At every step of the flying process, airlines receive a large amount of data about each passenger who boards the flight — from basic identifying information such as one's name, gender and age to the email one uses to log into in-flight Wi-Fi and one's passport number for international flights.
As this opens up the risk of both data breaches and misuse by bad actors, the U.S. Department of Justice (DOJ) announced that it will conduct its first large-scale review into how the country's airlines collect and store data.
Related: These airports officially have the worst Wi-Fi
The review, which will take place over the coming months, will be conducted by DOT’s Office of Aviation Consumer Protection (OACP) which will look at both the "big three" airlines of United (UAL) , Delta Air Lines (DAL) and American Airlines (AAL) alongside budget carriers such as Spirit Airlines (SAVE) , Frontier (FRON) , JetBlue Airways (JBLU) and Allegiant Air.
'Ensure airlines are being good stewards of sensitive passenger data...'
"Airline passengers should have confidence that their personal information is not being shared improperly with third parties or mishandled by employees," Transportation Secretary Pete Buttigieg announced in a statement. "This review of airline practices is the beginning of a new initiative by DOT to ensure airlines are being good stewards of sensitive passenger data."
More Travel:
- A new travel term is taking over the internet (and reaching airlines and hotels)
- The 10 best airline stocks to buy now
- Airlines see a new kind of traveler at the front of the plane
Each U.S.-based commercial carrier has already received a letter from the DOT requesting documents that show its policies and procedures for collecting passenger data, any passenger complaints that employees or contractors mishandled personal information and documents around privacy training for its staff.
The initiative was pushed forward by Sen. Ron Wyden.(D-Ore.) who said that travelers "often never know that their personal data was misused or sold to shady data brokers" and that "effective privacy regulation cannot depend on consumer complaints to identify corporate abuses."
Senator Wyden: DOT needs accountability for those 'responsible for harmful or negligent privacy practices'
"I will continue to work with DOT to ensure that it is holding the airlines responsible for harmful or negligent privacy practices," Wyden said further.
The DOT, in turn, said that any "evidence of problematic practices" will inform how it should "take action, which could mean investigations, enforcement actions, guidance, or rulemaking." The review is not meant to single out certain airlines or specifically find wrongdoing but to start what it plans to be "periodic reviews of airline privacy practices to ensure that carriers adequately protect consumers’ personal information and follow the law."
In many cases, breaches occur due to the airline not taking proper steps to ensure that customer data it collects for genuine purposes does not then fall into the hands of hackers and other bad actors.
One of the most high-profile data breaches in the aviation world occurred when, in June 2023, hackers stole emails, passwords and other personal information of more than 8,000 job-seekers applying to be pilots at American Airlines and Southwest Airlines (LUV) .
The investigation is among a number of changes to consumer data that the Biden administration has been trying to push forth for both airlines and companies in general — some proposals include a change to the COPPA rule that would introduce stricter rules for both collecting and monetizing on data from children under 18.