a Member of Clear upon receiving this approval by TSA.
D. TSA will conduct continuous security reviews of Clear®
Members, which assure that Members continue to have cleared status. Verified ID does not receive the contents of any such reviews; it is informed by TSA only that the Member has received approval for continued Clear Membership or has not received approval for continued Clear Membership.
E. If a Member's security review is not approved, within three business days after Verified ID receives notice from TSA, Verified ID will notify the Member that his or her Clear Card and Membership is no longer valid. Verified ID will provide the Member with a pro-rata refund.
2. WHAT WE DO NOT COLLECT
The Clear system cannot produce any reconstruction of how the Member uses the Clear Card. Put simply, the system cannot track your movements.
When your Clear Card is presented at the ClearLane kiosk, you are also asked to present your biometric- your fingerprint or your iris image- at the kiosk to make sure it matches the biometric embedded in the Card. This is our way of making sure that the Card actually belongs to you. Then, the unique identifying number embedded in the Card is checked against the Clear database. If approval is granted, the Clear Member's entry is authorized. For purposes of real-time maintenance and customer support (e.g., if your card doesn't work, we need to be able to run tests to understand why), we will maintain "log files" of entrances to local venues. However, we keep such records only at that location: we purge these records automatically every 24-48 hours: and we have designed our network so that neither Verified ID nor its subcontractors, including Lockheed Martin Corporation, can track and record Members' activities from location to location. In fact, through the issuance of two separate numbers-the Unique Identifier to verify continued authorization from TSA and a Personal Identification Number to track customer inquiries - Verified ID has developed a system that addresses customer service inquiries and system maintenance needs while still ensuring the privacy of our Members.
3. INFORMATION SECURITY
Verified ID and its subcontractors, pursuant to legal agreements, have a comprehensive information security program to ensure the privacy of Clear Applicants and Members as well as the integrity of our systems. We apply ID's and passwords to insure that access to systems and data is only on a need-to-know basis. We use encryption (a strong data coding process) for all program sensitive data communications. We apply firewalls to guard against outside intruders. We conduct periodic data security audits to check that the rules are being followed. We have a continuous update process for Anti Virus protection and implement Operating Systems Security updates for our network infrastructure.
4. CONFIDENTIALITY
All Members' records in the Clear system, whether in hard copy or in computer systems, are designated as CONFIDENTIAL. Each Verified ID employee, and the employees of its subcontractors handling this information, must pass a background investigation. Once employed, they can examine Clear Member records only on a need-to-know basis to provide the service authorized. All employees of Verified ID and its subcontractors, including Lockheed Martin, receive Privacy and Fair Information Practices training when they are hired and again if the Policy is changed. Each employee of Verified ID and its subcontractors signs a Confidentiality Pledge promising to adhere scrupulously to Verified ID's privacy rules and security procedures, with discipline up to and including dismissal for violations.
5. GOVERNMENT REQUESTS FOR DATA
We will only release information about Members to the Transportation Security Administration. Any requests from any law enforcement officials will be directed to TSA. Verified ID has no tracking data about Members to provide to TSA, only basic identity information, and the biometric images captured at enrollment.
6. STRICT LIMITATIONS ON APPLICANT OR MEMBER DATA
A. Neither Verified ID nor its subcontractors, pursuant to legal agreements, sells or gives lists or compilations of the personal data of our members to any business or non-profit organization. We will not provide member information to any affiliated or non-affiliated organizations for marketing. And, Verified ID and its subcontractors will not market to its members apart from its own Clear -related services.
B. Indeed, none of the information that we collect may be used for any purpose outside the operation and maintenance of the Clear Services.
C. We pledge to notify all Members by email of any material changes in our privacy policies, so that they can cancel their Membership if they so decide.
7. MEMBER ACCESS
A Member's Record in the Clear system is a slim file - as already described. However, a Member can request a copy of everything that Verified ID and its subcontractors have in their information systems files for the Clear Program identified to the Member personally, and Verified ID and its subcontractors will provide this information.
8. IF THERE IS AN UNAPPROVED SECURITY THREAT ASSESSMENT BY TSA
A. As already noted, we will securely transmit the biographic and biometric information provided to us in the Clear application process to TSA so that it can conduct a Security Threat Assessment during the application process and periodically throughout the duration of the Program.
B. If we are informed that an Applicant receives an "Unapproved Security Threat Assessment," we will inform the Applicant by e-mail within three (3) days.
C. If we are informed that a Member is no longer approved for Clear Membership, we will deactivate his or her Clear Card and inform the Member within three (3) business days of his or her change of status.
9. COMPLIANCE WITH OUR POLICIES
To assure Members and potential members that Verified ID is following its Privacy and Fair Information Practices Policies faithfully, we have adopted five safeguard processes:
A. Annual Privacy Audit.
We have our Chief Privacy Officer conduct a yearly privacy and data security audit, with her report presented to Verified ID's CEO and its Board of Directors. This Annual Audit, including any problems identified and steps to be taken to resolve those, is made available to Verified ID members wishing to have this.
B. Independent Auditor.
To provide an independent professional and technical review of Verified ID's fidelity to its Privacy and Fair Information Practices Policies, including our data security procedures, Verified ID has commissioned an annual outside audit from Ernst and Young. That professional audit, and Verified ID's response to it, will be available to Verified ID Members and the public who wish to see it. This privacy audit will include audits of any Verified ID or Lockheed Martin subcontractors who are collecting or maintaining our data.
C. Identity Theft Warranty.
Verified ID has put in place what we believe to be strong, effective measures to protect the security of the limited information it collects from Members. Because we have implemented these measures and because the public is rightfully concerned about identity theft, Verified ID makes the following promise to all Members: In the highly unlikely event that a Member is the victim of identity theft (defined as the taking of a member's personal information so that fraudulent transactions are made in the Member's name) that is the result of any unauthorized dissemination by Verified ID or its subcontractors, or theft from Verified ID or its subcontractors, of the Member's personal data collected by Verified ID, Verified ID will reimburse the member for any otherwise unreimbursable monetary costs directly resulting from such Identity Theft. In addition, Verified ID will, at its own expense, offer any such Member assistance in restoring the integrity of the Member's financial or other accounts.
D. Privacy Ombudsman.
Finally, Verified ID has appointed an independent, outside Privacy Ombudsman, Law Professor Paul Schwartz, noted privacy expert and advocate. He will be identified to Members as the person to contact if a Member has a privacy complaint or privacy problem with administration of the Verified ID system or fidelity to our published Privacy Policies. The Independent Privacy Ombudsman is empowered to investigate all privacy complaints, gather the facts, and respond to Members, as well as to post responses publicly and prominently on our website. He will also provide Verified ID's management with recommendations for resolving disputes in keeping with our Privacy promises. TSA will be notified of any suspected or actual privacy breaches or incidents. The Ombudsman can be contacted at www.flyclear.com
E. Notice of Improper Dissemination of Private Information.
Finally, we promise all Members that we will notify them promptly as soon as we suspect that any of their private information might have been improperly disseminated, thus triggering their Identity Theft Warranty. TSA will be notified of any suspected or actual privacy breaches or incidents.
++++++++++++++++++
This is the U.S. Transportation Security Administration's Privacy Policy as it relates to the Registered Traveler Pilot Program. A copy will be distributed to applicants at enrollment.
TSA Privacy Act Notice
Authority: 49 U.S.C. 114 authorizes collection of this information.
Purpose: TSA is collecting this information from individuals who are applying to participate in a pilot of TSA's Registered Traveler program. TSA will use this information to verify your identity, to conduct a security threat assessment, and, if you are accepted into the pilot, to issue a "smart card" to you that will identify you as a Registered Traveler. Furnishing this information is voluntary, however, failure to provide it may delay or prevent the completion of your security threat assessment, without which you may not be permitted to participate in this program.
Routine Uses: The information will be used by and disclosed to TSA personnel and contractors or other agents who need the information to assist in the operation of the Registered Traveler pilot. Additionally, TSA may share your information with airports and airlines to the extent necessary to ensure proper identification, ticketing, security screening, and boarding of Registered Travelers. TSA may disclose information to appropriate law enforcement or other government agencies as necessary to identify and respond to outstanding criminal warrants or potential threats to transportation security. TSA may also disclose information pursuant to its published system of records notice.
Effective as of June 21, 2005
|
|
