Introduction
Information about an individual or entity is always considered private unless the person in question whether natural or artificial sees it appropriate to disclose it. Data protection covers more of the relationship between collection, processing and dissemination of data. It can be defined simply as the prevention of misuse of information collected from a person or an entity. In our case, the information is personal information collected from an individual before traveling in air. There has to be some physical or technical measures to guard against unauthorized access to this personal data. This personal data may involve things like; the name of the person, his or her origin, his financial status, his mission and even the race and attachment to a group or religion. The purpose of the data protection is to protect the individual from being mishandled as a result of this information. (Ethics, Privacy, and Data Protection 2007).
Questions like who should handle which personal data and where should the data be transmitted to will always find their answers in data protection policies. Different countries have different data protection laws. Some like the US have the information act, the EU has the data protection act and others have different laws. For example, in 2003, the US decided to follow the freedom information act FOIA in disclosing any personal data upon request.
How does data protection in European community compare with data protection in the U.S.A.? The two have very different data protection laws and their policies differ in all aspects including the kind of data to be protected and the consequences for violating such laws. The history of data protection in the European community is based from experience from the World War 2 while that of the U.S. is simply based on preventing fraud theft and terrorism.
The EU data protection law covers a wider area than the US. In the US, the data considered is very personal; they are only concerned with the personal data of the customers. The EU on the other hand have a concept known as data ‘subjects’ which ensures that the information about personal data of the customers’ employees, customers, suppliers and all contacts is put to consideration. Enforcement of the data protection law is quite different in these two countries. It is more definite and defined in the US than in the EU. In fact, most of the law violations in the EU go unpunished unlike the US where even a slight violation is published and punished. This is so because of the broad scope of the law in the EU and lack of resources. Whenever there is a security breach in the EU, notification does not reach each affected person unlike in the US where each affected individual is notified. (Elizabeth 2007).
Discussion
Personal data is private unless the individual has given consent to its processing and handling. In one of the acts on data protection, the US agreed with the EU that personal information concerning racial or ethnic origin, political opinions, religious or other beliefs, trade union membership, health, sex life, and criminal convictions should be disclosed. This is categorized as sensitive data, and the main question is, suppose the data subject doesn’t want the data to be disclosed? What will happen? Is it going to be released with out his consent? And if this is done, does it not go against the law of right to privacy which states that every body has a right to determine which information should be disclosed, to who and for what purpose? It makes the whole issue an ethical dilemma. This is because an individual might see an opportunity to benefit from this situation by making ones restricted data available in return for a fee, one may argue that this is legal but is it ethical. Are people happy with the amount of information collected, stored, manipulated, and transmitted by the air line operators about them before they travel? (Simon 1999).
The United States ordered all international airlines to provide detailed information about their passengers to the government. This information contain sensitive data –about the travelers including; name, address, flight number, credit card number, and choice of meal. It was a security measure after the September 11 bombing. The directive provides a challenge in the air line industry. In one aspect, they must ensure that their passengers’ data is kept secure, in the other hand they must comply with the US security measure. (John 2009).
The European air lines are concerned that providing access to the information to the US would violate their privacy laws. Human rights organizations are also raising concerns on the same issue and they criticize the air lines for failing to follow the stipulations in the privacy act. European airlines have petitioned their governments to clarify the airline’s obligations. The EU court advisor for example advised that giving airline data to US is illegal. That was back 2005. (Edward 2005).
Protests are being held world wide against the surveillance of air travelers, collection of telecommunication data, and biometric registration of citizens. One protest was held in 11 October 2008 under the slogan “freedom not fear”. Passengers claim that they are kept for a long time in the US airports. These are some of the issues the airlines are addressing. They are searching for a better information policy to inform all passengers about their rights and how their data are processed by the US authorities. The passengers should know why the data is being collected and how it will be processed. This duty is placed upon the airlines to educate their employees on data protection. (2008).
The airlines should ensure that their staff is trained in how to collect the data, how to relay it to the US and how to cope with customers in case there are problems in collecting the same. A case study of the Lufthansa German airlines will help us understand better such training. A new employer should be trained on these issues before beginning duty. The privacy statement of the airline regards protection of personal information very important. (Lufthansa training 2009).
The trainees need to know the meaning and purpose of data protection. They are sensitized that customers have to know and decide who is to handle the data and where the data might be relayed to. Though they are supposed to comply with the Germany data protection law, they are encouraged to be able to decide when to pass the information to a third party like the spouse and other persons. They are supposed to do some plausibility check which determines whether the person has the legal authority to access the information or not. (Privacy news highlights 2008).
The plausibility check looks for details like, does the person seeking the information have a personal relationship with the person who is traveling, may be a relative or an employee? And if there is a relationship, does he know some essential details of the travel data and why does he or she need such details. They are then trained on the meaning of terms like personal data, controller, third party receiver. (Cirrus Airlines 2008).
They are supposed to understand the confidentiality statement which states that any body handling data should maintain the confidentiality of the data during and after their work in the airline industry. They are trained on the reasons why many employees violate regulations governing data processing including intention, negligence, inexperience and curiosity. They are then informed on the possible offences and the fines there in after committing such crimes. Another element here is on whose information should be protected. New trainees are also provided with information about when personal data might be processed. For example data can be availed when the federal data protection law or other laws allow its processing and utilization, when the data subject gives permission, when there is a contract between the controller and the data subject, if the personal data is generally accessible, or when one has done a plausibility check and found it appropriate to do so. (Lufthansa training 2009).
They should also know the rights of the data subjects. They are trained that the data subject is entitled to make inquiries about his data free of charge, have any incorrect data corrected or deleted, or have data disabled. They are supposed to ensure data security that is to ensure that the data is protected from lose, destruction and misuse which is done by ensuring that rooms, cabinets, and PCs are locked when possible, that data is not copied or taken home unless its for duty purposes, that storage media is properly disposed, that passwords are handled well and that data is only availed when necessary.
Another element of their training is about data transfer. Data should only be disclosed to the data subject, and to a third party if there is permission from the law or from the data subject. Details on why the data is needed should be in written form and also feedback must be written. If courts, companies and other corporate bodies need any information, they should do so through writing and they should provide a legal basis for their request of information. (Wyatt 2008).
Whenever data cannot be availed, the controller is trained to explain why this is so. They should give adequate reasons for withholding that information. Incase sensitive information is passed out accidentally; they are trained on what to do. They are trained never to cover up anything as this may lead to more troubles. There is also training on who should disclose information. That not everybody is allowed to disclose the information even when allowed by the law or the person concerned.
The last bit of their training is why passenger data is so sensitive. That data disclosed will affect the customers’ privacy and it may also lead to undue competition from competitors. In general, they have a knowledge that data protection is necessary as a standard service element of the customer orientation, as a social responsibility of the airline and in order to comply with statutory regulations. This is the course of a new trainee in the Lufthansa airline on how to protect personal data. (Lufthansa training 2009).
Whenever information gets in the hands of more than one person, it ceases to become secret and it can be conveyed to so many people within a very short time. This is the greatest challenge as far as the protection of data is concerned. Both new and existing employees pose a great threat to the safe guarding of this information in the airline industry. Some employees will disclose the information about VIP passengers by a way of gossip. They may tell their friends the travel plans of that person which is a breach of the law. The consequences there after may be overwhelming. It will always remain a challenge on how to keep their mouths shut on this important information. (Linda 2006).
The training of new employees in Lufthansa offers in depth information on how to ensure that the personal data is secure and protected. Due to ignorance and negligence, some employees will fail to observe these precautions and disclose information without proper security verifications. Though there are stipulated fines for such an offense, it will be hard to determine whether it was intentional or accidental. Information will always go out of control accidentally. The team leader should always be prepared to tackle such an occurrence.
The greatest challenge is to educate both new and existing employees on when to access personal data, for whom, and under what conditions. Continuous seminars should be available to create awareness of the importance of maintaining data protection at all times. Employees should be reminded of the existing legal actions against those who disclose personal information without proper procedures. (Lufthansa training 2009).
Conclusion
In general, data protection in relation to the airline industry is a complicated issue. It is made more complicated by the various acts concerning the same by different governments. There is a contradiction between the policies. For example, there exists an agreement between US and the EU that personal data of the passengers should be availed whenever necessary, on the other hand the law gives right to safeguarding of personal information. Corruption may also lead to disclosure of personal information by the employees handling such data. The world should seek to establish better rules and regulations to safeguard the personal data of passengers while at the same time working to curb terrorism. (2008).
Works cited
Cirrus Airlines, Privacy and data security, 2008, Web.
Elizabeth H. Johnson. Data protection law in the European Union. 2007. Web.
Ethics, Privacy, and Data Protection, 2007. Web.
Edward Hasbrouck’s, US require passenger details from international airlines. The Practical Nomad, 2005.
John Leyden. Airline passenger data deal struck 2006.
Lufthansa airline. Access to reservation information by US homeland security authorities. 2009. Web.
Lufthansa, Data protection introduction, Power point presentation. 2009.
Simon Rogersburg. “Privacy and new data protection act”. Ethical IMIS journal Vol.9 No.6, 1999. Web. 2009.
Privacy news highlights. EU-Art 29 working party issues opinion on transfer of PNR to US authorities. 2008.
“Freedom not Fear”: Worldwide protests against surveillance 2008. Web.
Linda D Koontz. Privacy: Key challenges facing federal agencies. 2006.
Wyatt Kash, U.S, EU agree on data protection framework. 2008.