The number of protection laws around the globe illustrates the need to treat people’s personal information with respect.
Government agencies and other institutions such as airlines need information to fight crime, protect health and property and regulate the social and economic well-being of the population. On the other hand, people want protection against the abuse of their personal information. The laws try to reconcile the needs and the protection.
The UK’s Equality and Human Rights Commission has called for a simplification of the regulatory framework at least in the UK “so that any need for personal information has to be clearly justified by the organisation that wants it”.
In the airline industry, passengers, especially those travelling to and from the US, must provide personal information in compliance with the US government’s Secure Flight programme designed to keep terrorists off planes. Passengers booking flights online give a large amount of personal information. Travel agencies collect vast amounts of personal information.
Most of the personal information in the airline industry crosses borders. It is stored on servers and in “clouds” – virtual pools of storage that are hosted by a network. This processing of personal information is subject to strict regulation in most jurisdictions. However, concerns have been raised, especially about the security of “cloud” storage after hackers gained access at Sony, Citibank, IMF and other institutions.
The sensitive treatment of personal information in the airline industry has so far been good and no major breach of legislation has been publicly reported. This certainly is a pat on the back for the airline industry.
The acid test will come in the form of challenges regarding the security of the storage of personal information, the cross-border transfer of information and for how long players in the industry may store personal information.
l Coetzee is director of employment practice at Cliffe Dekker Hofmeyr. - Saturday Star